CVE-2018-15124

EPSS 0.37%
Published 13.08.2018 21:48:01
Last modified 21.11.2024 03:50:21
Source vulnerability@kaspersky.com
Teams watchlist Login
Open Login

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Zipato ≫ Zipabox Firmware Version118

Zipato ≫ Zipabox Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.37%	0.558

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-326 Inadequate Encryption Strength

The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2018-15124

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-15124

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-15124

EUVD