CVE-2018-19524

Exploit

EPSS 32.17%
Veröffentlicht 21.03.2019 16:00:31
Zuletzt bearbeitet 21.11.2024 03:58:05
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Skyworthdigital ≫ Dt740 Firmware Versionsdotbgn1

Skyworthdigital ≫ Dt740 Version-

Skyworthdigital ≫ Dt721-cb Firmware Versionsdotbgn1

Skyworthdigital ≫ Dt721-cb Version-

Skyworthdigital ≫ Dt741-cb Firmware Versionsdotbgn1

Skyworthdigital ≫ Dt741-cb Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.17%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://packetstormsecurity.com/files/151608/Skyworth-GPON-HomeGateways-Optical-Network-Stack-Overflow.html

Third Party Advisory

Exploit

VDB Entry

http://seclists.org/fulldisclosure/2019/Feb/30

Third Party Advisory

Exploit

Mailing List

https://s3curityb3ast.github.io/KSA-Dev-001.md

https://seclists.org/bugtraq/2019/Feb/21

Third Party Advisory

Exploit