Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- > [Suggested description]
- > IQrouter through 3.3.1, when unconfigured, has
- > multiple remote code execution vulnerabilities in the
- > web-panel because of Bash Shell Metacharacter Injection.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > Evenroute didn't send a reply at my several emails to their support center.
- >
- > ------------------------------------------
- >
- > [VulnerabilityType Other]
- > Shell Metacharacter Injection
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Luci web-server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Code execution]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Denial of Service]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Escalation of Privileges]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can exploit multiple bash code execution vulnerabilities remotely and gain root privileges.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11963.
- > [Suggested description]
- > In IQrouter through 3.3.1,
- > the Lua function diag_set_password in the web-panel
- > allows remote attackers to change the root password arbitrarily.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > Evenroute didn't send a reply at my several emails to their support center.
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > Incorrect Access Control
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Luci web-server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Escalation of Privileges]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can exploit this vulnerability for changing root password to arbitrary and authorize to IQrouter using SSH protocol.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11964.
- > [Suggested description]
- > In IQrouter through 3.3.1, there is a
- > root user without a
- > password, which allows attackers to gain full remote access via SSH.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > Evenroute didn't send a reply at my several emails to their support center.
- >
- > ------------------------------------------
- >
- > [VulnerabilityType Other]
- > Embedded credentials
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Firmware of IQrouter
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Code execution]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Denial of Service]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Escalation of Privileges]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can gain full remote control of IQrouter using SSH protocol using root account with empty password.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11965.
- > [Suggested description]
- > In IQrouter through 3.3.1,
- > the Lua function reset_password in the web-panel
- > allows remote attackers to change the root password arbitrarily.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > Evenroute didn't send a reply at my several emails to their support center.
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > Incorrect Access Control
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Luci web-server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Escalation of Privileges]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can exploit this vulnerability for changing root password to arbitrary and authorize to IQrouter using SSH protocol.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11966.
- > [Suggested description]
- > In IQrouter through 3.3.1,
- > remote attackers can
- > control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > Evenroute didn't send a reply at my several emails to their support center.
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > Incorrect Access Control
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Luci web-server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Code execution]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Denial of Service]
- > true
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can remotely control IQrouter (restart network, reboot, upgrade, reset) without authorization.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11967.
- > [Suggested description]
- > In the web-panel in IQrouter through 3.3.1,
- > remote attackers can
- > read system logs because of Incorrect Access Control.
- >
- > ------------------------------------------
- >
- > [Additional Information]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Vulnerability Type]
- > Incorrect Access Control
- >
- > ------------------------------------------
- >
- > [Vendor of Product]
- > Evenroute
- >
- > ------------------------------------------
- >
- > [Affected Product Code Base]
- > IQrouter - up to 3.3.1
- >
- > ------------------------------------------
- >
- > [Affected Component]
- > Luci web-server
- >
- > ------------------------------------------
- >
- > [Attack Type]
- > Remote
- >
- > ------------------------------------------
- >
- > [Impact Information Disclosure]
- > true
- >
- > ------------------------------------------
- >
- > [Attack Vectors]
- > Attacker can gain system logs with email of IQrouter owner without authorization.
- >
- > ------------------------------------------
- >
- > [Reference]
- > https://evenroute.com/
- >
- > ------------------------------------------
- >
- > [Discoverer]
- > Ilya Shaposhnikov
- Use CVE-2020-11968.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement