Advertisement
Guest User

Untitled

a guest
Apr 21st, 2020
10,275
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.41 KB | None | 0 0
  1. > [Suggested description]
  2. > IQrouter through 3.3.1, when unconfigured, has
  3. > multiple remote code execution vulnerabilities in the
  4. > web-panel because of Bash Shell Metacharacter Injection.
  5. >
  6. > ------------------------------------------
  7. >
  8. > [Additional Information]
  9. > Evenroute didn't send a reply at my several emails to their support center.
  10. >
  11. > ------------------------------------------
  12. >
  13. > [VulnerabilityType Other]
  14. > Shell Metacharacter Injection
  15. >
  16. > ------------------------------------------
  17. >
  18. > [Vendor of Product]
  19. > Evenroute
  20. >
  21. > ------------------------------------------
  22. >
  23. > [Affected Product Code Base]
  24. > IQrouter - up to 3.3.1
  25. >
  26. > ------------------------------------------
  27. >
  28. > [Affected Component]
  29. > Luci web-server
  30. >
  31. > ------------------------------------------
  32. >
  33. > [Attack Type]
  34. > Remote
  35. >
  36. > ------------------------------------------
  37. >
  38. > [Impact Code execution]
  39. > true
  40. >
  41. > ------------------------------------------
  42. >
  43. > [Impact Denial of Service]
  44. > true
  45. >
  46. > ------------------------------------------
  47. >
  48. > [Impact Escalation of Privileges]
  49. > true
  50. >
  51. > ------------------------------------------
  52. >
  53. > [Impact Information Disclosure]
  54. > true
  55. >
  56. > ------------------------------------------
  57. >
  58. > [Attack Vectors]
  59. > Attacker can exploit multiple bash code execution vulnerabilities remotely and gain root privileges.
  60. >
  61. > ------------------------------------------
  62. >
  63. > [Reference]
  64. > https://evenroute.com/
  65. >
  66. > ------------------------------------------
  67. >
  68. > [Discoverer]
  69. > Ilya Shaposhnikov
  70.  
  71. Use CVE-2020-11963.
  72.  
  73.  
  74. > [Suggested description]
  75. > In IQrouter through 3.3.1,
  76. > the Lua function diag_set_password in the web-panel
  77. > allows remote attackers to change the root password arbitrarily.
  78. >
  79. > ------------------------------------------
  80. >
  81. > [Additional Information]
  82. > Evenroute didn't send a reply at my several emails to their support center.
  83. >
  84. > ------------------------------------------
  85. >
  86. > [Vulnerability Type]
  87. > Incorrect Access Control
  88. >
  89. > ------------------------------------------
  90. >
  91. > [Vendor of Product]
  92. > Evenroute
  93. >
  94. > ------------------------------------------
  95. >
  96. > [Affected Product Code Base]
  97. > IQrouter - up to 3.3.1
  98. >
  99. > ------------------------------------------
  100. >
  101. > [Affected Component]
  102. > Luci web-server
  103. >
  104. > ------------------------------------------
  105. >
  106. > [Attack Type]
  107. > Remote
  108. >
  109. > ------------------------------------------
  110. >
  111. > [Impact Escalation of Privileges]
  112. > true
  113. >
  114. > ------------------------------------------
  115. >
  116. > [Attack Vectors]
  117. > Attacker can exploit this vulnerability for changing root password to arbitrary and authorize to IQrouter using SSH protocol.
  118. >
  119. > ------------------------------------------
  120. >
  121. > [Reference]
  122. > https://evenroute.com/
  123. >
  124. > ------------------------------------------
  125. >
  126. > [Discoverer]
  127. > Ilya Shaposhnikov
  128.  
  129. Use CVE-2020-11964.
  130.  
  131.  
  132. > [Suggested description]
  133. > In IQrouter through 3.3.1, there is a
  134. > root user without a
  135. > password, which allows attackers to gain full remote access via SSH.
  136. >
  137. > ------------------------------------------
  138. >
  139. > [Additional Information]
  140. > Evenroute didn't send a reply at my several emails to their support center.
  141. >
  142. > ------------------------------------------
  143. >
  144. > [VulnerabilityType Other]
  145. > Embedded credentials
  146. >
  147. > ------------------------------------------
  148. >
  149. > [Vendor of Product]
  150. > Evenroute
  151. >
  152. > ------------------------------------------
  153. >
  154. > [Affected Product Code Base]
  155. > IQrouter - up to 3.3.1
  156. >
  157. > ------------------------------------------
  158. >
  159. > [Affected Component]
  160. > Firmware of IQrouter
  161. >
  162. > ------------------------------------------
  163. >
  164. > [Attack Type]
  165. > Remote
  166. >
  167. > ------------------------------------------
  168. >
  169. > [Impact Code execution]
  170. > true
  171. >
  172. > ------------------------------------------
  173. >
  174. > [Impact Denial of Service]
  175. > true
  176. >
  177. > ------------------------------------------
  178. >
  179. > [Impact Escalation of Privileges]
  180. > true
  181. >
  182. > ------------------------------------------
  183. >
  184. > [Impact Information Disclosure]
  185. > true
  186. >
  187. > ------------------------------------------
  188. >
  189. > [Attack Vectors]
  190. > Attacker can gain full remote control of IQrouter using SSH protocol using root account with empty password.
  191. >
  192. > ------------------------------------------
  193. >
  194. > [Reference]
  195. > https://evenroute.com/
  196. >
  197. > ------------------------------------------
  198. >
  199. > [Discoverer]
  200. > Ilya Shaposhnikov
  201.  
  202. Use CVE-2020-11965.
  203.  
  204.  
  205. > [Suggested description]
  206. > In IQrouter through 3.3.1,
  207. > the Lua function reset_password in the web-panel
  208. > allows remote attackers to change the root password arbitrarily.
  209. >
  210. > ------------------------------------------
  211. >
  212. > [Additional Information]
  213. > Evenroute didn't send a reply at my several emails to their support center.
  214. >
  215. > ------------------------------------------
  216. >
  217. > [Vulnerability Type]
  218. > Incorrect Access Control
  219. >
  220. > ------------------------------------------
  221. >
  222. > [Vendor of Product]
  223. > Evenroute
  224. >
  225. > ------------------------------------------
  226. >
  227. > [Affected Product Code Base]
  228. > IQrouter - up to 3.3.1
  229. >
  230. > ------------------------------------------
  231. >
  232. > [Affected Component]
  233. > Luci web-server
  234. >
  235. > ------------------------------------------
  236. >
  237. > [Attack Type]
  238. > Remote
  239. >
  240. > ------------------------------------------
  241. >
  242. > [Impact Escalation of Privileges]
  243. > true
  244. >
  245. > ------------------------------------------
  246. >
  247. > [Attack Vectors]
  248. > Attacker can exploit this vulnerability for changing root password to arbitrary and authorize to IQrouter using SSH protocol.
  249. >
  250. > ------------------------------------------
  251. >
  252. > [Reference]
  253. > https://evenroute.com/
  254. >
  255. > ------------------------------------------
  256. >
  257. > [Discoverer]
  258. > Ilya Shaposhnikov
  259.  
  260. Use CVE-2020-11966.
  261.  
  262.  
  263. > [Suggested description]
  264. > In IQrouter through 3.3.1,
  265. > remote attackers can
  266. > control the device (restart network, reboot, upgrade, reset) because of Incorrect Access Control.
  267. >
  268. > ------------------------------------------
  269. >
  270. > [Additional Information]
  271. > Evenroute didn't send a reply at my several emails to their support center.
  272. >
  273. > ------------------------------------------
  274. >
  275. > [Vulnerability Type]
  276. > Incorrect Access Control
  277. >
  278. > ------------------------------------------
  279. >
  280. > [Vendor of Product]
  281. > Evenroute
  282. >
  283. > ------------------------------------------
  284. >
  285. > [Affected Product Code Base]
  286. > IQrouter - up to 3.3.1
  287. >
  288. > ------------------------------------------
  289. >
  290. > [Affected Component]
  291. > Luci web-server
  292. >
  293. > ------------------------------------------
  294. >
  295. > [Attack Type]
  296. > Remote
  297. >
  298. > ------------------------------------------
  299. >
  300. > [Impact Code execution]
  301. > true
  302. >
  303. > ------------------------------------------
  304. >
  305. > [Impact Denial of Service]
  306. > true
  307. >
  308. > ------------------------------------------
  309. >
  310. > [Impact Information Disclosure]
  311. > true
  312. >
  313. > ------------------------------------------
  314. >
  315. > [Attack Vectors]
  316. > Attacker can remotely control IQrouter (restart network, reboot, upgrade, reset) without authorization.
  317. >
  318. > ------------------------------------------
  319. >
  320. > [Reference]
  321. > https://evenroute.com/
  322. >
  323. > ------------------------------------------
  324. >
  325. > [Discoverer]
  326. > Ilya Shaposhnikov
  327.  
  328. Use CVE-2020-11967.
  329.  
  330.  
  331. > [Suggested description]
  332. > In the web-panel in IQrouter through 3.3.1,
  333. > remote attackers can
  334. > read system logs because of Incorrect Access Control.
  335. >
  336. > ------------------------------------------
  337. >
  338. > [Additional Information]
  339. > https://evenroute.com/
  340. >
  341. > ------------------------------------------
  342. >
  343. > [Vulnerability Type]
  344. > Incorrect Access Control
  345. >
  346. > ------------------------------------------
  347. >
  348. > [Vendor of Product]
  349. > Evenroute
  350. >
  351. > ------------------------------------------
  352. >
  353. > [Affected Product Code Base]
  354. > IQrouter - up to 3.3.1
  355. >
  356. > ------------------------------------------
  357. >
  358. > [Affected Component]
  359. > Luci web-server
  360. >
  361. > ------------------------------------------
  362. >
  363. > [Attack Type]
  364. > Remote
  365. >
  366. > ------------------------------------------
  367. >
  368. > [Impact Information Disclosure]
  369. > true
  370. >
  371. > ------------------------------------------
  372. >
  373. > [Attack Vectors]
  374. > Attacker can gain system logs with email of IQrouter owner without authorization.
  375. >
  376. > ------------------------------------------
  377. >
  378. > [Reference]
  379. > https://evenroute.com/
  380. >
  381. > ------------------------------------------
  382. >
  383. > [Discoverer]
  384. > Ilya Shaposhnikov
  385.  
  386. Use CVE-2020-11968.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement