Search

Find a vulnerability

Search criteria

    1 vulnerability found for 4gee by ee

    VAR-201810-0085

    Vulnerability from variot - Updated: 2024-11-23 22:51

    An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the "core_app" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the "AP Isolation" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. EE 4GEE The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EE4GEEHH70HomeRouter is a home router. The EE4GEEHH70HomeRouter has a hard-coded RootSSH credential vulnerability. EE 4GEE HH70VB-2BE8GB3 is a home gateway product

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201810-0085",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "4gee",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "ee",
            "version": "hh70_e1_02.00_19"
          },
          {
            "model": "4gee wifi",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "ee",
            "version": "hh70vb-2be8gb3 hh70_e1_02.00_19"
          },
          {
            "model": "limited 4gee router hh70vb-2be8gb3 hh70 e1 02.00 19",
            "scope": null,
            "trust": 0.6,
            "vendor": "ee",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/o:ee:4gee_wifi_mbb_firmware",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          }
        ]
      },
      "cve": "CVE-2018-10532",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "CVE-2018-10532",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2018-22245",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 8.3,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 6.5,
                "id": "VHN-120301",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "id": "CVE-2018-10532",
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2018-10532",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2018-10532",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2018-22245",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201810-1438",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-120301",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "An issue was discovered on EE 4GEE HH70VB-2BE8GB3 HH70_E1_02.00_19 devices. Hardcoded root SSH credentials were discovered to be stored within the \"core_app\" binary utilised by the EE router for networking services. An attacker with knowledge of the default password (oelinux123) could login to the router via SSH as the root user, which could allow for the loss of confidentiality, integrity, and availability of the system. This would also allow for the bypass of the \"AP Isolation\" mode that is supported by the router, as well as the settings for multiple Wireless networks, which a user may use for guest clients. EE 4GEE The device contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The EE4GEEHH70HomeRouter is a home router. The EE4GEEHH70HomeRouter has a hard-coded RootSSH credential vulnerability. EE 4GEE HH70VB-2BE8GB3 is a home gateway product",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          }
        ],
        "trust": 2.25
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-10532",
            "trust": 3.1
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245",
            "trust": 0.6
          },
          {
            "db": "PACKETSTORM",
            "id": "150100",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "id": "VAR-201810-0085",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          }
        ]
      },
      "last_update_date": "2024-11-23T22:51:59.434000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "4GEE WiFi",
            "trust": 0.8,
            "url": "https://ee.co.uk/help/help-new/home-broadband-ee-tv-home-phone-and-4gee-wifi/4gee-wifi/getting-started-on-4gee-wifi"
          },
          {
            "title": "EE4GEEHH70HomeRouter Hardcoded Patch for RootSSH Credential Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/143525"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.5,
            "url": "https://blog.jameshemmings.co.uk/2018/10/24/4gee-hh70-router-vulnerability-disclosure/"
          },
          {
            "trust": 1.7,
            "url": "https://www.theregister.co.uk/2018/10/26/ee_4gee_hh70_ssh_backdoor/"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10532"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10532"
          },
          {
            "trust": 0.6,
            "url": "https://seclists.org/fulldisclosure/2018/oct/52"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-10-31T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "date": "2018-10-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "date": "2018-10-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "date": "2018-10-30T18:29:00.330000",
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2018-11-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2018-22245"
          },
          {
            "date": "2019-01-30T00:00:00",
            "db": "VULHUB",
            "id": "VHN-120301"
          },
          {
            "date": "2019-03-11T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          },
          {
            "date": "2019-04-01T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          },
          {
            "date": "2024-11-21T03:41:30.490000",
            "db": "NVD",
            "id": "CVE-2018-10532"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "specific network environment",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "EE 4GEE Vulnerabilities related to the use of hard-coded credentials on devices",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-014070"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201810-1438"
          }
        ],
        "trust": 0.6
      }
    }