Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities found for esp-200_firmware by eltex
CVE-2018-15360 (GCVE-0-2018-15360)
Vulnerability from nvd – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An attacker without authentication can login with default credentials for privileged users
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker without authentication can login with default credentials for privileged users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15360",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15359 (GCVE-0-2018-15359)
Vulnerability from nvd – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15359",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15358 (GCVE-0-2018-15358)
Vulnerability from nvd – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15358",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15357 (GCVE-0-2018-15357)
Vulnerability from nvd – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can extract password hash information for all users
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can extract password hash information for all users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15357",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15356 (GCVE-0-2018-15356)
Vulnerability from nvd – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker can execute arbitrary code using command ejection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:02.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker can execute arbitrary code using command ejection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15356",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:02.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15356 (GCVE-0-2018-15356)
Vulnerability from cvelistv5 – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker can execute arbitrary code using command ejection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:02.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker can execute arbitrary code using command ejection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15356",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:02.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15359 (GCVE-0-2018-15359)
Vulnerability from cvelistv5 – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15359",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15358 (GCVE-0-2018-15358)
Vulnerability from cvelistv5 – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15358",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15357 (GCVE-0-2018-15357)
Vulnerability from cvelistv5 – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An authenticated attacker with low privileges can extract password hash information for all users
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can extract password hash information for all users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15357",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15360 (GCVE-0-2018-15360)
Vulnerability from cvelistv5 – Published: 2018-08-17 15:00 – Updated: 2024-08-05 09:54
VLAI?
Summary
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
Severity ?
No CVSS data available.
CWE
- An attacker without authentication can login with default credentials for privileged users
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Affected:
1.2.0
|
Date Public ?
2018-08-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker without authentication can login with default credentials for privileged users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15360",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}