Search criteria
3 vulnerabilities found for fastgate by fastweb
VAR-201805-1046
Vulnerability from variot - Updated: 2025-01-30 20:46Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. Fastweb FASTgate Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fastweb FASTgate is a router device produced by Italian Fastweb company. A cross-site request forgery vulnerability exists in Fastweb FASTgate version 0.00.47. Remote attackers can exploit this vulnerability to change configurations, such as changing Wi-Fi passwords
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "fastgate",
"scope": "eq",
"trust": 2.4,
"vendor": "fastweb",
"version": "0.00.47"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
},
{
"db": "NVD",
"id": "CVE-2018-6023"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fastweb:fastgate_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
}
]
},
"cve": "CVE-2018-6023",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2018-6023",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-136055",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2018-6023",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-6023",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-6023",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-395",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-136055",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-6023",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "VULMON",
"id": "CVE-2018-6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
},
{
"db": "NVD",
"id": "CVE-2018-6023"
}
]
},
"description": {
"_id": null,
"data": "Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc. Fastweb FASTgate Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Fastweb FASTgate is a router device produced by Italian Fastweb company. A cross-site request forgery vulnerability exists in Fastweb FASTgate version 0.00.47. Remote attackers can exploit this vulnerability to change configurations, such as changing Wi-Fi passwords",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "VULMON",
"id": "CVE-2018-6023"
}
],
"trust": 1.8
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-136055",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44606",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "VULMON",
"id": "CVE-2018-6023"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-6023",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "147571",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "44606",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395",
"trust": 0.6
},
{
"db": "OTHER",
"id": "NONE",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-136055",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-6023",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "VULMON",
"id": "CVE-2018-6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
},
{
"db": "NVD",
"id": "CVE-2018-6023"
}
]
},
"id": "VAR-201805-1046",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-136055"
}
],
"trust": 0.7625
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"network device"
],
"sub_category": "modem",
"trust": 0.1
}
],
"sources": [
{
"db": "OTHER",
"id": null
}
]
},
"last_update_date": "2025-01-30T20:46:48.126000Z",
"patch": {
"_id": null,
"data": [
{
"title": "FASTGATE",
"trust": 0.8,
"url": "https://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/"
},
{
"title": "FASTGate-RCE",
"trust": 0.1,
"url": "https://github.com/tgragnato/FASTGate-RCE "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "NVD",
"id": "CVE-2018-6023"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.6,
"url": "http://packetstormsecurity.com/files/147571/fastweb-fastgate-0.00.47-cross-site-request-forgery.html"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/44606/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6023"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6023"
},
{
"trust": 0.1,
"url": "https://ieeexplore.ieee.org/abstract/document/10769424"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://github.com/tgragnato/fastgate-rce"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "OTHER",
"id": null
},
{
"db": "VULHUB",
"id": "VHN-136055"
},
{
"db": "VULMON",
"id": "CVE-2018-6023"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
},
{
"db": "NVD",
"id": "CVE-2018-6023"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "OTHER",
"id": null,
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-136055",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-6023",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005014",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201805-395",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-6023",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-136055",
"ident": null
},
{
"date": "2018-05-11T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6023",
"ident": null
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005014",
"ident": null
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-395",
"ident": null
},
{
"date": "2018-05-11T21:29:00.380000",
"db": "NVD",
"id": "CVE-2018-6023",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-06-14T00:00:00",
"db": "VULHUB",
"id": "VHN-136055",
"ident": null
},
{
"date": "2018-06-14T00:00:00",
"db": "VULMON",
"id": "CVE-2018-6023",
"ident": null
},
{
"date": "2018-07-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005014",
"ident": null
},
{
"date": "2018-05-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-395",
"ident": null
},
{
"date": "2024-11-21T04:09:55.030000",
"db": "NVD",
"id": "CVE-2018-6023",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Fastweb FASTgate Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005014"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-395"
}
],
"trust": 0.6
}
}
VAR-201902-0726
Vulnerability from variot - Updated: 2024-11-23 22:30The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. FASTGate Fastweb The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201902-0726",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fastgate",
"scope": "lte",
"trust": 1.8,
"vendor": "fastweb",
"version": "1.0.1b"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fastweb:fastgate_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
}
]
},
"cve": "CVE-2018-20122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-20122",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-130897",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-20122",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-20122",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-20122",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201902-816",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-130897",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-20122",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on FASTGate Fastweb devices with firmware through 0.00.47_FW_200_Askey 2017-05-17 (software through 1.0.1b) exposed a CGI binary that is vulnerable to a command injection vulnerability that can be exploited to achieve remote code execution with root privileges. No authentication is required in order to trigger the vulnerability. FASTGate Fastweb The device firmware contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-20122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "VULMON",
"id": "CVE-2018-20122"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-20122",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201902-816",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-130897",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-20122",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"id": "VAR-201902-0726",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-130897"
}
],
"trust": 0.6625
},
"last_update_date": "2024-11-23T22:30:08.402000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FASTGATE",
"trust": 0.8,
"url": "https://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.horizonsecurity.it/advisories/?a=12\u0026title=fastweb+fastgate+router+101b+remote+code+execution++cve201820122"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20122"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-20122"
},
{
"trust": 0.1,
"url": "http://www.horizonsecurity.it/advisories/?a=12\u0026amp;title=fastweb+fastgate+router+101b+remote+code+execution++cve201820122"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-130897"
},
{
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-02-21T00:00:00",
"db": "VULHUB",
"id": "VHN-130897"
},
{
"date": "2019-02-21T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"date": "2019-02-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"date": "2019-02-21T14:29:00.313000",
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-130897"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-20122"
},
{
"date": "2019-03-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-014614"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201902-816"
},
{
"date": "2024-11-21T04:00:53.933000",
"db": "NVD",
"id": "CVE-2018-20122"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "FASTGate Fastweb Command injection vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-014614"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201902-816"
}
],
"trust": 0.6
}
}
VAR-201911-0621
Vulnerability from variot - Updated: 2024-11-23 22:05Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. Fastweb FASTGate The device contains an information disclosure vulnerability.Information may be obtained. Fastweb FASTGate is a modem from Fastweb, Italy
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-0621",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fastgate",
"scope": "eq",
"trust": 1.8,
"vendor": "fastweb",
"version": "1.0.1b"
},
{
"model": "fastgate 1.0.1b",
"scope": null,
"trust": 0.6,
"vendor": "fastweb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:fastweb:fastgate_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
}
]
},
"cve": "CVE-2019-18661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-18661",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-40097",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2019-18661",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-18661",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-18661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-18661",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-40097",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-037",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fastweb FASTGate 1.0.1b devices allow partial authentication bypass by changing a certain check_pwd return value from 0 to 1. An attack does not achieve administrative control of a device; however, the attacker can view all of the web pages of the administration console. Fastweb FASTGate The device contains an information disclosure vulnerability.Information may be obtained. Fastweb FASTGate is a modem from Fastweb, Italy",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-18661"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNVD",
"id": "CNVD-2019-40097"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-18661",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-40097",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"id": "VAR-201911-0621",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
}
],
"trust": 1.1625
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
}
]
},
"last_update_date": "2024-11-23T22:05:56.821000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FASTGATE",
"trust": 0.8,
"url": "https://www.fastweb.it/adsl-fibra-ottica/dettagli/modem-fastweb-fastgate/"
},
{
"title": "Patch for Fastweb FASTGate Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/189583"
},
{
"title": "Fastweb FASTGate Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=101820"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "CWE-200",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://github.com/angeloanatrella86/cve-2019/blob/master/index.md"
},
{
"trust": 2.2,
"url": "https://angeloanatrella86.github.io/cve-2019/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-18661"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"date": "2019-11-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"date": "2019-11-02T02:15:10.827000",
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-40097"
},
{
"date": "2019-11-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011520"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-037"
},
{
"date": "2024-11-21T04:33:28.710000",
"db": "NVD",
"id": "CVE-2019-18661"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Fastweb FASTGate Information disclosure vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011520"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-037"
}
],
"trust": 0.6
}
}