Search
Find a vulnerability
Search criteria
2 vulnerabilities found for inteno_router_firmware by intenogroup
CVE-2017-11361 (GCVE-0-2017-11361)
Vulnerability from nvd – Published: 2017-07-17 16:00 – Updated: 2024-08-05 18:05
VLAI
EPSS
VEX
Summary
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html | x_refsource_MISC |
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11361",
"datePublished": "2017-07-17T16:00:00.000Z",
"dateReserved": "2017-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:05:30.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-11361 (GCVE-0-2017-11361)
Vulnerability from cvelistv5 – Published: 2017-07-17 16:00 – Updated: 2024-08-05 18:05
VLAI
EPSS
VEX
Summary
Inteno routers have a JUCI ACL misconfiguration that allows the "user" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the "user" password might be "user" or might match the Wi-Fi key.)
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html | x_refsource_MISC |
Date Public
2017-07-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:05:30.530Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-17T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-11361",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Inteno routers have a JUCI ACL misconfiguration that allows the \"user\" account to read files, write to files, and add root SSH keys via JSON commands to ubus. (Exploitation is sometimes easy because the \"user\" password might be \"user\" or might match the Wi-Fi key.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html",
"refsource": "MISC",
"url": "https://neonsea.uk/blog/2017/07/17/cve-2017-11361.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-11361",
"datePublished": "2017-07-17T16:00:00.000Z",
"dateReserved": "2017-07-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:05:30.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}