Vulnerability-Lookup

CVE-2018-1164 (GCVE-0-2018-1164)

Vulnerability from cvelistv5 – Published: 2018-02-21 14:00 – Updated: 2024-08-05 03:51

Summary

Severity

No CVSS data available.

CWE

CWE-306 - Missing Authentication for Critical Function

Assigner

zdi

References

1 reference

URL	Tags
https://zerodayinitiative.com/advisories/ZDI-18-135	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
ZyXEL	ZyXEL P-870H-51 DSL Router	Affected: 1.00(AWG.3)D5

Date Public

2018-01-23 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ZyXEL P-870H-51 DSL Router",
          "vendor": "ZyXEL",
          "versions": [
            {
              "status": "affected",
              "version": "1.00(AWG.3)D5"
            }
          ]
        }
      ],
      "datePublic": "2018-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306-Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-21T13:57:01.000Z",
        "orgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
        "shortName": "zdi"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2018-1164",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "ZyXEL P-870H-51 DSL Router",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "1.00(AWG.3)D5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ZyXEL"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-306-Missing Authentication for Critical Function"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zerodayinitiative.com/advisories/ZDI-18-135",
              "refsource": "MISC",
              "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "99f1926a-a320-47d8-bbb5-42feb611262e",
    "assignerShortName": "zdi",
    "cveId": "CVE-2018-1164",
    "datePublished": "2018-02-21T14:00:00.000Z",
    "dateReserved": "2017-12-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T03:51:48.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-1164",
      "date": "2026-05-29",
      "epss": "0.14805",
      "percentile": "0.94615"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-1164\",\"sourceIdentifier\":\"zdi-disclosures@trendmicro.com\",\"published\":\"2018-02-21T14:29:00.423\",\"lastModified\":\"2024-11-21T03:59:18.997\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.\"},{\"lang\":\"es\",\"value\":\"Esta vulnerabilidad permite que atacantes remotos provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en instalaciones vulnerables de ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Este fallo en concreto existe en numerosos endpoints CGI expuestos. La vulnerabilidad est\u00e1 provocada por controles de acceso incorrectos que permiten el acceso a funciones cr\u00edticas sin autenticaci\u00f3n. Un atacante podr\u00eda emplear esta vulnerabilidad para reiniciar los dispositivos afectados, as\u00ed como llevar a cabo otras acciones. Anteriormente era ZDI-CAN-4540.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"zdi-disclosures@trendmicro.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:zyxel:p-870h-51_firmware:1.00\\\\(awg.3\\\\)d5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF29660-80E3-4815-B895-9B7E7192FB80\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:zyxel:p-870h-51:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03F802BF-D113-4173-ACF3-01B5FFDE04C1\"}]}]}],\"references\":[{\"url\":\"https://zerodayinitiative.com/advisories/ZDI-18-135\",\"source\":\"zdi-disclosures@trendmicro.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://zerodayinitiative.com/advisories/ZDI-18-135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

BDU:2018-00621

Vulnerability from fstec - Published: 21.02.2018

Title

Уязвимость микропрограммного обеспечения маршрутизатора ZyXEL P-870H-51 DSL, связанная с недостатками контроля доступа, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие

Description

Уязвимость микропрограммного обеспечения маршрутизатора ZyXEL P-870H-51 DSL связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании или оказать другое воздействие

Severity


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vendor

Zyxel Communications Corp.

Software Name

ZyXEL P-870H-51 DSL

Software Version

1.00(AWG.3)D5 (ZyXEL P-870H-51 DSL)

Possible Mitigations

Ограничение использования устройства до выпуска обновления микропрограммного обеспечения, устраняющего уязвимость

Reference

https://zerodayinitiative.com/advisories/ZDI-18-135

CWE

CWE-284

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Zyxel Communications Corp.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.00(AWG.3)D5 (ZyXEL P-870H-51 DSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u044f \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430 \u0434\u043e \u0432\u044b\u043f\u0443\u0441\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u0443\u0441\u0442\u0440\u0430\u043d\u044f\u044e\u0449\u0435\u0433\u043e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "21.02.2018",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.05.2018",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00621",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-1164",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0443\u0435\u0442",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0430\u0440\u0445\u0438\u0442\u0435\u043a\u0442\u0443\u0440\u044b",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "ZyXEL P-870H-51 DSL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 ZyXEL P-870H-51 DSL, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044c \u0434\u043e\u0441\u0442\u0443\u043f\u0430 (CWE-284)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043c\u0438\u043a\u0440\u043e\u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0438\u0437\u0430\u0442\u043e\u0440\u0430 ZyXEL P-870H-51 DSL \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438 \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://zerodayinitiative.com/advisories/ZDI-18-135",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-284",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 10)\n\u041a\u0440\u0438\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 9,8)"
}

CNVD-2018-06169

Vulnerability from cnvd - Published: 2018-03-23

Title

ZyXEL P-870H-51 DSL Router CGI拒绝服务漏洞

Description

ZyXEL P-870H-51 DSL Router是合勤（ZyXEL）科技公司的一款无线路由器产品。 ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5版本中exposed CGI端点存在安全漏洞，该漏洞源于未能正确的访问控制。攻击者可利用该漏洞造成拒绝服务（设备重启）。

Severity

高

Patch Name

ZyXEL P-870H-51 DSL Router CGI拒绝服务漏洞的补丁

Patch Description

ZyXEL P-870H-51 DSL Router是合勤（ZyXEL）科技公司的一款无线路由器产品。 ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5版本中exposed CGI端点存在安全漏洞，该漏洞源于未能正确的访问控制。攻击者可利用该漏洞造成拒绝服务（设备重启）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.zyxel.com/us/en/homepage.shtml

Reference

https://zerodayinitiative.com/advisories/ZDI-18-135

Impacted products

Name
ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-1164"
    }
  },
  "description": "ZyXEL P-870H-51 DSL Router\u662f\u5408\u52e4\uff08ZyXEL\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5\u7248\u672c\u4e2dexposed CGI\u7aef\u70b9\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u91cd\u542f\uff09\u3002",
  "discovererName": "Hubert WS Lin of Trend Micro",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.zyxel.com/us/en/homepage.shtml",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-06169",
  "openTime": "2018-03-23",
  "patchDescription": "ZyXEL P-870H-51 DSL Router\u662f\u5408\u52e4\uff08ZyXEL\uff09\u79d1\u6280\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5\u7248\u672c\u4e2dexposed CGI\u7aef\u70b9\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u672a\u80fd\u6b63\u786e\u7684\u8bbf\u95ee\u63a7\u5236\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u91cd\u542f\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "ZyXEL P-870H-51 DSL Router CGI\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "ZyXEL   P-870H-51 DSL Router 1.00(AWG.3)D5"
  },
  "referenceLink": "https://zerodayinitiative.com/advisories/ZDI-18-135",
  "serverity": "\u9ad8",
  "submitTime": "2018-03-02",
  "title": "ZyXEL P-870H-51 DSL Router CGI\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2018-1164

Vulnerability from fkie_nvd - Published: 2018-02-21 14:29 - Updated: 2024-11-21 03:59

Severity

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	zdi-disclosures@trendmicro.com	https://zerodayinitiative.com/advisories/ZDI-18-135	Third Party Advisory, VDB Entry
	af854a3a-2127-422b-91ae-364da2661108	https://zerodayinitiative.com/advisories/ZDI-18-135	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	zyxel	p-870h-51_firmware	1.00\(awg.3\)d5
	zyxel	p-870h-51	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:zyxel:p-870h-51_firmware:1.00\\(awg.3\\)d5:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF29660-80E3-4815-B895-9B7E7192FB80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:zyxel:p-870h-51:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F802BF-D113-4173-ACF3-01B5FFDE04C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540."
    },
    {
      "lang": "es",
      "value": "Esta vulnerabilidad permite que atacantes remotos provoquen una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en instalaciones vulnerables de ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad. Este fallo en concreto existe en numerosos endpoints CGI expuestos. La vulnerabilidad est\u00e1 provocada por controles de acceso incorrectos que permiten el acceso a funciones cr\u00edticas sin autenticaci\u00f3n. Un atacante podr\u00eda emplear esta vulnerabilidad para reiniciar los dispositivos afectados, as\u00ed como llevar a cabo otras acciones. Anteriormente era ZDI-CAN-4540."
    }
  ],
  "id": "CVE-2018-1164",
  "lastModified": "2024-11-21T03:59:18.997",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-21T14:29:00.423",
  "references": [
    {
      "source": "zdi-disclosures@trendmicro.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
    }
  ],
  "sourceIdentifier": "zdi-disclosures@trendmicro.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "zdi-disclosures@trendmicro.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-943G-CPQH-7WMV

Vulnerability from github – Published: 2022-05-13 01:33 – Updated: 2022-05-13 01:33

Details

Severity

9.8 (Critical)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-1164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-732"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-02-21T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.",
  "id": "GHSA-943g-cpqh-7wmv",
  "modified": "2022-05-13T01:33:27Z",
  "published": "2022-05-13T01:33:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1164"
    },
    {
      "type": "WEB",
      "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2018-1164

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-1164

Aliases

CVE-2018-1164

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-1164",
    "description": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.",
    "id": "GSD-2018-1164"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-1164"
      ],
      "details": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540.",
      "id": "GSD-2018-1164",
      "modified": "2023-12-13T01:22:37.380760Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "zdi-disclosures@trendmicro.com",
        "ID": "CVE-2018-1164",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "ZyXEL P-870H-51 DSL Router",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "1.00(AWG.3)D5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "ZyXEL"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-306-Missing Authentication for Critical Function"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://zerodayinitiative.com/advisories/ZDI-18-135",
            "refsource": "MISC",
            "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:zyxel:p-870h-51_firmware:1.00\\(awg.3\\)d5:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:zyxel:p-870h-51:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "zdi-disclosures@trendmicro.com",
          "ID": "CVE-2018-1164"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-732"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://zerodayinitiative.com/advisories/ZDI-18-135",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://zerodayinitiative.com/advisories/ZDI-18-135"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-09T23:38Z",
      "publishedDate": "2018-02-21T14:29Z"
    }
  }
}

VAR-201802-0673

Vulnerability from variot - Updated: 2024-11-23 22:48

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540. ZyXEL P-870H-51 DSL Router Contains an access control vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4540 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXELP-870H-51DSLRouter is a wireless router product from ZyXEL Technology. A security vulnerability exists in the exposedCGI endpoint in the ZyXELP-870H-51DSLRouter 1.00 (AWG.3) D5 release, which stems from a failure to properly control access

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "p-870h-51",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "zyxel",
        "version": "1.00\\(awg.3\\)d5"
      },
      {
        "_id": null,
        "model": "p-870h-51",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "zyxel",
        "version": "1.00(awg.3)d5"
      },
      {
        "_id": null,
        "model": "p-870h-51 dsl router",
        "scope": null,
        "trust": 0.7,
        "vendor": "zyxel",
        "version": null
      },
      {
        "_id": null,
        "model": "p-870h-51 dsl router 1.00 d5",
        "scope": null,
        "trust": 0.6,
        "vendor": "zyxel",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      }
    ]
  },
  "configurations": {
    "_id": null,
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:zyxel:p-870h-51_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Hubert WS Lin of Trend Micro",
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-135"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2018-1164",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2018-1164",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "ZDI",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-1164",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "HIGH",
            "trust": 0.7,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2018-06169",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-121519",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2018-1164",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-1164",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-1164",
            "trust": 0.8,
            "value": "Critical"
          },
          {
            "author": "ZDI",
            "id": "CVE-2018-1164",
            "trust": 0.7,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-06169",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201802-767",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-121519",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2018-1164",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable installations of ZyXEL P-870H-51 DSL Router 1.00(AWG.3)D5. Authentication is not required to exploit this vulnerability. The specific flaw exists within numerous exposed CGI endpoints. The vulnerability is caused by improper access controls that allow access to critical functions without authentication. An attacker can use this vulnerability to reboot affected devices, along with other actions. Was ZDI-CAN-4540. ZyXEL P-870H-51 DSL Router Contains an access control vulnerability. Zero Day Initiative Is vulnerable to this vulnerability ZDI-CAN-4540 Was numbered.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The ZyXELP-870H-51DSLRouter is a wireless router product from ZyXEL Technology. A security vulnerability exists in the exposedCGI endpoint in the ZyXELP-870H-51DSLRouter 1.00 (AWG.3) D5 release, which stems from a failure to properly control access",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-1164",
        "trust": 3.9
      },
      {
        "db": "ZDI",
        "id": "ZDI-18-135",
        "trust": 3.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408",
        "trust": 0.8
      },
      {
        "db": "ZDI_CAN",
        "id": "ZDI-CAN-4540",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "ZDI",
        "id": "ZDI-18-135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      }
    ]
  },
  "id": "VAR-201802-0673",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:48:46.925000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.zyxel.com/us/en/homepage.shtml"
      },
      {
        "title": "ZyXELP-870H-51DSLRouterCGI Patch for Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/123107"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-732",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-306",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 2.4,
        "url": "https://zerodayinitiative.com/advisories/zdi-18-135"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1164"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-1164"
      },
      {
        "trust": 0.8,
        "url": "https://www.zerodayinitiative.com/advisories/zdi-18-135/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/732.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169"
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519"
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "ZDI",
        "id": "ZDI-18-135",
        "ident": null
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-06169",
        "ident": null
      },
      {
        "db": "VULHUB",
        "id": "VHN-121519",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2018-1164",
        "ident": null
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2018-1164",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-01-23T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-135",
        "ident": null
      },
      {
        "date": "2018-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06169",
        "ident": null
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121519",
        "ident": null
      },
      {
        "date": "2018-02-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1164",
        "ident": null
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002408",
        "ident": null
      },
      {
        "date": "2018-03-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-767",
        "ident": null
      },
      {
        "date": "2018-02-21T14:29:00.423000",
        "db": "NVD",
        "id": "CVE-2018-1164",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2018-01-23T00:00:00",
        "db": "ZDI",
        "id": "ZDI-18-135",
        "ident": null
      },
      {
        "date": "2018-03-23T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-06169",
        "ident": null
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-121519",
        "ident": null
      },
      {
        "date": "2019-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2018-1164",
        "ident": null
      },
      {
        "date": "2018-04-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-002408",
        "ident": null
      },
      {
        "date": "2019-10-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201802-767",
        "ident": null
      },
      {
        "date": "2024-11-21T03:59:18.997000",
        "db": "NVD",
        "id": "CVE-2018-1164",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "_id": null,
    "data": "ZyXEL P-870H-51 DSL Router Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-002408"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "_id": null,
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201802-767"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-1164 (GCVE-0-2018-1164)

BDU:2018-00621

CNVD-2018-06169

FKIE_CVE-2018-1164

GHSA-943G-CPQH-7WMV

GSD-2018-1164

VAR-201802-0673

Tags

Sightings

Nomenclature