VAR-201505-0339
Vulnerability from variot - Updated: 2025-04-12 23:29The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. The Swisscom Centro Grande DSL Router is a router device. Swisscom Centro Grande is prone to a remote authentication-bypass vulnerability.
Product
Firmwares up to version 6.12.02 are affected. Furthermore, this vulnerability combined with other vulnerabilities allow to completely compromise the Centro Grande (ADB) routers. Available Proof-of-Concept code enables a remote root shell on a victim's router.
Remediation
Update the firmware to version 6.14.00. The current version can be verified through the web management interface, under Settings => Router => Firmware section. The version 6.14.00 should be installed. If it is not the case, the update can be forced cliking on the button labeled "Check for upgrade".
Alternatively, the firmware can be downloaded from the following page: https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html
Swisscom customers may call the Swisscom-Hotline 0800 800 800
Acknowledgments
Ivan Almuina from Hacking Corporation S\xe0rl (http://hackingcorp.ch/) for the discovery, the notification and for helping us to fix the vulnerability.
Milestones
Sep 23th 2014 Vulnerability reported to Swisscom CSIRT Jan 7th 2015 CVE ID requested at MITRE Jan 18th 2015 CVE ID 2015-1188 assigned by MITRE Apr 29th 2015 Public Release of Advisory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201505-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "centro grande",
"scope": "lt",
"trust": 1.0,
"vendor": "swisscom",
"version": "6.14.00"
},
{
"model": "centro grande dsl",
"scope": null,
"trust": 0.8,
"vendor": "swisscom",
"version": null
},
{
"model": "centro grande dsl",
"scope": "lt",
"trust": 0.8,
"vendor": "swisscom",
"version": "6.14.00"
},
{
"model": "centro grande dsl router",
"scope": null,
"trust": 0.6,
"vendor": "swisscom",
"version": null
},
{
"model": "ag centro grande",
"scope": "eq",
"trust": 0.3,
"vendor": "swisscom",
"version": "6.12.02"
},
{
"model": "ag centro grande",
"scope": "ne",
"trust": 0.3,
"vendor": "swisscom",
"version": "6.14.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "BID",
"id": "74391"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:swisscom:centro_grande_%28adb%29_dsl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:swisscom:centro_grande_%28adb%29_dsl_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ivan Almuina",
"sources": [
{
"db": "BID",
"id": "74391"
},
{
"db": "PACKETSTORM",
"id": "131672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
}
],
"trust": 1.0
},
"cve": "CVE-2015-1188",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-1188",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-1188",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-02889",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-79149",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-1188",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-1188",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-02889",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201505-335",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-79149",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The certificate verification functions in the HNDS service in Swisscom Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows remote attackers to access the management functions via unknown vectors. The Swisscom Centro Grande DSL Router is a router device. Swisscom Centro Grande is prone to a remote authentication-bypass vulnerability. \n\n\nProduct\n-------\nFirmwares up to version 6.12.02 are affected. Furthermore, this vulnerability\ncombined with other vulnerabilities allow to completely compromise the\nCentro Grande (ADB) routers. Available Proof-of-Concept code enables a remote\nroot shell on a victim\u0027s router. \n\n\nRemediation\n-----------\nUpdate the firmware to version 6.14.00. The current version can be verified\nthrough the web management interface, under Settings =\u003e Router =\u003e Firmware\nsection. The version 6.14.00 should be installed. If it is not the case, the\nupdate can be forced cliking on the button labeled \"Check for upgrade\". \n\nAlternatively, the firmware can be downloaded from the following page:\nhttps://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html\n\nSwisscom customers may call the Swisscom-Hotline 0800 800 800\n\n\nAcknowledgments\n---------------\nIvan Almuina from Hacking Corporation S\\xe0rl (http://hackingcorp.ch/) for the\ndiscovery, the notification and for helping us to fix the vulnerability. \n\n\nMilestones\n----------\nSep 23th 2014 Vulnerability reported to Swisscom CSIRT\nJan 7th 2015 CVE ID requested at MITRE\nJan 18th 2015 CVE ID 2015-1188 assigned by MITRE\nApr 29th 2015 Public Release of Advisory\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-1188"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "BID",
"id": "74391"
},
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "PACKETSTORM",
"id": "131672"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-79149",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79149"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-1188",
"trust": 3.5
},
{
"db": "BID",
"id": "74391",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335",
"trust": 0.7
},
{
"db": "OSVDB",
"id": "121451",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-02889",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "131672",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-79149",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "BID",
"id": "74391"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "PACKETSTORM",
"id": "131672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"id": "VAR-201505-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "VULHUB",
"id": "VHN-79149"
}
],
"trust": 1.44305555
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
}
]
},
"last_update_date": "2025-04-12T23:29:32.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Centro grande",
"trust": 0.8,
"url": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html"
},
{
"title": "Swisscom Centro Grande DSL Router HNDS Service Certificate Verification Failure Verification Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/58059"
},
{
"title": "Vx226x1_61400",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55768"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://seclists.org/fulldisclosure/2015/apr/103"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-1188"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-1188"
},
{
"trust": 0.6,
"url": "http://osvdb.org/show/osvdb/121451"
},
{
"trust": 0.3,
"url": "https://www.swisscom.ch/en/residential/more/save-energy/router-centro-grande-adb.html"
},
{
"trust": 0.1,
"url": "http://hackingcorp.ch/)"
},
{
"trust": 0.1,
"url": "https://www.swisscom.ch/en/residential/help/device/internet-router/centro-grande.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-1188"
},
{
"trust": 0.1,
"url": "http://www.swisscom.com/security"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "BID",
"id": "74391"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "PACKETSTORM",
"id": "131672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"db": "VULHUB",
"id": "VHN-79149"
},
{
"db": "BID",
"id": "74391"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"db": "PACKETSTORM",
"id": "131672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"date": "2015-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-79149"
},
{
"date": "2015-04-29T00:00:00",
"db": "BID",
"id": "74391"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"date": "2015-04-29T13:43:13",
"db": "PACKETSTORM",
"id": "131672"
},
{
"date": "2015-04-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"date": "2015-05-20T18:59:04.823000",
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-05-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-02889"
},
{
"date": "2021-01-05T00:00:00",
"db": "VULHUB",
"id": "VHN-79149"
},
{
"date": "2015-04-29T00:00:00",
"db": "BID",
"id": "74391"
},
{
"date": "2015-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002767"
},
{
"date": "2021-01-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201505-335"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-1188"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "131672"
},
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Swisscom Centro Grande DSL Router firmware HNDS Vulnerability to access the management function in the certificate verification function of the service",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002767"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201505-335"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…