VAR-201705-4198
Vulnerability from variot - Updated: 2022-10-19 22:40The CERIODT-100G-N/DT-300N/CW-300N is a wireless router product from CERIO. The CERIODT-100G-N/DT-300N/CW-300N has hard-coded and default credentials, information leaks, command injection, and backdoor vulnerabilities. Allows the restricted shell to be escaped to the root shell via the 'pekcmd' binary. Since all processes are running as root, an attacker can put the hard-coded string stored in it into the root shell. CERIO's DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2 High Power Wireless Access Point with built-in 10dBi patch antennas and also supports broadband wireless routing. DT-300N A4's wireless High Power design enhances the range and stability of the device's wireless signal in office and home environments. Another key hardware function of DT-300N A4 is its PoE Bridging feature, which allows subsequent devices to be powered through DT-300N A4's LAN port. This reduces device cabling and allows for more convenient deployment. DT-300N A4 utilizes a 533Mhz high power CPU base with 11n 2x2 transmission rates of 300Mbps. This powerful device can produce high level performance across multiple rooms or large spaces such as offices, schools, businesses and residential areas. DT-300N A4 is suitable for both indoor and outdoor deployment, and utilizes an IPX6 weatherproof housing. The DT-300N A4 hardware equipped with to bundles Cerio CenOS 5.0 Software Core. CenOS 5.0 devices can use integrated management functions of Control Access Point (CAP Mode) to manage an AP network.Cerio Wireless Access Point and Router suffers fromseveral vulnerabilities including: hard-coded and defaultcredentials, information disclosure, command injection andhidden backdoors that allows escaping the restricted shellinto a root shell via the 'pekcmd' binary. Thepekcmd shell has several hidden functionalities for enablingan advanced menu and modifying MAC settings as well as easilyescapable regex function for shell characters.Tested on: Cenwell Linux 802.11bgn MIMO Wireless AP(AR9341)RALINK(R) Cen-CPE-N5H2 (Access Point)CenOS 5.0/4.0/3.0Hydra/0.1.8
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201705-4198",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "kozumi?",
"scope": "eq",
"trust": 0.6,
"vendor": "cerio",
"version": "v1.1.1"
},
{
"model": "cw-300n (fw: cen-cpe-n2h10a",
"scope": "eq",
"trust": 0.6,
"vendor": "cerio",
"version": ")v1.0.22"
},
{
"model": "dt-300n (fw: cen-cpe-n2h10a",
"scope": "eq",
"trust": 0.6,
"vendor": "cerio",
"version": ")v1.1.6"
},
{
"model": "dt-300n (fw: cen-cpe-n2h10a",
"scope": "eq",
"trust": 0.6,
"vendor": "cerio",
"version": ")v1.0.14"
},
{
"model": "dt-100g-n (fw: cen-wr-g2h5",
"scope": "eq",
"trust": 0.6,
"vendor": "cerio",
"version": ")v1.0.6"
},
{
"model": "11nbg",
"scope": "eq",
"trust": 0.1,
"vendor": "cerio",
"version": "dt-100g-n (fw: cen-wr-g2h5 v1.0.6)"
},
{
"model": "11nbg",
"scope": "eq",
"trust": 0.1,
"vendor": "cerio",
"version": "dt-300n (fw: cen-cpe-n2h10a v1.0.14)"
},
{
"model": "11nbg",
"scope": "eq",
"trust": 0.1,
"vendor": "cerio",
"version": "dt-300n (fw: cen-cpe-n2h10a v1.1.6)"
},
{
"model": "11nbg",
"scope": "eq",
"trust": 0.1,
"vendor": "cerio",
"version": "cw-300n (fw: cen-cpe-n2h10a v1.0.22)"
},
{
"model": "11nbg",
"scope": "eq",
"trust": 0.1,
"vendor": "cerio",
"version": "kozumi? (fw: cen-cpe-n5h5r v1.1.1)"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovered by Gjoko Krstic",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
}
],
"trust": 0.1
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-07719",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2017-07719",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "ZSL",
"id": "ZSL-2017-5409",
"trust": 0.1,
"value": "(5/5)"
}
]
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The CERIODT-100G-N/DT-300N/CW-300N is a wireless router product from CERIO. The CERIODT-100G-N/DT-300N/CW-300N has hard-coded and default credentials, information leaks, command injection, and backdoor vulnerabilities. Allows the restricted shell to be escaped to the root shell via the \u0027pekcmd\u0027 binary. Since all processes are running as root, an attacker can put the hard-coded string stored in it into the root shell. CERIO\u0027s DT-300N A4 eXtreme Power 11n 2.4Ghz 2x2\tHigh Power Wireless Access Point with built-in 10dBi\tpatch antennas and also supports broadband wireless\trouting. DT-300N A4\u0027s wireless High Power design\tenhances the range and stability of the device\u0027s\twireless signal in office and home environments. \tAnother key hardware function of DT-300N A4 is its PoE\tBridging feature, which allows subsequent devices to\tbe powered through DT-300N A4\u0027s LAN port. This\treduces device cabling and allows for more convenient\tdeployment. DT-300N A4 utilizes a 533Mhz high power CPU base\twith 11n 2x2 transmission rates of 300Mbps. This\tpowerful device can produce high level performance\tacross multiple rooms or large spaces such as offices,\tschools, businesses and residential areas. DT-300N A4\tis suitable for both indoor and outdoor deployment,\tand utilizes an IPX6 weatherproof housing. \tThe DT-300N A4 hardware equipped with to bundles\tCerio CenOS 5.0 Software Core. CenOS 5.0 devices can\tuse integrated management functions of Control\tAccess Point (CAP Mode) to manage an AP network.Cerio Wireless Access Point and Router suffers fromseveral vulnerabilities including: hard-coded and defaultcredentials, information disclosure, command injection andhidden backdoors that allows escaping the restricted shellinto a root shell via the \u0027pekcmd\u0027 binary. Thepekcmd shell has several hidden functionalities for enablingan advanced menu and modifying MAC settings as well as easilyescapable regex function for shell characters.Tested on: Cenwell Linux 802.11bgn MIMO Wireless AP(AR9341)RALINK(R) Cen-CPE-N5H2 (Access Point)CenOS 5.0/4.0/3.0Hydra/0.1.8",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07719"
},
{
"db": "ZSL",
"id": "ZSL-2017-5409"
}
],
"trust": 0.63
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.zeroscience.mk/codes/cerio_bd.txt",
"trust": 0.1,
"type": "poc"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOIT-DB",
"id": "42079",
"trust": 0.7
},
{
"db": "ZSL",
"id": "ZSL-2017-5409",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "42079",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2017-07719",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "142730",
"trust": 0.1
},
{
"db": "CXSECURITY",
"id": "WLB-2017050217",
"trust": 0.1
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"id": "VAR-201705-4198",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"last_update_date": "2022-10-19T22:40:03.350000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.7,
"url": "https://www.exploit-db.com/exploits/42079/"
},
{
"trust": 0.6,
"url": "http://www.zeroscience.mk/en/vulnerabilities/zsl-2017-5409.php"
},
{
"trust": 0.1,
"url": "https://cxsecurity.com/issue/wlb-2017050217"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/142730"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/127195"
}
],
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-28T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T00:00:00",
"db": "ZSL",
"id": "ZSL-2017-5409"
},
{
"date": "2017-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07719"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vulnerabilities in CERIO DT-100G-N/DT-300N/CW-300N",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07719"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Local/Remote,System Access",
"sources": [
{
"db": "ZSL",
"id": "ZSL-2017-5409"
}
],
"trust": 0.1
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…