VAR-201707-0949
Vulnerability from variot - Updated: 2025-04-20 23:13Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Televes COAXDATA GATEWAY 1Gbps The device password.shtml There is a vulnerability related to certificate / password management because authentication is not checked.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TelevesCOAXDATAGATEWAY1Gbpsdevices is a wireless router device from Televes, Spain. A security vulnerability exists in the TelevesCOAXDATAGATEWAY 1Gbps device due to lack of access control and detection on the client side. An attacker could use this vulnerability to change the password of an administrator user
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0949",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "coaxdata gateway 1gbps",
"scope": "eq",
"trust": 1.6,
"vendor": "televes",
"version": "1.02.0014_4.20"
},
{
"model": "coaxdata gateway 1gbps",
"scope": null,
"trust": 0.8,
"vendor": "televes",
"version": null
},
{
"model": "coaxdata gateway",
"scope": null,
"trust": 0.6,
"vendor": "televes",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:televes:coaxdata_gateway_1gbps_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Pedro Andujar",
"sources": [
{
"db": "PACKETSTORM",
"id": "143430"
}
],
"trust": 0.1
},
"cve": "CVE-2017-6530",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6530",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-18521",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-114733",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6530",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6530",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2017-6530",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2017-18521",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-329",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-114733",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do not check password.shtml authorization, leading to Arbitrary password change. Televes COAXDATA GATEWAY 1Gbps The device password.shtml There is a vulnerability related to certificate / password management because authentication is not checked.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. TelevesCOAXDATAGATEWAY1Gbpsdevices is a wireless router device from Televes, Spain. A security vulnerability exists in the TelevesCOAXDATAGATEWAY 1Gbps device due to lack of access control and detection on the client side. An attacker could use this vulnerability to change the password of an administrator user",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6530"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6530",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-18521",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "143430",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-114733",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "PACKETSTORM",
"id": "143430"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"id": "VAR-201707-0949",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
}
]
},
"last_update_date": "2025-04-20T23:13:03.052000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "COAXDATA GATEWAY 1Gbps",
"trust": 0.8,
"url": "http://www.televes.es/es/producto/coaxdata-gateway-1gbps"
},
{
"title": "Patch for any password change vulnerability in TelevesCOAXDATAGATEWAY1Gbps device",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/99419"
},
{
"title": "Televes COAXDATA GATEWAY 1Gbps Fixes for device trust management vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99672"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-114733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.tarlogic.com/advisories/televes_coaxdata_gateway_en.txt"
},
{
"trust": 1.7,
"url": "https://www.tarlogic.com/advisories/televes_coaxdata_gateway_es.txt"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6530"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6531"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "PACKETSTORM",
"id": "143430"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"db": "VULHUB",
"id": "VHN-114733"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"db": "PACKETSTORM",
"id": "143430"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-114733"
},
{
"date": "2017-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"date": "2017-07-21T19:53:07",
"db": "PACKETSTORM",
"id": "143430"
},
{
"date": "2017-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"date": "2017-07-20T13:29:00.247000",
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-18521"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-114733"
},
{
"date": "2017-08-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-005941"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-329"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6530"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Televes COAXDATA GATEWAY 1Gbps Vulnerabilities related to certificate and password management in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-005941"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-329"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…