VAR-201805-0804
Vulnerability from variot - Updated: 2024-11-23 22:06The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home's target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. Radio Thermostat CT50 and CT80 Contains an input validation vulnerability.Information may be tampered with. Radio Thermostat CT50 and CT80 are touch screen thermostat products of American Radio Thermostat Company. This product manages heating and cooling systems in homes. Local HTTP API is one of the local HTTP interfaces
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0804",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ct80",
"scope": "lte",
"trust": 1.0,
"vendor": "radiothermostat",
"version": "1.04.84"
},
{
"model": "ct50",
"scope": "lte",
"trust": 1.0,
"vendor": "radiothermostat",
"version": "1.04.84"
},
{
"model": "ct50",
"scope": "lte",
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": "1.04.84"
},
{
"model": "ct80",
"scope": "lte",
"trust": 0.8,
"vendor": "radio thermostat of america",
"version": "1.04.84"
},
{
"model": "ct80",
"scope": "eq",
"trust": 0.6,
"vendor": "radiothermostat",
"version": "1.04.84"
},
{
"model": "ct50",
"scope": "eq",
"trust": 0.6,
"vendor": "radiothermostat",
"version": "1.04.84"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:radiothermostat:ct50_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:radiothermostat:ct80_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
}
]
},
"cve": "CVE-2018-11315",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-11315",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-121162",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2018-11315",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-11315",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2018-11315",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-638",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-121162",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonstrated by a tstat t_heat request that accesses a device purchased in the Spring of 2018, and sets a home\u0027s target temperature to 95 degrees Fahrenheit. This vulnerability might be described as an addendum to CVE-2013-4860. Radio Thermostat CT50 and CT80 Contains an input validation vulnerability.Information may be tampered with. Radio Thermostat CT50 and CT80 are touch screen thermostat products of American Radio Thermostat Company. This product manages heating and cooling systems in homes. Local HTTP API is one of the local HTTP interfaces",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-11315"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "VULHUB",
"id": "VHN-121162"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-11315",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-121162",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"id": "VAR-201805-0804",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121162"
}
],
"trust": 0.6714285999999999
},
"last_update_date": "2024-11-23T22:06:50.074000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.radiothermostat.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://github.com/brannondorsey/radio-thermostat"
},
{
"trust": 1.1,
"url": "https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability"
},
{
"trust": 1.0,
"url": "https://medium.com/%40brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-11315"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-11315"
},
{
"trust": 0.1,
"url": "https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121162"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-20T00:00:00",
"db": "VULHUB",
"id": "VHN-121162"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"date": "2018-05-20T13:29:00.273000",
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-04T00:00:00",
"db": "VULHUB",
"id": "VHN-121162"
},
{
"date": "2018-07-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-005394"
},
{
"date": "2018-05-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-638"
},
{
"date": "2024-11-21T03:43:07.153000",
"db": "NVD",
"id": "CVE-2018-11315"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Radio Thermostat CT50 and CT80 Input validation vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-005394"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-638"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…