VAR-201903-0011
Vulnerability from variot - Updated: 2024-11-23 21:52An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Wifi-soft UniBox controller The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands. Hello all,
I would like to inform you about the Remote Command & Code Injection vulnerabilities found in Wifi-soft's Unibox Controllers.
Name: Remote Code Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Code Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3495
Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 0.x - 2.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3497
Name: Remote Command Injection in Wifi-soft's Unibox Controllers Affected Software: Unibox Controller Affected Versions: 3.x Homepage: https://wifi-soft.com/unibox-controller/ Vulnerability: Remote Command Injection Severity: Critical Status: Not Fixed CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8) CVE-ID Reference: CVE-2019-3496
I have posted all the technical details, POCs and root-cause analysis here: https://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/
Best Regards,
*Sahil Dhar * Information Security Consultant +91 9821544985
http://goog_555023787 [image: https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/] https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unibox",
"scope": "eq",
"trust": 1.0,
"vendor": "indionetworks",
"version": null
},
{
"model": "unibox",
"scope": "eq",
"trust": 0.8,
"vendor": "wifi soft",
"version": "0.x to 2.x"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:wifi-soft:unibox_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sahil Dhar",
"sources": [
{
"db": "PACKETSTORM",
"id": "151077"
}
],
"trust": 0.1
},
"cve": "CVE-2019-3497",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-3497",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-154932",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2019-3497",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-3497",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-3497",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2019-3497",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201903-761",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-154932",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Wifi-soft UniBox controller 0.x through 2.x devices. The tools/ping Ping feature of the Diagnostic Tools component is vulnerable to Remote Command Execution, allowing an attacker to execute arbitrary system commands on the server with root user privileges. Authentication for accessing this component can be bypassed by using Hard coded credentials. Wifi-soft UniBox controller The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The vulnerability comes from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands. Hello all,\n\nI would like to inform you about the Remote Command \u0026 Code Injection\nvulnerabilities found in Wifi-soft\u0027s Unibox Controllers. \n\nName: Remote Code Injection in Wifi-soft\u0027s Unibox Controllers\nAffected Software: Unibox Controller\nAffected Versions: 0.x - 2.x\nHomepage: https://wifi-soft.com/unibox-controller/\nVulnerability: Remote Code Injection\nSeverity: Critical\nStatus: Not Fixed\nCVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)\nCVE-ID Reference: CVE-2019-3495\n\n\nName: Remote Command Injection in Wifi-soft\u0027s Unibox Controllers\nAffected Software: Unibox Controller\nAffected Versions: 0.x - 2.x\nHomepage: https://wifi-soft.com/unibox-controller/\nVulnerability: Remote Command Injection\nSeverity: Critical\nStatus: Not Fixed\nCVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)\nCVE-ID Reference: CVE-2019-3497\n\nName: Remote Command Injection in Wifi-soft\u0027s Unibox Controllers\nAffected Software: Unibox Controller\nAffected Versions: 3.x\nHomepage: https://wifi-soft.com/unibox-controller/\nVulnerability: Remote Command Injection\nSeverity: Critical\nStatus: Not Fixed\nCVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (9.8)\nCVE-ID Reference: CVE-2019-3496\n\nI have posted all the technical details, POCs and root-cause analysis here:\nhttps://sahildhar.github.io/blogpost/Multiple-RCE-Vulnerabilties-in-Unibox-Controller-0.x-3.x/\n\n\nBest Regards,\n\n*Sahil Dhar *\nInformation Security Consultant\n+91 9821544985\n\n\u003chttp://goog_555023787\u003e\n[image:\nhttps://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]\n\u003chttps://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/\u003e\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-3497"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "PACKETSTORM",
"id": "151077"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-3497",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "151077",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201903-761",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-154932",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "PACKETSTORM",
"id": "151077"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"id": "VAR-201903-0011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-154932"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T21:52:29.084000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "UniBox - Access Controllers",
"trust": 0.8,
"url": "https://wifi-soft.com/unibox-controller/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://sahildhar.github.io/blogpost/multiple-rce-vulnerabilties-in-unibox-controller-0.x-3.x/"
},
{
"trust": 2.3,
"url": "http://packetstormsecurity.com/files/151077/wifi-soft-unibox-2.x-remote-command-code-injection.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2019/jan/23"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3497"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-3497"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3495"
},
{
"trust": 0.1,
"url": "https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/\u003e"
},
{
"trust": 0.1,
"url": "https://www.offensive-security.com/information-security-certifications/osce-offensive-security-certified-expert/]"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3496"
},
{
"trust": 0.1,
"url": "http://goog_555023787\u003e"
},
{
"trust": 0.1,
"url": "https://wifi-soft.com/unibox-controller/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "PACKETSTORM",
"id": "151077"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-154932"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"db": "PACKETSTORM",
"id": "151077"
},
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-154932"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"date": "2019-01-09T09:22:22",
"db": "PACKETSTORM",
"id": "151077"
},
{
"date": "2019-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"date": "2019-03-21T16:01:04.280000",
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-154932"
},
{
"date": "2019-04-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002854"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201903-761"
},
{
"date": "2024-11-21T04:42:08.590000",
"db": "NVD",
"id": "CVE-2019-3497"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Wifi-soft UniBox controller Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002854"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201903-761"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…