Vulnerability Details CVE-2018-13108
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 7.2
References
- http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html
- http://seclists.org/fulldisclosure/2018/Jul/17
- http://www.securityfocus.com/archive/1/542117/100/0/threaded
- https://www.exploit-db.com/exploits/44983/
- https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
- http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html
- http://seclists.org/fulldisclosure/2018/Jul/17
- http://www.securityfocus.com/archive/1/542117/100/0/threaded
- https://www.exploit-db.com/exploits/44983/
- https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
Products affected by CVE-2018-13108
-
cpe:2.3:h:adbglobal:dv2210:-
-
cpe:2.3:h:adbglobal:prg_av4202n:-
-
cpe:2.3:h:adbglobal:vv2220:-
-
cpe:2.3:h:adbglobal:vv5522:-
-
cpe:2.3:o:adbglobal:dv2210_firmware:-
-
cpe:2.3:o:adbglobal:prg_av4202n_firmware:-
-
cpe:2.3:o:adbglobal:vv2220_firmware:-
-
cpe:2.3:o:adbglobal:vv5522_firmware:-