CVE-2017-8415

{"id": "CVE-2017-8415", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-07-02T21:15:10.493", "references": [{"url": "http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}, {"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf", "tags": ["Not Applicable", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf", "tags": ["Not Applicable", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://seclists.org/bugtraq/2019/Jun/8", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-798"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string \"admin\" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only."}, {"lang": "es", "value": "Se detect\u00f3 un problema en los dispositivos DCS-1100 y DCS-1130 de D-Link. El dispositivo presenta un demonio telnet personalizado como parte de la busybox y recupera la contrase\u00f1a del archivo instant\u00e1neo utilizando la funci\u00f3n getspnam en la direcci\u00f3n 0x00053894. Luego realiza una operaci\u00f3n de cifrado en la contrase\u00f1a recuperada del usuario en la direcci\u00f3n 0x000538E0 y realiza un strcmp en la direcci\u00f3n 0x00053908 para comprobar si la contrase\u00f1a es correcta o incorrecta. Sin embargo, el archivo /etc/shadow es una parte del sistema de archivos CRAM-FS, lo que quiere decir que el usuario no puede cambiar la contrase\u00f1a y, por lo tanto, se utiliza un hash codificado en /etc/shadow para que coincida con las credenciales suministradas por el usuario. Este es un hash con sal de la cadena \"admin\" y, por lo tanto, act\u00faa como una contrase\u00f1a para el dispositivo que no se puede cambiar debido a que todo el sistema de archivos es de solo lectura."}], "lastModified": "2024-11-21T03:33:59.780", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dcs-1130_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DB53465-4FE2-43EF-B2C6-839DFEA80D62"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "33A388EC-275D-4180-83E2-AD73F7EEB54F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:dlink:dcs-1100_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "554817F7-7E3D-4D69-90AC-46D86056143B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "704F9608-72CE-49C0-B7D2-F2FE84DF0C74"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}