CVE-2018-15124 - OpenCVE

Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zipato	Zipabox Zipabox Firmware

Configuration 1 [-]

AND

cpe:2.3:o:zipato:zipabox_firmware:118:*:*:*:*:*:*:*

cpe:2.3:h:zipato:zipabox:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Kaspersky

Published: 2018-08-13T21:00:00Z

Updated: 2024-09-16T23:32:11.189Z

Reserved: 2018-08-06T00:00:00

Link: CVE-2018-15124

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2018-08-13T21:48:01.477

Modified: 2018-10-10T15:35:01.270

Link: CVE-2018-15124

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "Zipato Zipabox Smart Home Controller", "vendor": "Kaspersky Lab", "versions": [{"status": "affected", "version": "BOARD REV - 1"}, {"status": "affected", "version": "SYSTEM VERSION -118"}]}], "datePublic": "2018-08-08T00:00:00", "descriptions": [{"lang": "en", "value": "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device."}], "problemTypes": [{"descriptions": [{"description": "Weak hashing algorithm", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-08-13T20:57:01", "orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "shortName": "Kaspersky"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vulnerability@kaspersky.com", "DATE_PUBLIC": "2018-08-08T00:00:00", "ID": "CVE-2018-15124", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Zipato Zipabox Smart Home Controller", "version": {"version_data": [{"version_value": "BOARD REV - 1"}, {"version_value": "SYSTEM VERSION -118"}]}}]}, "vendor_name": "Kaspersky Lab"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Weak hashing algorithm"}]}]}, "references": {"reference_data": [{"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/", "refsource": "MISC", "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T09:46:25.560Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"}]}]}, "cveMetadata": {"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988", "assignerShortName": "Kaspersky", "cveId": "CVE-2018-15124", "datePublished": "2018-08-13T21:00:00Z", "dateReserved": "2018-08-06T00:00:00", "dateUpdated": "2024-09-16T23:32:11.189Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:zipato:zipabox_firmware:118:*:*:*:*:*:*:*", "matchCriteriaId": "6217A685-8A45-4CE6-AD09-2686F0D77DB2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:zipato:zipabox:-:*:*:*:*:*:*:*", "matchCriteriaId": "A337B85F-C7BD-4B11-9ED5-8740958BEB3F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Weak hashing algorithm in Zipato Zipabox Smart Home Controller BOARD REV - 1 with System Version -118 allows unauthenticated attacker extract clear text passwords and get root access on the device."}, {"lang": "es", "value": "Algoritmo de hasheo d\u00e9bil en Zipato Zipabox Smart Home Controller BOARD REV - 1 con versi\u00f3n de sistema 118 permite que un atacante no autenticado extraiga contrase\u00f1as en texto claro y obtener acceso root al dispositivo."}], "id": "CVE-2018-15124", "lastModified": "2018-10-10T15:35:01.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-08-13T21:48:01.477", "references": [{"source": "vulnerability@kaspersky.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/08/klcert-18-004-zipato-zipabox-weak-hash-algorithm/"}], "sourceIdentifier": "vulnerability@kaspersky.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-326"}], "source": "nvd@nist.gov", "type": "Primary"}]}