CVE-2019-9160 - OpenCVE

WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string).

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xinruidz	Sundray Wan Controller Sundray Wan Controller Firmware

Configuration 1 [-]

AND

cpe:2.3:o:xinruidz:sundray_wan_controller_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:xinruidz:sundray_wan_controller:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-04-18T21:58:00

Updated: 2024-08-04T21:38:46.570Z

Reserved: 2019-02-25T00:00:00

Link: CVE-2019-9160

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2019-04-18T22:29:00.577

Modified: 2019-04-19T16:27:22.783

Link: CVE-2019-9160

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2019-02-26T00:00:00", "descriptions": [{"lang": "en", "value": "WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string)."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-04-18T21:58:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-9160", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680", "refsource": "MISC", "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T21:38:46.570Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-9160", "datePublished": "2019-04-18T21:58:00", "dateReserved": "2019-02-25T00:00:00", "dateUpdated": "2024-08-04T21:38:46.570Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xinruidz:sundray_wan_controller_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "CD50CB36-35ED-4711-B60B-45AD55ABA1DA", "versionEndIncluding": "3.7.4.2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:xinruidz:sundray_wan_controller:-:*:*:*:*:*:*:*", "matchCriteriaId": "1886D972-4F79-4692-9F80-58FD959438C7", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "WAC on the Sangfor Sundray WLAN Controller version 3.7.4.2 and earlier has a backdoor account allowing a remote attacker to login to the system via SSH (on TCP port 22345) and escalate to root (because the password for root is the WebUI admin password concatenated with a static string)."}, {"lang": "es", "value": "WAC en el controlador Sangfor Sundray WLAN versi\u00f3n 3.7.4.2 y anterior, presenta una cuenta de puerta trasera que permite a un atacante remoto iniciar sesi\u00f3n en el sistema mediante SSH (en el puerto TCP 22345) y escalar a root (porque la contrase\u00f1a para root es la contrase\u00f1a de administrador de WebUI concatenada con una cadena est\u00e1tica)."}], "id": "CVE-2019-9160", "lastModified": "2019-04-19T16:27:22.783", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-04-18T22:29:00.577", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.cnvd.org.cn/flaw/show/CNVD-2019-07680"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-798"}], "source": "nvd@nist.gov", "type": "Primary"}]}