CVE-2018-13108

EUVD-2018-5057
All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
Affected Products (NVD)
VendorProductVersion
adbglobaldv2210_firmware
-
adbglobalvv2220_firmware
-
adbglobalvv5522_firmware
-
adbglobalprg_av4202n_firmware
-
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html
http://seclists.org/fulldisclosure/2018/Jul/17
http://www.securityfocus.com/archive/1/542117/100/0/threaded
https://www.exploit-db.com/exploits/44983/
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/
http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html
http://seclists.org/fulldisclosure/2018/Jul/17
http://www.securityfocus.com/archive/1/542117/100/0/threaded
https://www.exploit-db.com/exploits/44983/
https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/