CVE-2018-17878 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.8 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Vendor	Product	Version
abus	tvip_10000_firmware	-
abus	tvip_10001_firmware	-
abus	tvip_10005_firmware	-
abus	tvip_10005a_firmware	-
abus	tvip_10005b_firmware	-
abus	tvip_10050_firmware	-
abus	tvip_10051_firmware	-
abus	tvip_10055a_firmware	-
abus	tvip_10055b_firmware	-
abus	tvip_10500_firmware	-
abus	tvip_10550_firmware	-
abus	tvip_11000_firmware	-
abus	tvip_11050_firmware	-
abus	tvip_11500_firmware	-
abus	tvip_11501_firmware	-
abus	tvip_11502_firmware	-
abus	tvip_11550_firmware	-
abus	tvip_11551_firmware	-
abus	tvip_11552_firmware	-
abus	tvip_20000_firmware	-
abus	tvip_20050_firmware	-
abus	tvip_20500_firmware	-
abus	tvip_20550_firmware	-
abus	tvip_21000_firmware	-
abus	tvip_21050_firmware	-
abus	tvip_21500_firmware	-
abus	tvip_21501_firmware	-
abus	tvip_21502_firmware	-
abus	tvip_21550_firmware	-
abus	tvip_21551_firmware	-
abus	tvip_21552_firmware	-
abus	tvip_22500_firmware	-
abus	tvip_31000_firmware	-
abus	tvip_31001_firmware	-
abus	tvip_31050_firmware	-
abus	tvip_31500_firmware	-
abus	tvip_31501_firmware	-
abus	tvip_31550_firmware	-
abus	tvip_31551_firmware	-
abus	tvip_32500_firmware	-
abus	tvip_51500_firmware	-
abus	tvip_51550_firmware	-
abus	tvip_71500_firmware	-
abus	tvip_71501_firmware	-
abus	tvip_71550_firmware	-
abus	tvip_71551_firmware	-
abus	tvip_72500_firmware	-

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References

https://sec.maride.cc/posts/abus/#cve-2018-17878

https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

https://sec.maride.cc/posts/abus/#cve-2018-17878

https://www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen