Lucene search

MitreCVE-2018-16739

HistoryOct 26, 2023 - 10:15 p.m.

CVE-2018-16739

2023-10-2622:15:08

CWE-22

mitre

web.nvd.nist.gov

abus

tvip

path traversal

code execution

nvd

cve-2018-16739

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

An issue was discovered on certain ABUS TVIP devices. Due to a path traversal in /opt/cgi/admin/filewrite, an attacker can write to files, and thus execute code arbitrarily with root privileges.

Affected configurations

Nvd

Node

abustvip_10000_firmwareMatch-

AND

abustvip_10000Match-

Node

abustvip_10001_firmwareMatch-

AND

abustvip_10001Match-

Node

abustvip_10005_firmwareMatch-

AND

abustvip_10005Match-

Node

abustvip_10005a_firmwareMatch-

AND

abustvip_10005aMatch-

Node

abustvip_10005b_firmwareMatch-

AND

abustvip_10005bMatch-

Node

abustvip_10050_firmwareMatch-

AND

abustvip_10050Match-

Node

abustvip_10051_firmwareMatch-

AND

abustvip_10051Match-

Node

abustvip_10055a_firmwareMatch-

AND

abustvip_10055aMatch-

Node

abustvip_10055b_firmwareMatch-

AND

abustvip_10055bMatch-

Node

abustvip_10500_firmwareMatch-

AND

abustvip_10500Match-

Node

abustvip_10550_firmwareMatch-

AND

abustvip_10550Match-

Node

abustvip_11000_firmwareMatch-

AND

abustvip_11000Match-

Node

abustvip_11050_firmwareMatch-

AND

abustvip_11050Match-

Node

abustvip_11500_firmwareMatch-

AND

abustvip_11500Match-

Node

abustvip_11501_firmwareMatch-

AND

abustvip_11501Match-

Node

abustvip_11502_firmwareMatch-

AND

abustvip_11502Match-

Node

abustvip_11550_firmwareMatch-

AND

abustvip_11550Match-

Node

abustvip_11551_firmwareMatch-

AND

abustvip_11551Match-

Node

abustvip_11552_firmwareMatch-

AND

abustvip_11552Match-

Node

abustvip_20000_firmwareMatch-

AND

abustvip_20000Match-

Node

abustvip_20050_firmwareMatch-

AND

abustvip_20050Match-

Node

abustvip_20500_firmwareMatch-

AND

abustvip_20500Match-

Node

abustvip_20550_firmwareMatch-

AND

abustvip_20550Match-

Node

abustvip_21000_firmwareMatch-

AND

abustvip_21000Match-

Node

abustvip_21050_firmwareMatch-

AND

abustvip_21050Match-

Node

abustvip_21500_firmwareMatch-

AND

abustvip_21500Match-

Node

abustvip_21501_firmwareMatch-

AND

abustvip_21501Match-

Node

abustvip_21502_firmwareMatch-

AND

abustvip_21502Match-

Node

abustvip_21550_firmwareMatch-

AND

abustvip_21550Match-

Node

abustvip_21551_firmwareMatch-

AND

abustvip_21551Match-

Node

abustvip_21552_firmwareMatch-

AND

abustvip_21552Match-

Node

abustvip_22500_firmwareMatch-

AND

abustvip_22500Match-

Node

abustvip_31000_firmwareMatch-

AND

abustvip_31000Match-

Node

abustvip_31001_firmwareMatch-

AND

abustvip_31001Match-

Node

abustvip_31050_firmwareMatch-

AND

abustvip_31050Match-

Node

abustvip_31500_firmwareMatch-

AND

abustvip_31500Match-

Node

abustvip_31501_firmwareMatch-

AND

abustvip_31501Match-

Node

abustvip_31550_firmwareMatch-

AND

abustvip_31550Match-

Node

abustvip_31551_firmwareMatch-

AND

abustvip_31551Match-

Node

abustvip_32500_firmwareMatch-

AND

abustvip_32500Match-

Node

abustvip_51500_firmwareMatch-

AND

abustvip_51500Match-

Node

abustvip_51550_firmwareMatch-

AND

abustvip_51550Match-

Node

abustvip_71500_firmwareMatch-

AND

abustvip_71500Match-

Node

abustvip_71501_firmwareMatch-

AND

abustvip_71501Match-

Node

abustvip_71550_firmwareMatch-

AND

abustvip_71550Match-

Node

abustvip_71551_firmwareMatch-

AND

abustvip_71551Match-

Node

abustvip_72500_firmwareMatch-

AND

abustvip_72500Match-

VendorProductVersionCPE
abustvip_10000_firmware-cpe:2.3:o:abus:tvip_10000_firmware:-:*:*:*:*:*:*:*
abustvip_10000-cpe:2.3:h:abus:tvip_10000:-:*:*:*:*:*:*:*
abustvip_10001_firmware-cpe:2.3:o:abus:tvip_10001_firmware:-:*:*:*:*:*:*:*
abustvip_10001-cpe:2.3:h:abus:tvip_10001:-:*:*:*:*:*:*:*
abustvip_10005_firmware-cpe:2.3:o:abus:tvip_10005_firmware:-:*:*:*:*:*:*:*
abustvip_10005-cpe:2.3:h:abus:tvip_10005:-:*:*:*:*:*:*:*
abustvip_10005a_firmware-cpe:2.3:o:abus:tvip_10005a_firmware:-:*:*:*:*:*:*:*
abustvip_10005a-cpe:2.3:h:abus:tvip_10005a:-:*:*:*:*:*:*:*
abustvip_10005b_firmware-cpe:2.3:o:abus:tvip_10005b_firmware:-:*:*:*:*:*:*:*
abustvip_10005b-cpe:2.3:h:abus:tvip_10005b:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
abus	tvip_10000_firmware	-	cpe:2.3:o:abus:tvip_10000_firmware:-:::::::*
abus	tvip_10000	-	cpe:2.3:h:abus:tvip_10000:-:::::::*
abus	tvip_10001_firmware	-	cpe:2.3:o:abus:tvip_10001_firmware:-:::::::*
abus	tvip_10001	-	cpe:2.3:h:abus:tvip_10001:-:::::::*
abus	tvip_10005_firmware	-	cpe:2.3:o:abus:tvip_10005_firmware:-:::::::*
abus	tvip_10005	-	cpe:2.3:h:abus:tvip_10005:-:::::::*
abus	tvip_10005a_firmware	-	cpe:2.3:o:abus:tvip_10005a_firmware:-:::::::*
abus	tvip_10005a	-	cpe:2.3:h:abus:tvip_10005a:-:::::::*
abus	tvip_10005b_firmware	-	cpe:2.3:o:abus:tvip_10005b_firmware:-:::::::*
abus	tvip_10005b	-	cpe:2.3:h:abus:tvip_10005b:-:::::::*

Rows per page:

1-10 of 941

References

sec.maride.cc/posts/abus/

www.ccc.de/en/updates/2019/update-nicht-verfugbar-hersteller-nicht-zu-erreichen

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.7

Confidence

High

EPSS

0.001

Percentile

40.2%

JSON

Related for CVE-2018-16739