Monday, 3 July 2017

On 00:06 by admin in    No comments
A vulnerability classified as critical was found in TP-LINK NC250 up to 1.2.1 Build 170515. This vulnerability affects an unknown function of the component URL Handler. The manipulation with the input value rtsp://admin@yourip:554/h264_hd.sdp leads to a weak authentication vulnerability. The CWE definition for the vulnerability is CWE-287. As an impact it is known to affect confidentiality.

The weakness was presented 07/02/2017. This vulnerability was named CVE-2017-10796 since 07/02/2017. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The current price for an exploit might be approx. USD $0-$5k (estimation calculated on 07/03/2017).

It is possible to mitigate the weakness by firewalling .

CVSSv3

VulDB Base Score5.3
VulDB Temp Score5.2
VulDB VectorCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:W/RC:X
VulDB Reliability: High

CVSSv2

VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete
VulDB Base Score4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
VulDB Temp Score4.1 (CVSS2#E:ND/RL:W/RC:ND)
VulDB Reliability: High


CPE
  • cpe:/a:tp-link:nc250:1.2.1_build_170515

Exploiting

Class: Weak authentication (CWE-287)
Local: No
Remote: Yes

Availability: No

Price Prediction: steady
Current Price Estimation

0-Day$0-$5k$5k-$25k$25k-$100k$100k-$500k
Today$0-$5k$5k-$25k$25k-$100k$100k-$500k

Countermeasures


Recommended: Firewall
Status: Workaround
0-Day Time: 0 days since found

Timeline

07/02/2017   Advisory disclosed
07/02/2017  +0 days CVE assigned
07/03/2017  +1 days VulDB entry created
07/03/2017  +0 days VulDB last update

Sources

CVE: CVE-2017-10796 (mitre.org) (nvd.nist.org) (cvedetails.com)

0 comments:

Post a comment