ByteOS Network

NVD Vulnerability Details :

CVE-2018-18473

Modified

Source-cve@mitre.org

Published At-21 Mar, 2019 | 16:00

Updated At-09 Sep, 2019 | 22:15

A hidden backdoor on PATLITE NH-FB Series devices with firmware version 1.45 or earlier, NH-FV Series devices with firmware version 1.10 or earlier, and NBM Series devices with firmware version 1.09 or earlier allow attackers to enable an SSH daemon via the "kankichi" or "kamiyo4" password to the _secret1.htm URI. Subsequently, the default password of root for the root account allows an attacker to conduct remote code execution and as a result take over the system.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Weaknesses

CWE ID	Type	Source
CWE-798	Primary	nvd@nist.gov

CWE ID: CWE-798

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt	cve@mitre.org	Exploit Third Party Advisory
https://www.patlite.com/support/Security_Informationtest.html	cve@mitre.org	N/A

Hyperlink: https://herolab.usd.de/wp-content/uploads/sites/4/usd20180020.txt

Source: cve@mitre.org

Resource:

Exploit

Third Party Advisory

Hyperlink: https://www.patlite.com/support/Security_Informationtest.html

Source: cve@mitre.org

Resource: N/A

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History