National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2017-8415 Detail

Current Description

An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string "admin" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only.

Source:  MITRE
View Analysis Description

Severity



CVSS 3.x Severity and Metrics:

NIST CVSS score
NIST: NVD
Base Score: 9.8 CRITICAL
Vector:  CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://packetstormsecurity.com/files/153226/Dlink-DCS-1130-Command-Injection-CSRF-Stack-Overflow.html Third Party Advisory VDB Entry
https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Dlink_DCS_1130_security.pdf Not Applicable Third Party Advisory
https://seclists.org/bugtraq/2019/Jun/8 Mailing List Third Party Advisory

Weakness Enumeration

CWE-ID CWE Name Source
CWE-798 Use of Hard-coded Credentials NIST  

Known Affected Software Configurations Switch to CPE 2.2

Configuration 1 ( hide )
 cpe:2.3:o:dlink:dcs-1130_firmware:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
Running on/with
 cpe:2.3:h:dlink:dcs-1130:-:*:*:*:*:*:*:*
     Show Matching CPE(s)

Configuration 2 ( hide )
 cpe:2.3:o:dlink:dcs-1100_firmware:-:*:*:*:*:*:*:*
     Show Matching CPE(s)
Running on/with
 cpe:2.3:h:dlink:dcs-1100:-:*:*:*:*:*:*:*
     Show Matching CPE(s)


Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2017-8415
NVD Published Date:
07/02/2019
NVD Last Modified:
07/10/2019