Show plain JSON{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:starry:s00111_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1B525E59-1A21-495E-9272-8D2BBD0D1C4B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:starry:s00111:-:*:*:*:*:*:*:*", "matchCriteriaId": "F23DA127-C508-4BA1-A87D-237D5E395E83", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The HTTP API supported by Starry Station (aka Starry Router) allows brute forcing the PIN setup by the user on the device, and this allows an attacker to change the Wi-Fi settings and PIN, as well as port forward and expose any internal device's port to the Internet. It was identified that the device uses custom Python code called \"rodman\" that allows the mobile appication to interact with the device. The APIs that are a part of this rodman Python file allow the mobile application to interact with the device using a secret, which is a uuid4 based session identifier generated by the device the first time it is set up. However, in some cases, these APIs can also use a security code. This security code is nothing but the PIN number set by the user to interact with the device when using the touch interface on the router. This allows an attacker on the Internet to interact with the router's HTTP interface when a user navigates to the attacker's website, and brute force the credentials. Also, since the device's server sets the Access-Control-Allow-Origin header to \"*\", an attacker can easily interact with the JSON payload returned by the device and steal sensitive information about the device."}, {"lang": "es", "value": "la HTTP API apoyada por Stary Station (conocido como (Starry Router) permite el uso brusco de la configuraci\u00f3n de PIN por parte del usuario en el dispositivo, y esto permite que un atacante cambie la configuraci\u00f3n de Wi-Fi y el PIN, as\u00ed como el puerto hacia adelante y exponga cualquier dispositivo interno. puerto a internet. Se identific\u00f3 que el dispositivo utiliza un c\u00f3digo Python personalizado llamado \"rodman\" que permite que la aplicaci\u00f3n m\u00f3vil interact\u00fae con el dispositivo. Las API que forman parte de este archivo rodman Python permiten que la aplicaci\u00f3n m\u00f3vil interact\u00fae con el dispositivo mediante un secreto, que es un identificador de sesi\u00f3n basado en uuid4 generado por el dispositivo la primera vez que se configura. Sin embargo, en algunos casos, estas API tambi\u00e9n pueden usar un c\u00f3digo de seguridad. Este c\u00f3digo de seguridad no es m\u00e1s que el n\u00famero de PIN establecido por el usuario para interactuar con el dispositivo cuando se utiliza la interfaz t\u00e1ctil en el enrutador. Esto permite que un atacante en Internet interact\u00fae con la interfaz HTTP del enrutador cuando un usuario navega al sitio web del atacante y fuerza bruta de las credenciales. Adem\u00e1s, dado que el servidor del dispositivo establece el encabezado de Access-Control-Allow-Origin en \"*\", un atacante puede interactuar f\u00e1cilmente con la carga JSON devuelta por el dispositivo y robar informaci\u00f3n confidencial sobre el dispositivo."}], "id": "CVE-2017-13718", "lastModified": "2024-11-21T03:11:30.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-06-10T22:29:00.327", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/153240/Starry-Router-Camera-PIN-Brute-Force-CORS-Incorrect.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/ethanhunnt/IoT_vulnerabilities/blob/master/Starry_sec_issues.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://seclists.org/bugtraq/2019/Jun/8"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-254"}], "source": "nvd@nist.gov", "type": "Primary"}]} 
ReportizFlow
MITRE
Vulnrichment
NVD
Redhat