Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Informations | |||
|---|---|---|---|
| Name | CVE-2018-3832 | First vendor Publication | 2018-08-23 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H | |||
|---|---|---|---|
| Overall CVSS Score | 9 | ||
| Base Score | 9 | Environmental Score | 9 |
| impact SubScore | 6 | Temporal Score | 9 |
| Exploitabality Sub Score | 2.3 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | Required |
| Scope | Changed | Confidentiality Impact | High |
| Integrity Impact | High | Availability Impact | High |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:S/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 8.5 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 6.8 | Authentication | Requires single instance |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| An exploitable firmware update vulnerability exists in Insteon Hub running firmware version 1013. The HTTP server allows for uploading arbitrary MPFS binaries that could be modified to enable access to hidden resources which allow for uploading unsigned firmware images to the device. To trigger this vulnerability, an attacker can upload an MPFS binary via the '/mpfsupload' HTTP form and later on upload the firmware via a POST request to 'firmware.htm'. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3832 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-434 | Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Os | 1 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2018-01-17 | TRUFFLEHUNTER TALOS-2018-0511 attack attempt RuleID : 45441 - Revision : 1 - Type : SERVER-WEBAPP |
Sources (Detail)
| Source | Url |
|---|
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 13:18:35 |
|
| 2023-02-03 21:28:11 |
|
| 2022-04-20 00:23:32 |
|
| 2020-05-23 01:13:40 |
|
| 2018-10-19 21:20:17 |
|
| 2018-08-23 21:20:43 |
|
