neolead/CVE-2018-11240.txt

## CVE-2018-11240.txt
CVE-2018-11240
[Description]
An issue was discovered on SoftCase T-Router build 20112017 devices.
There are no restrictions on the 'exec command' feature of the
T-Router protocol. If the command syntax is correct, there is code
execution both on the other modem and on the main servers. This is
fixed in production builds as of Spring 2018.
------------------------------------------
[Additional Information]
The vulnerability is hide in no limitations for executing the 'exec
command' built into the T-Router protocol. Having received the correct
way the key and learning to send the exec command, got the code
execution both on the other modem and on the main servers.
Vulnerability was found in January 2018.
Reported to vendor.
Bug was successfully closed at April 2018
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
http://softcase.ru/
------------------------------------------
[Affected Product Code Base]
SoftCase T-Router - Linux T-Router (build: 20112017)
------------------------------------------
[Affected Component]
T-Router network component.
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Code execution]
true
------------------------------------------
[Impact Escalation of Privileges]
true
------------------------------------------
[Attack Vectors]
Remote user can send specially crafted packet with encryption working key ,extracted from device and got rce.
------------------------------------------
[Reference]
https://www.facebook.com/neolead
https://ptsecurity.com
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?] true
------------------------------------------
[Discoverer]
Leonid Krolle \ George Zaytsev (Positive Technologies)
	CVE-2018-11240
	[Description]
	An issue was discovered on SoftCase T-Router build 20112017 devices.
	There are no restrictions on the 'exec command' feature of the
	T-Router protocol. If the command syntax is correct, there is code
	execution both on the other modem and on the main servers. This is
	fixed in production builds as of Spring 2018.
	------------------------------------------
	[Additional Information]
	The vulnerability is hide in no limitations for executing the 'exec
	command' built into the T-Router protocol. Having received the correct
	way the key and learning to send the exec command, got the code
	execution both on the other modem and on the main servers.
	Vulnerability was found in January 2018.
	Reported to vendor.
	Bug was successfully closed at April 2018
	[Vulnerability Type]
	Insecure Permissions
	------------------------------------------
	[Vendor of Product]
	http://softcase.ru/
	------------------------------------------
	[Affected Product Code Base]
	SoftCase T-Router - Linux T-Router (build: 20112017)
	------------------------------------------
	[Affected Component]
	T-Router network component.
	------------------------------------------
	[Attack Type]
	Remote
	------------------------------------------
	[Impact Code execution]
	true
	------------------------------------------
	[Impact Escalation of Privileges]
	true
	------------------------------------------
	[Attack Vectors]
	Remote user can send specially crafted packet with encryption working key ,extracted from device and got rce.
	------------------------------------------
	[Reference]
	https://www.facebook.com/neolead
	https://ptsecurity.com
	------------------------------------------
	[Has vendor confirmed or acknowledged the vulnerability?] true
	------------------------------------------
	[Discoverer]
	Leonid Krolle \ George Zaytsev (Positive Technologies)