Refine your search
5 vulnerabilities found for Eltex ESP-200 by Kaspersky Lab
CVE-2018-15360 (GCVE-0-2018-15360)
Vulnerability from cvelistv5
Published
2018-08-17 15:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An attacker without authentication can login with default credentials for privileged users
Summary
An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Version: 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An attacker without authentication can login with default credentials for privileged users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15360",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An attacker without authentication can login with default credentials for privileged users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-016-eltex-esp-200-router-default-password-usage/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15360",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15356 (GCVE-0-2018-15356)
Vulnerability from cvelistv5
Published
2018-08-17 15:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An authenticated attacker can execute arbitrary code using command ejection
Summary
An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Version: 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:02.435Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker can execute arbitrary code using command ejection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15356",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker can execute arbitrary code using command ejection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-012-eltex-esp-200-router-command-injection/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15356",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:02.435Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15357 (GCVE-0-2018-15357)
Vulnerability from cvelistv5
Published
2018-08-17 15:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An authenticated attacker with low privileges can extract password hash information for all users
Summary
An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Version: 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can extract password hash information for all users",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15357",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can extract password hash information for all users"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-013-eltex-esp-200-router-information-disclosure/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15357",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15359 (GCVE-0-2018-15359)
Vulnerability from cvelistv5
Published
2018-08-17 15:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface
Summary
An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Version: 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:03.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15359",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-015-eltex-esp-200-router-unsecure-sudo-configuration/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15359",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:03.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-15358 (GCVE-0-2018-15358)
Vulnerability from cvelistv5
Published
2018-08-17 15:00
Modified
2024-08-05 09:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface
Summary
An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Kaspersky Lab | Eltex ESP-200 |
Version: 1.2.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T09:54:01.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Eltex ESP-200",
"vendor": "Kaspersky Lab",
"versions": [
{
"status": "affected",
"version": "1.2.0"
}
]
}
],
"datePublic": "2018-08-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-17T14:57:01.000Z",
"orgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"shortName": "Kaspersky"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vulnerability@kaspersky.com",
"ID": "CVE-2018-15358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Eltex ESP-200",
"version": {
"version_data": [
{
"version_value": "1.2.0"
}
]
}
}
]
},
"vendor_name": "Kaspersky Lab"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/",
"refsource": "MISC",
"url": "https://ics-cert.kaspersky.com/advisories/klcert-advisories/2018/08/17/klcert-18-014-eltex-esp-200-router-build-in-user-with-highest-privileges/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "e45d732a-8f6b-4b6b-be76-7420f6a2b988",
"assignerShortName": "Kaspersky",
"cveId": "CVE-2018-15358",
"datePublished": "2018-08-17T15:00:00.000Z",
"dateReserved": "2018-08-15T00:00:00.000Z",
"dateUpdated": "2024-08-05T09:54:01.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}