A vulnerability was found in Netcomm NWL-25 up to 2.0.29.11. It has been classified as critical. Affected is an unknown function of the component Configuration File. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:

NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user.

The bug was discovered 08/09/2018. The weakness was released 08/10/2018 (Website). The advisory is available at securityfocus.com. This vulnerability is traded as CVE-2018-14782 since 08/01/2018. It is possible to launch the attack remotely. The exploitation doesn't require any form of authentication. The technical details are unknown and an exploit is not available.

The vulnerability was handled as a non-public zero-day exploit for at least 1 days. During that time the estimated underground price was around $0-$5k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Entries connected to this vulnerability are available at 122768, 122767 and 122769.

Productinfo

Vendor

• Netcomm

Name

• NWL-25

Version

• 2.0.29.0
• 2.0.29.1
• 2.0.29.2
• 2.0.29.3
• 2.0.29.4
• 2.0.29.5
• 2.0.29.6
• 2.0.29.7
• 2.0.29.8
• 2.0.29.9
• 2.0.29.10
• 2.0.29.11

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion