A vulnerability was found in Shenzhen Skyworth DT741, DT721-cb and DT741-cb (unknown version) and classified as critical. This issue affects the function Web_passwd. The manipulation as part of a Long Password leads to a input validation vulnerability. Using CWE to declare the problem leads to CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. Impacted is confidentiality, integrity, and availability. The summary by CVE is:

An issue was discovered on Shenzhen Skyworth DT741 Converged Intelligent Terminal (G/EPON+IPTV) SDOTBGN1, DT721-cb SDOTBGN1, and DT741-cb SDOTBGN1 devices. A long password to the Web_passwd function allows remote attackers to cause a denial of service (segmentation fault) or achieve unauthenticated remote code execution because of control of registers S0 through S4 and T4 through T7.

The bug was discovered 02/11/2019. The weakness was disclosed 03/21/2019 (Website). It is possible to read the advisory at seclists.org. The identification of this vulnerability is CVE-2018-19524 since 11/25/2018. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details as well as a public exploit are known.

The exploit is available at exploit-db.com. It is declared as proof-of-concept. The vulnerability was handled as a non-public zero-day exploit for at least 38 days. During that time the estimated underground price was around $0-$5k.

Addressing this vulnerability is possible by firewalling .

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Productinfo

Vendor

• Shenzhen Skyworth

Name

• DT721-cb
• DT741
• DT741-cb

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion