CVE-2018-1144
published 2018-04-19CVE-2018-1144: A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
PriorityP267critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
6.98%
93.3th percentile
A remote unauthenticated user can execute commands as root in the Belkin N750 using firmware version 1.10.22 by sending a crafted HTTP request to proxy.cgi.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| belkin | n750_db_wi-fi_dual-band_n+_gigabit_router | — | — |
| belkin | n750_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for unauthenticated HTTP requests to proxy.cgi on Belkin N750 F9K1103 v1 devices, which may indicate exploitation attempts targeting CVE-2018-1144 for remote root command execution. ↗
- →Watch for unexpected enablement of the telnet service on Belkin N750 routers, as the related vulnerability cluster (TRA-2018-08) allows an unauthenticated remote attacker to enable the unauthenticated telnet service resulting in full compromise. ↗
- ·The vulnerability specifically affects Belkin N750 F9K1103 v1 running firmware version 1.10.22; detections should be scoped to this device/firmware combination. ↗
- ·No vendor patch was available at time of disclosure; affected devices remain permanently vulnerable unless replaced or isolated. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Tenable
Tenable Research: April Vulnerability Disclosure Roundup
blogs_tenable·2018-05-11
Tenable Research: April Vulnerability Disclosure Roundup
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Tenable Research: April Vulnerability Disclosure Roundup
blogs_tenable·2018-05-11·CVSS 9.8
[CRITICAL] Tenable Research: April Vulnerability Disclosure Roundup
Blog / Research
Subscribe
# Tenable Research: April Vulnerability Disclosure Roundup
Tenable Research
May 11, 2018
2 Min Read
Tenable Research has a dedicated team that performs vulnerability research on software and hardware from third-party vendors. The goal is to discover zero-day vulnerabilities and work with vendors to get them addressed before hackers discover and exploit them. This post provides an overview of all the vulnerabilities discovered by Tenable Research in April.
You can access all Tenable Research advisories here.
Schneider Electric InduSoft Web Studio and InTouch Machine Edition Critical Remote Code Execution Vulnerability
CVE ID: CVE-2018-8840
Nessus Plugin ID: 109280
Tenable Research Advisory: TRA-2018-07
Risk Factor: Critical
What do you need to know?
Te
Tenable
[R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities
blogs_tenable·2018-04-12
[R1] Belkin N750 F9K1103 v1 Multiple Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2018-04-19
Published