CVE-2018-13109
published 2018-07-06CVE-2018-13109: All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access…
PriorityP266high7.5CVSS 3.0
AVNACLPRNUINSUCNIHAN
EXPLOIT
EPSS
35.86%
98.3th percentile
All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.
Detection & IOCsextracted from sources · hover to see the quote
path/ui/dboard/settings/management//
snort
alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ADB Broadband Authorization Bypass"; flow:established,to_server; http.uri; content:"/ui/dboard/settings/management/"; fast_pattern; http.uri.raw; content:"/management//"; reference:cve,2018-13109; reference:url,exploit-db.com/exploits/44982/; classtype:web-application-attack; sid:2025785; rev:2; metadata:attack_target IoT, created_at 2018_07_05, cve CVE_2018_13109, deployment Datacenter, performance_impact Low, confidence High, signature_severity Critical, updated_at 2020_08_25;)
- →Detect the authorization bypass by inspecting raw HTTP URIs for a double-slash pattern within the ADB web GUI path, specifically '/management//' — the extra slash is the bypass mechanism. ↗
- →Monitor HTTP requests to '/ui/dboard/settings/management/' with a raw URI containing '/management//' as the fast-pattern match used in the Emerging Threats rule (SID 2025785).
- →The bypass requires an authenticated session — any valid user account (including ISP-provided defaults) is sufficient; flag double-slash URI anomalies for any authenticated session on ADB Epicentro devices. ↗
- →Specifically watch for attempts to reach '/ui/dboard/settings/management//telnetserver' — successful exploitation could result in TELNET being enabled on the device, which can be confirmed by subsequent TELNET connection attempts. ↗
- ·The bypass only works for first-layer web GUI paths; sub-menu paths (second-level) were not confirmed exploitable during testing, though they cannot be fully ruled out. ↗
- ·Devices with a custom UI developed for the ISP are NOT affected; detection rules should be scoped to standard Epicentro-platform deployments. ↗
- ·Firmware versions vary per ISP/customer; patched versions (e.g., >= E_3.3.2, >= E_5.3.2, >= E_8.3.2, >= E_9.3.2) depend on the ISP rollout and may not be uniformly deployed. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT ADB Broadband Authorization Bypass
suricata·2018-07-05
CVE-2018-13109 ET EXPLOIT ADB Broadband Authorization Bypass
ET EXPLOIT ADB Broadband Authorization Bypass
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT ADB Broadband Authorization Bypass"; flow:established,to_server; http.uri; content:"/ui/dboard/settings/management/"; fast_pattern; http.uri.raw; content:"/management//"; reference:cve,2018-13109; reference:url,exploit-db.com/exploits/44982/; classtype:web-application-attack; sid:2025785; rev:2; metadata:attack_target IoT, created_at 2018_07_05, cve CVE_2018_13109, deployment Datacenter, performance_impact Low, confidence High, signature_severity Critical, updated_at 2020_08_25;)
http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.htmlhttp://seclists.org/fulldisclosure/2018/Jul/18http://www.securityfocus.com/archive/1/542119/100/0/threadedhttps://www.exploit-db.com/exploits/44982/https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.htmlhttp://seclists.org/fulldisclosure/2018/Jul/18http://www.securityfocus.com/archive/1/542119/100/0/threadedhttps://www.exploit-db.com/exploits/44982/https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/
2018-07-06
Published