Overview
- Description
- Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka Swisscom Internet-Box) devices before R7.7 allows unauthorized reconfiguration of the static routing table via an unauthenticated HTTP request, leading to denial of service and information disclosure.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:arcadyan:swisscom_internet-box_firmware:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F7326465-5017-49D8-875C-B9829DC962F0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:arcadyan:swisscom_internet-box:-:*:*:*:light:*:*:*",
"vulnerable": false,
"matchCriteriaId": "4AD4A5E1-E1B3-4B30-B67C-58BB86F1BC94"
},
{
"criteria": "cpe:2.3:h:arcadyan:swisscom_internet-box:-:*:*:*:plus:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1BE84764-6B9B-43B2-BE45-A99D744EB312"
},
{
"criteria": "cpe:2.3:h:arcadyan:swisscom_internet-box:-:*:*:*:standard:*:*:*",
"vulnerable": false,
"matchCriteriaId": "124FA80D-7C11-45BE-8275-5D7C10FF04A3"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]