CVE-2016-10372
Last modified
CVE-2016-10372 is a vulnerability of currently unknown severity. The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.. EPSS estimates a 81.90% chance of exploitation in the next 30 days.
Description
The Eir D1000 modem does not properly restrict the TR-064 protocol, which allows remote attackers to execute arbitrary commands via TCP port 7547, as demonstrated by opening WAN access to TCP port 80, retrieving the login password (which defaults to the Wi-Fi password), and using the NewNTPServer feature.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Eir | D1000 Modem Firmware | All versions |
References
- https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/Exploit, Third Party Advisory
- https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/Exploit, Technical Description, Third Party Advisory
- https://devicereversing.wordpress.com/2016/11/07/eirs-d1000-modem-is-wide-open-to-being-hacked/Exploit, Third Party Advisory
- https://isc.sans.edu/forums/diary/TR069+NewNTPServer+Exploits+What+we+know+so+far/21763/Exploit, Technical Description, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2016-10372?
How severe is CVE-2016-10372?
How do I fix CVE-2016-10372?
Are you affected by CVE-2016-10372?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST