Broadband gateways and routers from Swiss vendor ABD that are based on the Epicentro platform are vulnerable to three vulnerabilities CVE-2018-13108, CVE-2018-13109 and CVE-2018-13110 which can lead to an attacker gaining full access with the highest privileges.
Johannes Greil, of SEC Consult Vulnerability Lab, reported that by exploiting the local root vulnerability CVE-2018-13108 on the affected and unpatched ABD devices attackers can gain full control enabling them to modify settings, retrieve all stored user credentials and launch attacks on the internal network side of the ISP.
CVE-2018-13109 is an authorisation bypass vulnerability that an attacker can exploit to gain access to settings otherwise forbidden for the user. This can also lead to remote access by manipulating the settings thus enabling to telnet server for remote access if it had been previously disabled by the ISP. This attack scenario does require some user account information for login.
CVE-2018-13110 is a privilege escalation via Linux group manipulation in which an attacker with standard/low access rights within the web GUI is able to gain access to the command line interface (if it has been previously disabled by the configuration), Greil said.
Patches are available from ABD for each vulnerability.