CVE-2018-19037

On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface.

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://www.exploit-db.com/exploits/45776/	Exploit Third Party Advisory VDB Entry

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:virginmedia:hub_3.0_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:virginmedia:hub_3.0:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-13 13:29

Updated : 2023-12-10 12:59

NVD link : CVE-2018-19037

Mitre link : CVE-2018-19037

CVE.ORG link : CVE-2018-19037

JSON object : View

Products Affected

virginmedia

hub_3.0
hub_3.0_firmware

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2018-19037", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-05-13T13:29:02.183", "references": [{"url": "https://www.exploit-db.com/exploits/45776/", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "On Virgin Media wireless router 3.0 hub devices, the web interface is vulnerable to denial of service. When POST requests are sent and keep the connection open, the router lags and becomes unusable to anyone currently using the web interface."}, {"lang": "es", "value": "En los dispositivos hub de Virgin Media wireless router versi\u00f3n 3.0, la interfaz web es vulnerable a la Denegaci\u00f3n de Servicio (DoS). Cuando se env\u00edan las peticiones POST y se mantiene abierta la conexi\u00f3n, el ruter se retrasa y queda inutilizable para cualquiera que est\u00e9 usando la interfaz web."}], "lastModified": "2019-05-14T17:58:28.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:virginmedia:hub_3.0_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF66DA20-D531-475F-8CB3-96ADFFD40C7C"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:virginmedia:hub_3.0:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "438F88D7-57C2-439A-8826-F7F8AA44F5CE"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}