CVE-2018-10369 – This vulnerability allows an attacker to change... (How to Fix)

📋 TL;DR

This vulnerability allows an attacker to change the admin password on Intelbras Win 240 V1.1.0 routers without authentication via a cross-site scripting (XSS) attack. Anyone using these specific router models with vulnerable firmware is affected. The CVSS 9.8 score indicates critical severity.

💻 Affected Systems

Products:

Intelbras Win 240

Versions: V1.1.0

Operating Systems: Embedded router firmware

Default Config Vulnerable: ⚠️ Yes

Notes: Only specific hardware model with exact firmware version. Default configuration exposes admin interface.

📦 What is this software?

Win 240 Firmware by Intelbras

View all CVEs affecting Win 240 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete router takeover allowing attacker to reconfigure network settings, intercept traffic, deploy malware to connected devices, and use the router as a pivot point for further attacks.

🟠

Likely Case

Router compromise leading to network disruption, credential theft from connected devices, and potential man-in-the-middle attacks.

🟢

If Mitigated

Limited impact if router is behind additional firewalls, has restricted admin interface access, and network segmentation is implemented.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

XSS vulnerability allows admin password change without authentication. Public technical details available in referenced articles.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not found in provided references

Restart Required: No

Instructions:

1. Check Intelbras website for firmware updates
2. If update available, download and apply following vendor instructions
3. Verify firmware version after update

🔧 Temporary Workarounds

Disable remote admin access

all

Prevent external access to router admin interface

Access router admin panel → Security/Admin settings → Disable remote management

Change default admin credentials

all

Use strong, unique admin password

Access router admin panel → Administration → Change admin password

🧯 If You Can't Patch

Replace affected routers with supported models
Place routers behind firewall with strict inbound rules blocking admin interface ports

🔍 How to Verify

Check if Vulnerable:

Check router model and firmware version in admin interface. If Intelbras Win 240 with firmware V1.1.0, assume vulnerable.

Check Version:

Access router admin interface and check System/Status page for firmware version

Verify Fix Applied:

Verify firmware version has changed from V1.1.0. Test admin interface for XSS vulnerabilities.

📡 Detection & Monitoring

Log Indicators:

Unexpected admin password changes
Multiple failed login attempts followed by successful login from new IP
Admin interface access from unusual IP addresses

Network Indicators:

HTTP requests to admin interface with XSS payloads in parameters
Traffic to router on admin ports from external IPs

SIEM Query:

source="router.log" AND ("password change" OR "admin" AND "success") AND NOT user="legitimate_admin"

📊 Metadata

CVE ID: CVE-2018-10369

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-79

Published: August 15, 2018

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2018-10369, you might also want to check these: