{
  "id": "CVE-2014-10069",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2018-01-07T20:29:00.230",
  "lastModified": "2018-02-02T18:02:00.577",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a backup configuration file, as demonstrated by a password hash in the um_auth_account_password field."
    },
    {
      "lang": "es",
      "value": "Los dispositivos Hitron CVE-30360 utilizan una clave DES 578A958E3DD933FC que se comparte en las diferentes instalaciones de los clientes, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes obtener informaci\u00f3n sensible descifrando un archivo de configuraci\u00f3n de seguridad, tal y como queda demostrado con un hash de contrase\u00f1a en el campo um_auth_account_password."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:hitrontech:cve-30360_firmware:3.1.1.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "4151746A-C19D-41D8-B1A3-7FF166D89274"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:h:hitrontech:cve-30360:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97375F55-B1F8-48BC-B9EA-07142CD4F947"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://blogger.davidmanouchehri.com/2018/01/hitrons-encryption.html",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://github.com/Manouchehri/hitron-cfg-decrypter",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "https://github.com/habohitron/habohitron/blob/6add0d002fe553f0924a3bba197994c53ca7d52d/firmwares/3.1.1.21/analyse/hc.c#L17",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ]
    }
  ]
}