PT-2018-12442 · Alcatel · Alcatel Osprey3 Mini

Osanda Malith Jayathissa

Published

2018-09-26

Updated

2019-10-03

CVE-2018-14327

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Alcatel OSPREY3 MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware prior to EE40 00 02.00 45

Description The issue concerns weak permissions set by the installer for certain directories, allowing local users to gain privileges. This is demonstrated by the potential to insert a Trojan horse ServiceManager.exe file into the "Web ConnectonEE40BackgroundService" directory.

Recommendations For firmware versions prior to EE40 00 02.00 45, update the firmware to EE40 00 02.00 45 or later to resolve the issue.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

CVE-2018-14327

Affected Products

Alcatel Osprey3 Mini

PT-2018-12442 · Alcatel · Alcatel Osprey3 Mini

CVE-2018-14327

Weakness Enumeration

Related Identifiers

Affected Products

References · 7