// For flags

CVE-2018-5234

Norton Core Secure WiFi Router - 'BLE' Command Injection (PoC)

Severity Score

8.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The Norton Core router prior to v237 may be susceptible to a command injection exploit. This is a type of attack in which the goal is execution of arbitrary commands on the host system via vulnerable software.

El router Norton Core en versiones anteriores a la v237 podría ser susceptible a un exploit de inyección de comandos. Este es un tipo de ataque en el que el objetivo es la ejecución de comandos arbitrarios en el sistema host mediante software vulnerable.

*Credits: N/A
CVSS Scores
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Adjacent
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2018-01-05 CVE Reserved
  • 2018-04-30 CVE Published
  • 2024-03-09 EPSS Updated
  • 2024-09-16 CVE Updated
  • 2024-09-16 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Symantec
Search vendor "Symantec"
 Norton Core Firmware
Search vendor "Symantec" for product "Norton Core Firmware"
 < 237
Search vendor "Symantec" for product "Norton Core Firmware" and version " < 237"
-
Affected
in Symantec
Search vendor "Symantec"
 Norton Core
Search vendor "Symantec" for product "Norton Core"
--
Safe