CVE-2018-13108

HIGH

Epicentro - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-13108. PoCs published by SEC Consult.

AI-analyzed exploit summary The writeup describes a local root jailbreak vulnerability (CVE-2018-13108) in ADB Broadband Gateways/Routers via a symlink attack on the samba configuration. An attacker can manipulate the smb.conf file through the web GUI to enable 'wide links = yes', allowing access to the root filesystem via a crafted USB drive.

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by a local root jailbreak vulnerability where attackers are able to gain root access on the device, and extract further information such as sensitive configuration data of the ISP (e.g., VoIP credentials) or attack the internal network of the ISP.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textlocalhardware

https://www.exploit-db.com/exploits/44983

View Code ZIP pw:eip

The writeup describes a local root jailbreak vulnerability (CVE-2018-13108) in ADB Broadband Gateways/Routers via a symlink attack on the samba configuration. An attacker can manipulate the smb.conf file through the web GUI to enable 'wide links = yes', allowing access to the root filesystem via a crafted USB drive.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ADB Broadband Gateways/Routers (Epicentro platform)

Auth required

Prerequisites: Physical access to insert a crafted USB drive · Access to the web GUI to modify samba settings

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1200 - Hardware Additions

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jul/17

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/148424/ADB-Local-Root-Jailbreak.html

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44983/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/542117/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

https://www.sec-consult.com/en/blog/advisories/local-root-jailbreak-via-network-file-sharing-flaw-in-all-adb-broadband-gateways-routers/

Scores

CVSS v3 7.8

EPSS 0.0158

EPSS Percentile 72.3%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

Status published

Products (4)

adbglobal/dv2210_firmware

adbglobal/prg_av4202n_firmware

adbglobal/vv2220_firmware

adbglobal/vv5522_firmware

Published Jul 06, 2018

Tracked Since Feb 18, 2026