CVE-2018-13109

HIGH

Adbglobal Dv2210 Firmware - Incorrect Authorization

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-13109. PoCs published by SEC Consult.

AI-analyzed exploit summary The advisory describes an authorization bypass vulnerability (CVE-2018-13109) in ADB Broadband Gateways/Routers. By adding a second slash in the URL path, an authenticated attacker can access restricted settings, such as enabling the telnet server.

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by an authorization bypass vulnerability where attackers are able to access and manipulate settings within the web interface that are forbidden to end users (e.g., by the ISP). An attacker would be able to enable the TELNET server or other settings as well.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappshardware

https://www.exploit-db.com/exploits/44982

View Code ZIP pw:eip

The advisory describes an authorization bypass vulnerability (CVE-2018-13109) in ADB Broadband Gateways/Routers. By adding a second slash in the URL path, an authenticated attacker can access restricted settings, such as enabling the telnet server.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: ADB Broadband Gateways/Routers (Epicentro platform)

Auth required

Prerequisites: Authenticated user account (even low-privileged)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jul/18

Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44982/

Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/148429/ADB-Authorization-Bypass.html

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/542119/100/0/threaded

Exploit, Third Party Advisory x_refsource_misc

https://www.sec-consult.com/en/blog/advisories/authorization-bypass-in-all-adb-broadband-gateways-routers/

Scores

CVSS v3 7.5

EPSS 0.3586

EPSS Percentile 98.3%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-863

Status published

Products (4)

adbglobal/dv2210_firmware

adbglobal/prg_av4202n_firmware

adbglobal/vv2220_firmware

adbglobal/vv5522_firmware

Published Jul 06, 2018

Tracked Since Feb 18, 2026