CVE-2018-13110

HIGH

Adbglobal Dv2210 Firmware - Incorrect Permission Assignment

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-13110. PoCs published by SEC Consult.

AI-analyzed exploit summary This advisory details a privilege escalation vulnerability (CVE-2018-13110) in ADB Broadband Gateways/Routers, where an attacker can manipulate Linux group settings via the web GUI to gain CLI access and escalate privileges. The exploit involves overwriting the 'localaccess' group in /etc/group to grant SSH/Telnet access to a low-privilege user.

Description

All ADB broadband gateways / routers based on the Epicentro platform are affected by a privilege escalation vulnerability where attackers can gain access to the command line interface (CLI) if previously disabled by the ISP, escalate their privileges, and perform further attacks.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textlocalhardware

https://www.exploit-db.com/exploits/44984

View Code ZIP pw:eip

This advisory details a privilege escalation vulnerability (CVE-2018-13110) in ADB Broadband Gateways/Routers, where an attacker can manipulate Linux group settings via the web GUI to gain CLI access and escalate privileges. The exploit involves overwriting the 'localaccess' group in /etc/group to grant SSH/Telnet access to a low-privilege user.

Classification

Writeup 100%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: ADB Broadband Gateways/Routers (Epicentro platform)

Auth required

Prerequisites: Access to the web GUI with standard/low privileges · CLI access disabled by ISP

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory x_refsource_misc

https://www.sec-consult.com/en/blog/advisories/privilege-escalation-via-linux-group-manipulation-in-all-adb-broadband-gateways-routers/

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/542118/100/0/threaded

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44984/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/148430/ADB-Group-Manipulation-Privilege-Escalation.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2018/Jul/19

Scores

CVSS v3 7.5

EPSS 0.0649

EPSS Percentile 92.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (4)

adbglobal/dv2210_firmware

adbglobal/prg_av4202n_firmware

adbglobal/vv2220_firmware

adbglobal/vv5522_firmware

Published Jul 06, 2018

Tracked Since Feb 18, 2026