Full Report
A remote attacker with low privileges can cause denial of service.
Analysis Summary
# Vulnerability: Kraftway-24F2XG Router Denial of Service
## CVE Details
- CVE ID: CVE-2018-15352
- CVSS Score: 7.5 (High) (Based on CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
- CWE: Not specified in the source material.
## Affected Systems
- Products: Kraftway-24F2XG Router
- Versions: Firmware version 3.5.30.1118
- Configurations: N/A
## Vulnerability Description
A remote attacker, possessing low privileges on the network, can exploit this vulnerability to cause a Denial of Service (DoS) condition on the affected Kraftway router.
## Exploitation
- Status: Unknown (Existence of exploit unknown)
- Complexity: Low (AC:L)
- Attack Vector: Network (AV:N)
## Impact
- Confidentiality: None (C:N)
- Integrity: None (I:N)
- Availability: High (A:H)
## Remediation
### Patches
- Update firmware to version **3.5.47-315-gef7** or higher.
### Workarounds
- No specific workarounds were listed in the provided summary.
## Detection
- Indicators of compromise: System instability or unexpected downtime on the Kraftway-24F2XG router.
- Detection methods and tools: Reviewing device logs for unusual or high-frequency connection attempts from low-privilege sources leading up to the DoS event.
## References
- Vendor Advisory: Kraftway (Patch available August 2018)
- Kaspersky Advisory: https://ics-cert.kaspersky.com/advisories/2018/08/17/klcert-18-008-kraftway-24f2xg-router-denial-of-service/ (Defanged)