Vulnerabilites related to Linksys - E1200
CVE-2018-3954 (GCVE-0-2018-3954)
Vulnerability from cvelistv5
Published
2018-10-17 02:00
Modified
2024-09-17 03:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | ESeries E1200 |
Version: Firmware Version 2.0.09 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESeries E1200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 2.0.09"
}
]
},
{
"product": "ESeries E2500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 3.0.04"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:53",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-3954",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESeries E1200",
"version": {
"version_data": [
{
"version_value": "Firmware Version 2.0.09"
}
]
}
},
{
"product_name": "ESeries E2500",
"version": {
"version_data": [
{
"version_value": "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3954",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T03:27:46.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3953 (GCVE-0-2018-3953)
Vulnerability from cvelistv5
Published
2018-10-17 02:00
Modified
2024-09-17 02:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | ESeries E1200 |
Version: Firmware Version 2.0.09 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESeries E1200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 2.0.09"
}
]
},
{
"product": "ESeries E2500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 3.0.04"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the \u0027start_lltd\u0027 function. Within the \u0027start_lltd\u0027 function, a \u0027nvram_get\u0027 call is used to obtain the value of the user-controlled \u0027machine_name\u0027 NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:51",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-3953",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESeries E1200",
"version": {
"version_data": [
{
"version_value": "Firmware Version 2.0.09"
}
]
}
},
{
"product_name": "ESeries E2500",
"version": {
"version_data": [
{
"version_value": "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the \u0027start_lltd\u0027 function. Within the \u0027start_lltd\u0027 function, a \u0027nvram_get\u0027 call is used to obtain the value of the user-controlled \u0027machine_name\u0027 NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3953",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-17T02:10:47.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3955 (GCVE-0-2018-3955)
Vulnerability from cvelistv5
Published
2018-10-17 02:00
Modified
2024-09-16 16:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
References
| ▼ | URL | Tags |
|---|---|---|
| https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Linksys | ESeries E1200 |
Version: Firmware Version 2.0.09 |
||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:57:24.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ESeries E1200",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 2.0.09"
}
]
},
{
"product": "ESeries E2500",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "Firmware Version 3.0.04"
}
]
}
],
"datePublic": "2018-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the \u0027Domain Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027wan_domain\u0027 POST parameter. The wan_domain data goes through the nvram_set process described above. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T18:06:54",
"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"shortName": "talos"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "talos-cna@cisco.com",
"DATE_PUBLIC": "2018-10-16T00:00:00",
"ID": "CVE-2018-3955",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ESeries E1200",
"version": {
"version_data": [
{
"version_value": "Firmware Version 2.0.09"
}
]
}
},
{
"product_name": "ESeries E2500",
"version": {
"version_data": [
{
"version_value": "Firmware Version 3.0.04"
}
]
}
}
]
},
"vendor_name": "Linksys"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the \u0027Domain Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027wan_domain\u0027 POST parameter. The wan_domain data goes through the nvram_set process described above. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
}
]
},
"impact": {
"cvss": {
"baseScore": 7.2,
"baseSeverity": "High",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625",
"refsource": "MISC",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
"assignerShortName": "talos",
"cveId": "CVE-2018-3955",
"datePublished": "2018-10-17T02:00:00Z",
"dateReserved": "2018-01-02T00:00:00",
"dateUpdated": "2024-09-16T16:42:53.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38555 (GCVE-0-2022-38555)
Vulnerability from cvelistv5
Published
2022-08-28 16:17
Modified
2024-08-03 10:54
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://linksys.com | x_refsource_MISC | |
| https://github.com/xxy1126/Vuln/tree/main/1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://linksys.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xxy1126/Vuln/tree/main/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-28T16:17:46",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://linksys.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xxy1126/Vuln/tree/main/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38555",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://linksys.com",
"refsource": "MISC",
"url": "http://linksys.com"
},
{
"name": "https://github.com/xxy1126/Vuln/tree/main/1",
"refsource": "MISC",
"url": "https://github.com/xxy1126/Vuln/tree/main/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38555",
"datePublished": "2022-08-28T16:17:46",
"dateReserved": "2022-08-22T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-3307 (GCVE-0-2013-3307)
Vulnerability from cvelistv5
Published
2025-07-11 00:00
Modified
2025-07-11 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Summary
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2013-3307",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-11T19:31:51.212749Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T19:32:03.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"product": "E1000",
"vendor": "Linksys",
"versions": [
{
"lessThanOrEqual": "2.1.02",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E1200",
"vendor": "Linksys",
"versions": [
{
"lessThan": "2.0.05",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unaffected",
"product": "E3200",
"vendor": "Linksys",
"versions": [
{
"lessThanOrEqual": "1.0.04",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 8.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-11T18:58:19.009Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://web.archive.org/web/20140421001918/https://www.trustwave.com/spiderlabs/advisories/TWSL2013-008.txt"
}
],
"x_generator": {
"engine": "enrichogram 0.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-3307",
"datePublished": "2025-07-11T00:00:00.000Z",
"dateReserved": "2013-04-29T00:00:00.000Z",
"dateUpdated": "2025-07-11T19:32:03.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201810-1148
Vulnerability from variot
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin. An attacker can exploit this vulnerability to execute arbitrary commands on the system by sending a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1148",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e1200",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "3.0.04"
},
{
"model": "e1200",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "3.0.04"
},
{
"model": "linksys e2500",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "3.0.04"
},
{
"model": "linksys e1200",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.0.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linksys:e1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:linksys:e2500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
}
]
},
"cve": "CVE-2018-3953",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-3953",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-22778",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-133984",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3953",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3953",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3953",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3953",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-3953",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-22778",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-794",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-133984",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the \u0027start_lltd\u0027 function. Within the \u0027start_lltd\u0027 function, a \u0027nvram_get\u0027 call is used to obtain the value of the user-controlled \u0027machine_name\u0027 NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin. An attacker can exploit this vulnerability to execute arbitrary commands on the system by sending a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3953"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3953",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2018-0625",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-22778",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133984",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"id": "VAR-201810-1148",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
}
]
},
"last_update_date": "2024-11-23T22:21:54.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
},
{
"title": "Patch for LinksysE1200 and E2500 Operating System Command Injection Vulnerability (CNVD-2019-22778)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/169113"
},
{
"title": "Linksys E1200 and E2500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85867"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0625"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3953"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3953"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"db": "VULHUB",
"id": "VHN-133984"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-133984"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"date": "2018-10-17T02:29:01.420000",
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22778"
},
{
"date": "2019-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-133984"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013728"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-794"
},
{
"date": "2024-11-21T04:06:22.467000",
"db": "NVD",
"id": "CVE-2018-3953"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys E1200 Firmware and Linksys E2500 In firmware OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013728"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-794"
}
],
"trust": 0.6
}
}
var-202208-2139
Vulnerability from variot
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Cisco Systems (Linksys) of E1200 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202208-2139",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e1200",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.0.04"
},
{
"model": "e1200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": "e1200 firmware 1.0.04"
},
{
"model": "e1200",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": null
},
{
"model": "e1200",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba linksys",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"cve": "CVE-2022-38555",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2022-38555",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38555",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2022-38555",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2022-38555",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-202208-4276",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name. Cisco Systems (Linksys) of E1200 An out-of-bounds write vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38555"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "VULMON",
"id": "CVE-2022-38555"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38555",
"trust": 3.3
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015909",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4276",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38555",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38555"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"id": "VAR-202208-2139",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2024-08-14T14:55:17.520000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://linksys.com"
},
{
"trust": 2.5,
"url": "https://github.com/xxy1126/vuln/tree/main/1"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38555"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38555/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38555"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-38555"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-28T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38555"
},
{
"date": "2023-09-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"date": "2022-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"date": "2022-08-28T17:15:08.460000",
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38555"
},
{
"date": "2023-09-29T08:04:00",
"db": "JVNDB",
"id": "JVNDB-2022-015909"
},
{
"date": "2022-09-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202208-4276"
},
{
"date": "2022-09-01T15:04:25.400000",
"db": "NVD",
"id": "CVE-2022-38555"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Systems \u00a0(Linksys)\u00a0 of \u00a0E1200\u00a0 Out-of-bounds write vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-015909"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202208-4276"
}
],
"trust": 0.6
}
}
var-201810-1093
Vulnerability from variot
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e1200",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "3.0.04"
},
{
"model": "e1200",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "3.0.04"
},
{
"model": "linksys e2500",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "3.0.04"
},
{
"model": "linksys e1200",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.0.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linksys:e1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:linksys:e2500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
}
]
},
"cve": "CVE-2018-3955",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-3955",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-22779",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-133986",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3955",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3955",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3955",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3955",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-3955",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-22779",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-792",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-133986",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the \u0027Domain Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027wan_domain\u0027 POST parameter. The wan_domain data goes through the nvram_set process described above. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3955"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "TALOS",
"id": "TALOS-2018-0625",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-3955",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-22779",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133986",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"id": "VAR-201810-1093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
}
]
},
"last_update_date": "2024-11-23T22:21:54.791000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
},
{
"title": "Patch for LinksysE1200 and E2500 Operating System Command Injection Vulnerability (CNVD-2019-22779)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/169115"
},
{
"title": "Linksys E1200 and E2500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85865"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133986"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0625"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3955"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3955"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"db": "VULHUB",
"id": "VHN-133986"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-133986"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"date": "2018-10-17T02:29:01.593000",
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22779"
},
{
"date": "2019-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-133986"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013730"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-792"
},
{
"date": "2024-11-21T04:06:22.710000",
"db": "NVD",
"id": "CVE-2018-3955"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys E1200 Firmware and Linksys E2500 In firmware OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013730"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-792"
}
],
"trust": 0.6
}
}
var-201810-1092
Vulnerability from variot
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin. An operating system command injection vulnerability exists in the BelkinLinksysE1200 with firmware version 2.0.09 and the LinksysE2500 with firmware version 3.0.04. An attacker can exploit this vulnerability to execute arbitrary commands on the system by sending a specially crafted request
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-1092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "e1200",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "3.0.04"
},
{
"model": "e1200",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "2.0.09"
},
{
"model": "e2500",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "3.0.04"
},
{
"model": "linksys e2500",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "3.0.04"
},
{
"model": "linksys e1200",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.0.09"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:linksys:e1200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:linksys:e2500_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
}
]
},
"cve": "CVE-2018-3954",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2018-3954",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2019-22780",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-133985",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "talos-cna@cisco.com",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3954",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"id": "CVE-2018-3954",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-3954",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "talos-cna@cisco.com",
"id": "CVE-2018-3954",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-3954",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2019-22780",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-793",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-133985",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object. The BelkinLinksys E1200 and E2500 are both E-series wireless router products from Belkin. An operating system command injection vulnerability exists in the BelkinLinksysE1200 with firmware version 2.0.09 and the LinksysE2500 with firmware version 3.0.04. An attacker can exploit this vulnerability to execute arbitrary commands on the system by sending a specially crafted request",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-3954"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-3954",
"trust": 3.1
},
{
"db": "TALOS",
"id": "TALOS-2018-0625",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2019-22780",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-133985",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"id": "VAR-201810-1092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
}
]
},
"last_update_date": "2024-11-23T22:21:54.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
},
{
"title": "LinksysE1200 and E2500 operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/169111"
},
{
"title": "Linksys E1200 and E2500 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85866"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-133985"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://talosintelligence.com/vulnerability_reports/talos-2018-0625"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-3954"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-3954"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"db": "VULHUB",
"id": "VHN-133985"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-133985"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"date": "2018-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"date": "2018-10-17T02:29:01.500000",
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-07-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-22780"
},
{
"date": "2019-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-133985"
},
{
"date": "2019-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013729"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-793"
},
{
"date": "2024-11-21T04:06:22.587000",
"db": "NVD",
"id": "CVE-2018-3954"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys E1200 Firmware and Linksys E2500 In firmware OS Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013729"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-793"
}
],
"trust": 0.6
}
}
Vulnerability from fkie_nvd
Published
2022-08-28 17:15
Modified
2024-11-21 07:16
Severity ?
Summary
Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://linksys.com | Vendor Advisory | |
| cve@mitre.org | https://github.com/xxy1126/Vuln/tree/main/1 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://linksys.com | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xxy1126/Vuln/tree/main/1 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | e1200_firmware | 1.0.04 | |
| linksys | e1200 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e1200_firmware:1.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6466C106-5F59-4346-9B37-00947E179FA6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47605441-7B24-4FF5-9956-6836117130EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Linksys E1200 v1.0.04 is vulnerable to Buffer Overflow via ej_get_web_page_name."
},
{
"lang": "es",
"value": "Linksys E1200 versi\u00f3n v1.0.04, es vulnerable a un desbordamiento del b\u00fafer por medio de la funci\u00f3n ej_get_web_page_name."
}
],
"id": "CVE-2022-38555",
"lastModified": "2024-11-21T07:16:39.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-08-28T17:15:08.460",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://linksys.com"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xxy1126/Vuln/tree/main/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://linksys.com"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/xxy1126/Vuln/tree/main/1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 02:29
Modified
2024-11-21 04:06
Severity ?
Summary
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the 'start_lltd' function. Within the 'start_lltd' function, a 'nvram_get' call is used to obtain the value of the user-controlled 'machine_name' NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | e1200_firmware | 2.0.09 | |
| linksys | e1200 | - | |
| linksys | e2500_firmware | 3.0.04 | |
| linksys | e2500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e1200_firmware:2.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D814CD48-1D88-4F06-A235-BB9EA8EB8D07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47605441-7B24-4FF5-9956-6836117130EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e2500_firmware:3.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7346C0-5E2E-4840-AA3C-F23527C81A51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D37D6660-2A10-44A6-8CAF-F5BC5F6C476E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAM. Data entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal, it enters a code path that continues until it reaches offset 0x0042B5C4 in the \u0027start_lltd\u0027 function. Within the \u0027start_lltd\u0027 function, a \u0027nvram_get\u0027 call is used to obtain the value of the user-controlled \u0027machine_name\u0027 NVRAM entry. This value is then entered directly into a command intended to write the host name to a file and subsequently executed."
},
{
"lang": "es",
"value": "Los dispositivos de la l\u00ednea de routers Linksys ESeries (Linksys E1200 con versi\u00f3n del firmware 2.0.09 y Linksys E2500 con versi\u00f3n del firmware 3.0.04) son susceptibles a vulnerabilidades de inyecci\u00f3n de comandos debido al filtrado incorrecto de datos pasados y recuperados desde el NVRAM. Los datos introducidos en el campo de entrada \"Router Name\" mediante el portal web se env\u00edan a apply.cgi como el valor del par\u00e1metro POST \"machine_name\". Cuando el binario \"preinit\" recibe la se\u00f1al SIGHUP, introduce una ruta de c\u00f3digo que contin\u00faa hasta que alcanza el offset 0x0042B5C4 en la funci\u00f3n \"start_lltd\". En la funci\u00f3n \"start_lltd\", se emplea una llamada \"nvram_get\" para obtener el valor de la entrada NVRAM \"machine_name\" controlada por el usuario. Este valor se introduce en un comando que debe escribir el nombre del host en un archivo y despu\u00e9s se ejecuta."
}
],
"id": "CVE-2018-3953",
"lastModified": "2024-11-21T04:06:22.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T02:29:01.420",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 02:29
Modified
2024-11-21 04:06
Severity ?
Summary
Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the 'Router Name' input field through the web portal is submitted to apply.cgi as the value to the 'machine_name' POST parameter. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | e1200_firmware | 2.0.09 | |
| linksys | e1200 | - | |
| linksys | e2500_firmware | 3.0.04 | |
| linksys | e2500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e1200_firmware:2.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D814CD48-1D88-4F06-A235-BB9EA8EB8D07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47605441-7B24-4FF5-9956-6836117130EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e2500_firmware:3.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7346C0-5E2E-4840-AA3C-F23527C81A51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D37D6660-2A10-44A6-8CAF-F5BC5F6C476E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Devices in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04) are susceptible to OS command injection vulnerabilities due to improper filtering of data passed to and retrieved from NVRAMData entered into the \u0027Router Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027machine_name\u0027 POST parameter. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
},
{
"lang": "es",
"value": "Los dispositivos de la l\u00ednea de routers Linksys ESeries (Linksys E1200 con versi\u00f3n del firmware 2.0.09 y Linksys E2500 con versi\u00f3n del firmware 3.0.04) son susceptibles a vulnerabilidades de inyecci\u00f3n de comandos del sistema operativo debido al filtrado incorrecto de datos pasados y recuperados desde los datos NVRAM introducidos en el campo de entrada \"Router Name\" mediante el portal web y enviados a apply.cgi como el valor del par\u00e1metro POST \"machine_name\". Cuando el binario \"preinit\" recibe la se\u00f1al SIGHUP, introduce una ruta de c\u00f3digo que llama a una funci\u00f3n denominada \"set_host_domain_name\" desde su objeto compartido en libshared.so."
}
],
"id": "CVE-2018-3954",
"lastModified": "2024-11-21T04:06:22.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T02:29:01.500",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-10-17 02:29
Modified
2024-11-21 04:06
Severity ?
Summary
An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the 'Domain Name' input field through the web portal is submitted to apply.cgi as the value to the 'wan_domain' POST parameter. The wan_domain data goes through the nvram_set process described above. When the 'preinit' binary receives the SIGHUP signal it enters a code path that calls a function named 'set_host_domain_name' from its libshared.so shared object.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| talos-cna@cisco.com | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linksys | e1200_firmware | 2.0.09 | |
| linksys | e1200 | - | |
| linksys | e2500_firmware | 3.0.04 | |
| linksys | e2500 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e1200_firmware:2.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "D814CD48-1D88-4F06-A235-BB9EA8EB8D07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e1200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "47605441-7B24-4FF5-9956-6836117130EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linksys:e2500_firmware:3.0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "4E7346C0-5E2E-4840-AA3C-F23527C81A51",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:e2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D37D6660-2A10-44A6-8CAF-F5BC5F6C476E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exploitable operating system command injection exists in the Linksys ESeries line of routers (Linksys E1200 Firmware Version 2.0.09 and Linksys E2500 Firmware Version 3.0.04). Specially crafted entries to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send an authenticated HTTP request to trigger this vulnerability. Data entered into the \u0027Domain Name\u0027 input field through the web portal is submitted to apply.cgi as the value to the \u0027wan_domain\u0027 POST parameter. The wan_domain data goes through the nvram_set process described above. When the \u0027preinit\u0027 binary receives the SIGHUP signal it enters a code path that calls a function named \u0027set_host_domain_name\u0027 from its libshared.so shared object."
},
{
"lang": "es",
"value": "Existe una inyecci\u00f3n de comandos del sistema operativo explotable en la l\u00ednea de routers Linksys ESeries (Linksys E1200 con versi\u00f3n del firmware 2.0.09 y Linksys E2500 con versi\u00f3n del firmware 3.0.04). Las entradas especialmente manipuladas en la informaci\u00f3n de configuraci\u00f3n de red pueden provocar la ejecuci\u00f3n de comandos arbitrarios del sistema, lo que resulta en el control total del dispositivo. Un atacante puede enviar una petici\u00f3n HTTP autenticada para provocar esta vulnerabilidad. Los datos introducidos en el campo de entrada \"Domain Name\" mediante el portal web se env\u00edan a apply.cgi como el valor del par\u00e1metro POST \"wan_domain\". Los datos de wan_domain pasan por el proceso nvram_set descrito anteriormente. Cuando el binario \"preinit\" recibe la se\u00f1al SIGHUP, introduce una ruta de c\u00f3digo que llama a una funci\u00f3n denominada \"set_host_domain_name\" desde su objeto compartido en libshared.so."
}
],
"id": "CVE-2018-3955",
"lastModified": "2024-11-21T04:06:22.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "talos-cna@cisco.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-10-17T02:29:01.593",
"references": [
{
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2018-0625"
}
],
"sourceIdentifier": "talos-cna@cisco.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}