Refine your search
2 vulnerabilities found for WN-AX1167GR by I-O DATA DEVICE, INC.
jvndb-2018-000007
Vulnerability from jvndb
Published
2018-02-06 14:22
Modified
2018-04-11 11:51
Severity ?
Summary
Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
Details
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78).
Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"dc:date": "2018-04-11T11:51+09:00",
"dcterms:issued": "2018-02-06T14:22+09:00",
"dcterms:modified": "2018-04-11T11:51+09:00",
"description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"sec:cpe": [
{
"#text": "cpe:/h:i-o_data_device:bx-vp1",
"@product": "BX-VP1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx1",
"@product": "GV-NTX1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx2",
"@product": "GV-NTX2",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-a",
"@product": "HDL-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-ah",
"@product": "HDL-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gt",
"@product": "HDL-GT Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gtr",
"@product": "HDL-GTR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-t",
"@product": "HDL-T Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr",
"@product": "HDL-XR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2u",
"@product": "HDL-XR2U Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
"@product": "HDL-XR2UW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xrw",
"@product": "HDL-XRW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xv",
"@product": "HDL-XV Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xvw",
"@product": "HDL-XVW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-a",
"@product": "HDL2-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-ah",
"@product": "HDL2-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hfas1",
"@product": "HFAS1 Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hls-c",
"@product": "HLS-C Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-a",
"@product": "HVL-A series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-at",
"@product": "HVL-AT series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-ata",
"@product": "HVL-ATA series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-s",
"@product": "HVL-S Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
"@product": "WHG-AC1750/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750a",
"@product": "WHG-AC1750/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napga",
"@product": "WHG-NAPG/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napgal",
"@product": "WHG-NAPG/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
"@product": "WN-AC1167DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
"@product": "WN-AC1300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
"@product": "WN-AC1600DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583rk",
"@product": "WN-AC583RK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583trk",
"@product": "WN-AC583TRK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
"@product": "WN-AG300DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
"@product": "WN-AG750DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
"@product": "WN-AX1167GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300ex",
"@product": "WN-G300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r",
"@product": "WN-G300R",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r3",
"@product": "WN-G300R3",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300sr",
"@product": "WN-G300SR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-gx300gr",
"@product": "WN-GX300GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167f",
"@product": "WNPR1167F",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167g",
"@product": "WNPR1167G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1750g",
"@product": "WNPR1750G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr2600g",
"@product": "WNPR2600G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
"@id": "JVN#36048131",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}
jvndb-2017-000185
Vulnerability from jvndb
Published
2017-07-27 14:26
Modified
2018-01-24 13:56
Severity ?
Summary
Multiple vulnerabilities in I-O DATA WN-AX1167GR
Details
WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below.
* Hard-coded credentials (CWE-798) - CVE-2017-2280
* OS command injection (CWE-78) - CVE-2017-2281
* Buffer overflow (CWE-119) - CVE-2017-2282
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000185.html",
"dc:date": "2018-01-24T13:56+09:00",
"dcterms:issued": "2017-07-27T14:26+09:00",
"dcterms:modified": "2018-01-24T13:56+09:00",
"description": "WN-AX1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AX1167GR contains multiple vulnerabilities listed below.\r\n\r\n* Hard-coded credentials (CWE-798) - CVE-2017-2280\r\n* OS command injection (CWE-78) - CVE-2017-2281\r\n* Buffer overflow (CWE-119) - CVE-2017-2282\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000185.html",
"sec:cpe": {
"#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
"@product": "WN-AX1167GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "8.3",
"@severity": "High",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000185",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN01312667/index.html",
"@id": "JVN#01312667",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2280",
"@id": "CVE-2017-2280",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2281",
"@id": "CVE-2017-2281",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2282",
"@id": "CVE-2017-2282",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2280",
"@id": "CVE-2017-2280",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2281",
"@id": "CVE-2017-2281",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2282",
"@id": "CVE-2017-2282",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in I-O DATA WN-AX1167GR"
}