Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
19 vulnerabilities by AirTies
CVE-2024-9477 (GCVE-0-2024-9477)
Vulnerability from nvd – Published: 2024-11-13 14:29 – Updated: 2026-06-02 06:57 Unsupported When Assigned
VLAI
Title
XSS in AirTies' Air4443 Firmware
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).
This issue affects Air4443 Firmware: through 14102024.
NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1851 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AirTies | Air4443 Firmware |
Affected:
0 , ≤ 1.6.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T18:34:26.335701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:34:37.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Air4443 Firmware",
"vendor": "AirTies",
"versions": [
{
"lessThanOrEqual": "1.6.1.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Goktug KAYA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Air4443 Firmware: through 14102024.\u003c/p\u003e\u003cp\u003e\nNOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).\n\nThis issue affects Air4443 Firmware: through 14102024.\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T06:57:18.797Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1851"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1851"
}
],
"source": {
"advisory": "TR-24-1851",
"defect": [
"TR-24-1851"
],
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "XSS in AirTies\u0027 Air4443 Firmware",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-9477",
"datePublished": "2024-11-13T14:29:40.588Z",
"dateReserved": "2024-10-03T13:11:05.798Z",
"dateUpdated": "2026-06-02T06:57:18.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-100032 (GCVE-0-2014-100032)
Vulnerability from nvd – Published: 2015-01-13 15:00 – Updated: 2024-08-06 14:10
VLAI
Summary
Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128213/Airti… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-100032",
"datePublished": "2015-01-13T15:00:00.000Z",
"dateReserved": "2015-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:56.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0902 (GCVE-0-2012-0902)
Vulnerability from nvd – Published: 2012-01-20 17:00 – Updated: 2024-08-06 18:38
VLAI
Summary
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/51320 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/18336 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0902",
"datePublished": "2012-01-20T17:00:00.000Z",
"dateReserved": "2012-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-9477 (GCVE-0-2024-9477)
Vulnerability from cvelistv5 – Published: 2024-11-13 14:29 – Updated: 2026-06-02 06:57 Unsupported When Assigned
VLAI
Title
XSS in AirTies' Air4443 Firmware
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).
This issue affects Air4443 Firmware: through 14102024.
NOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-24-1851 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AirTies | Air4443 Firmware |
Affected:
0 , ≤ 1.6.1.6
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-9477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-13T18:34:26.335701Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-13T18:34:37.614Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Air4443 Firmware",
"vendor": "AirTies",
"versions": [
{
"lessThanOrEqual": "1.6.1.6",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Goktug KAYA"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).\u003cp\u003eThis issue affects Air4443 Firmware: through 14102024.\u003c/p\u003e\u003cp\u003e\nNOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support.\u003cbr\u003e\u003c/p\u003e"
}
],
"value": "Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027) vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).\n\nThis issue affects Air4443 Firmware: through 14102024.\n\n\n\n\nNOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support."
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63 Cross-Site Scripting (XSS)"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "LOW",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or \u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T06:57:18.797Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-24-1851"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-24-1851"
}
],
"source": {
"advisory": "TR-24-1851",
"defect": [
"TR-24-1851"
],
"discovery": "UNKNOWN"
},
"tags": [
"unsupported-when-assigned"
],
"title": "XSS in AirTies\u0027 Air4443 Firmware",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2024-9477",
"datePublished": "2024-11-13T14:29:40.588Z",
"dateReserved": "2024-10-03T13:11:05.798Z",
"dateUpdated": "2026-06-02T06:57:18.797Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2014-100032 (GCVE-0-2014-100032)
Vulnerability from cvelistv5 – Published: 2015-01-13 15:00 – Updated: 2024-08-06 14:10
VLAI
Summary
Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://packetstormsecurity.com/files/128213/Airti… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2014-09-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T14:10:56.370Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-07T15:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-100032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128213/Airties-Air6372SO-Modem-Web-Interface-Cross-Site-Scripting.html"
},
{
"name": "airties-air6372so-xss(95957)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-100032",
"datePublished": "2015-01-13T15:00:00.000Z",
"dateReserved": "2015-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-06T14:10:56.370Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-0902 (GCVE-0-2012-0902)
Vulnerability from cvelistv5 – Published: 2012-01-20 17:00 – Updated: 2024-08-06 18:38
VLAI
Summary
AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/51320 | vdb-entryx_refsource_BID |
| http://www.exploit-db.com/exploits/18336 | exploitx_refsource_EXPLOIT-DB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2012-01-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:38:14.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "51320",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-01-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "51320",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-0902",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "51320",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/51320"
},
{
"name": "18336",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"name": "airties-4450-cgibin-dos(72200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-0902",
"datePublished": "2012-01-20T17:00:00.000Z",
"dateReserved": "2012-01-20T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:38:14.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201506-0178
Vulnerability from variot - Updated: 2023-12-18 14:06Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. Airties RT-210 is a Turkish router product. User session. Airties RT-210 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability stems from the fact that the ddns.stm file does not adequately filter the 'ddns_domainname' and 'ddns_account' parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-210",
"scope": null,
"trust": 2.2,
"vendor": "airties",
"version": null
},
{
"model": "rt-210",
"scope": "eq",
"trust": 1.0,
"vendor": "airties",
"version": "*"
},
{
"model": "rt210",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "rt-210",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "BID",
"id": "75342"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:rt-210_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:rt-210:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4679"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "B3mB4m",
"sources": [
{
"db": "BID",
"id": "75342"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4679",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-4679",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-03992",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-82640",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-4679",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2015-03992",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-346",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-82640",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "VULHUB",
"id": "VHN-82640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. Airties RT-210 is a Turkish router product. User session. Airties RT-210 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability stems from the fact that the ddns.stm file does not adequately filter the \u0027ddns_domainname\u0027 and \u0027ddns_account\u0027 parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "BID",
"id": "75342"
},
{
"db": "VULHUB",
"id": "VHN-82640"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4679",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "132178",
"trust": 3.1
},
{
"db": "BID",
"id": "75342",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03992",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82640",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "VULHUB",
"id": "VHN-82640"
},
{
"db": "BID",
"id": "75342"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"id": "VAR-201506-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "VULHUB",
"id": "VHN-82640"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
}
]
},
"last_update_date": "2023-12-18T14:06:03.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82640"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/132178/airties-rt210-cross-site-scripting.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75342"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4679"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4679"
},
{
"trust": 0.3,
"url": "http://www.airties.com/products/wap"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "VULHUB",
"id": "VHN-82640"
},
{
"db": "BID",
"id": "75342"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"db": "VULHUB",
"id": "VHN-82640"
},
{
"db": "BID",
"id": "75342"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"date": "2015-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-82640"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75342"
},
{
"date": "2015-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"date": "2015-06-19T14:59:06.973000",
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03992"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-82640"
},
{
"date": "2015-06-19T00:00:00",
"db": "BID",
"id": "75342"
},
{
"date": "2015-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003223"
},
{
"date": "2016-12-07T18:13:53.233000",
"db": "NVD",
"id": "CVE-2015-4679"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Airties RT-210 of Web Interface cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003223"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-346"
}
],
"trust": 0.6
}
}
VAR-201807-2161
Vulnerability from variot - Updated: 2023-12-18 14:05Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. Airties 5444 and 5444TT Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Airties 5444 and 5444TT are modem products of Turkish company Airties. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201807-2161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "5444",
"scope": "eq",
"trust": 1.6,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "5444tt",
"scope": "eq",
"trust": 1.6,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air 5444",
"scope": "eq",
"trust": 0.8,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air 5444tt",
"scope": "eq",
"trust": 0.8,
"vendor": "airties",
"version": "1.0.0.18"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:5444_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:5444:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:5444tt_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:5444tt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8738"
}
]
},
"cve": "CVE-2018-8738",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-8738",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-138770",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-8738",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-8738",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201807-312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-138770",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-8738",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Airties 5444 1.0.0.18 and 5444TT 1.0.0.18 devices allow XSS. Airties 5444 and 5444TT Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Both Airties 5444 and 5444TT are modem products of Turkish company Airties. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-138770",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=44986",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-8738",
"trust": 2.6
},
{
"db": "EXPLOIT-DB",
"id": "44986",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "148433",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-138770",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-8738",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"id": "VAR-201807-2161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:05:21.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.exploit-db.com/exploits/44986/"
},
{
"trust": 1.8,
"url": "https://www.raifberkaydincel.com/airties-air5444tt-airties-air5444-cross-site-scripting.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-8738"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-8738"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-138770"
},
{
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-05T00:00:00",
"db": "VULHUB",
"id": "VHN-138770"
},
{
"date": "2018-07-05T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"date": "2018-07-05T20:29:00.857000",
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"date": "2018-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-28T00:00:00",
"db": "VULHUB",
"id": "VHN-138770"
},
{
"date": "2018-08-28T00:00:00",
"db": "VULMON",
"id": "CVE-2018-8738"
},
{
"date": "2018-09-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-007228"
},
{
"date": "2018-08-28T13:45:21",
"db": "NVD",
"id": "CVE-2018-8738"
},
{
"date": "2018-07-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Airties 5444 and 5444TT Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-007228"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201807-312"
}
],
"trust": 0.6
}
}
VAR-201903-0456
Vulnerability from variot - Updated: 2023-12-18 13:38AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. AirTies Air5341 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AirTies Air5341 is a wireless modem from Airties, Turkey. A cross-site request forgery vulnerability exists in AirTies Air5341 version 1.0.0.12. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5341",
"scope": "eq",
"trust": 1.8,
"vendor": "airties",
"version": "1.0.0.12"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5341_firmware:1.0.0.12:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5341:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6967"
}
]
},
"cve": "CVE-2019-6967",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-6967",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-158402",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-6967",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-6967",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-956",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-158402",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158402"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF. AirTies Air5341 The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. AirTies Air5341 is a wireless modem from Airties, Turkey. A cross-site request forgery vulnerability exists in AirTies Air5341 version 1.0.0.12. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "VULHUB",
"id": "VHN-158402"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-6967",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "46253",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "151372",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-956",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-158402",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158402"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"id": "VAR-201903-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-158402"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:38:22.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158402"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/46253/"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/151372/airties-air5341-modem-1.0.0.12-cross-site-request-forgery.html"
},
{
"trust": 1.7,
"url": "https://alicangonullu.biz/konu/3"
},
{
"trust": 1.7,
"url": "https://twitter.com/alicangonullu"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6967"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-6967"
},
{
"trust": 0.8,
"url": "https://www.exploit-db.com/exploits/46253"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-158402"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-158402"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-158402"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"date": "2019-03-21T16:01:10.297000",
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"date": "2019-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-22T00:00:00",
"db": "VULHUB",
"id": "VHN-158402"
},
{
"date": "2019-04-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-002775"
},
{
"date": "2019-03-22T13:25:15.983000",
"db": "NVD",
"id": "CVE-2019-6967"
},
{
"date": "2019-04-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air5341 Device cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-002775"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-956"
}
],
"trust": 0.6
}
}
VAR-201201-0130
Vulnerability from variot - Updated: 2023-12-18 13:25AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. AirTies Air is a set-top box device. Air 4450 is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause an affected device to reboot. Repeated attempts will result in a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201201-0130",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 4450",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.1.2.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.9,
"vendor": "airties",
"version": "44500"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_4450:1.1.2.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0902"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "rigan",
"sources": [
{
"db": "BID",
"id": "51320"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
],
"trust": 0.9
},
"cve": "CVE-2012-0902",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2012-0902",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-0902",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201201-099",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. AirTies Air is a set-top box device. Air 4450 is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause an affected device to reboot. Repeated attempts will result in a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-0902",
"trust": 2.7
},
{
"db": "BID",
"id": "51320",
"trust": 2.5
},
{
"db": "EXPLOIT-DB",
"id": "18336",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2012-0067",
"trust": 0.6
},
{
"db": "XF",
"id": "4450",
"trust": 0.6
},
{
"db": "XF",
"id": "72200",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"id": "VAR-201201-0130",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
}
],
"trust": 1.38571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
}
]
},
"last_update_date": "2023-12-18T13:25:11.744000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Air 4450",
"trust": 0.8,
"url": "http://airties.com/product-details.asp?pn=air%204450\u0026ci=1\u0026dil=tr"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-0902"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/51320"
},
{
"trust": 1.6,
"url": "http://www.exploit-db.com/exploits/18336"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/72200"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0902"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0902"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/72200"
},
{
"trust": 0.3,
"url": "http://airties.com/product-details.asp?pn=air 4450\u0026ci=1\u0026dil=tr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"date": "2012-01-08T00:00:00",
"db": "BID",
"id": "51320"
},
{
"date": "2012-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"date": "2012-01-20T17:55:02.487000",
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"date": "1900-01-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"date": "2015-03-19T07:34:00",
"db": "BID",
"id": "51320"
},
{
"date": "2012-01-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-001174"
},
{
"date": "2017-08-29T01:31:05.617000",
"db": "NVD",
"id": "CVE-2012-0902"
},
{
"date": "2012-01-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 4450 \u0027cgi-bin/loader\u0027 Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-0067"
},
{
"db": "BID",
"id": "51320"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201201-099"
}
],
"trust": 0.6
}
}
VAR-201506-0118
Vulnerability from variot - Updated: 2023-12-18 12:57Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. Airties Air 6372 and others are wireless modem products from Airties of Turkey. AirTiesAir 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, 5021 DSL modems using firmware version 1.0.2.0 and earlier were affected by this vulnerability. Multiple AirTies Air products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. A remote attacker may exploit this issue to execute arbitrary code in the context of the affected device. Failed attempts will likely cause a denial-of-service condition
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air",
"scope": "lte",
"trust": 1.8,
"vendor": "airties",
"version": "1.0.2.0"
},
{
"model": "air 5650tt",
"scope": null,
"trust": 1.1,
"vendor": "airties",
"version": null
},
{
"model": "air 5444tt",
"scope": null,
"trust": 1.1,
"vendor": "airties",
"version": null
},
{
"model": "air",
"scope": "eq",
"trust": 0.9,
"vendor": "airties",
"version": "1.0.2.0"
},
{
"model": "air 5021",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5341",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5342",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5343",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5442",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5443",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5453",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5750",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 5760",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air 6372",
"scope": null,
"trust": 0.8,
"vendor": "airties",
"version": null
},
{
"model": "air6372",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5760",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5750",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5650tt",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5453",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5444tt",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5443",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5442",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5343",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5342",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5341",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air5021",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "6372"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5760"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5750"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5453"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5443"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5442"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5343"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5342"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5341"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "5021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "BID",
"id": "75355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5442:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5443:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5341:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5650tt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5342:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5343:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5760:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_6372:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5444tt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:airties:air_5453:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2797"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Batuhan Burakcin",
"sources": [
{
"db": "BID",
"id": "75355"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2797",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2015-2797",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-03975",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-80758",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2797",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-03975",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-339",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-80758",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-2797",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, and 5021 DSL modems with firmware 1.0.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the redirect parameter to cgi-bin/login. Airties Air 6372 and others are wireless modem products from Airties of Turkey. AirTiesAir 6372, 5760, 5750, 5650TT, 5453, 5444TT, 5443, 5442, 5343, 5342, 5341, 5021 DSL modems using firmware version 1.0.2.0 and earlier were affected by this vulnerability. Multiple AirTies Air products are prone to a stack-based buffer-overflow vulnerability because it fails to adequately bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. \nA remote attacker may exploit this issue to execute arbitrary code in the context of the affected device. Failed attempts will likely cause a denial-of-service condition",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "BID",
"id": "75355"
},
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=37170",
"trust": 0.2,
"type": "exploit"
},
{
"reference": "https://www.scap.org.cn/vuln/vhn-80758",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2797",
"trust": 3.5
},
{
"db": "BID",
"id": "75355",
"trust": 2.1
},
{
"db": "EXPLOIT-DB",
"id": "36577",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "37170",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "120335",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-03975",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80758",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-2797",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"db": "BID",
"id": "75355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"id": "VAR-201506-0118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "VULHUB",
"id": "VHN-80758"
}
],
"trust": 1.6835164823076922
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
}
]
},
"last_update_date": "2023-12-18T12:57:46.735000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
},
{
"title": "having-fun-with-qiling",
"trust": 0.1,
"url": "https://github.com/echel0nn/having-fun-with-qiling "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.5,
"url": "http://www.bmicrosystems.com/blog/exploiting-the-airties-air-series/"
},
{
"trust": 1.9,
"url": "https://www.exploit-db.com/exploits/37170/"
},
{
"trust": 1.8,
"url": "https://www.exploit-db.com/exploits/36577/"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/120335"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/75355"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2797"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2797"
},
{
"trust": 0.3,
"url": "http://www.airties.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/echel0nn/having-fun-with-qiling"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.rapid7.com/db/modules/exploit/linux/http/airties_login_cgi_bof"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"db": "BID",
"id": "75355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"db": "VULHUB",
"id": "VHN-80758"
},
{
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"db": "BID",
"id": "75355"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"date": "2015-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-80758"
},
{
"date": "2015-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"date": "2015-06-23T00:00:00",
"db": "BID",
"id": "75355"
},
{
"date": "2015-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"date": "2015-06-19T14:59:00.067000",
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-06-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-03975"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULHUB",
"id": "VHN-80758"
},
{
"date": "2016-12-03T00:00:00",
"db": "VULMON",
"id": "CVE-2015-2797"
},
{
"date": "2015-06-23T00:00:00",
"db": "BID",
"id": "75355"
},
{
"date": "2015-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003224"
},
{
"date": "2016-12-03T03:06:27.040000",
"db": "NVD",
"id": "CVE-2015-2797"
},
{
"date": "2015-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural AirTies Air Product firmware stack-based buffer overflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-339"
}
],
"trust": 0.6
}
}
VAR-201810-0503
Vulnerability from variot - Updated: 2023-12-18 12:56AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5650 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The AirTiesAir5650 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5650. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0503",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5650",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5650"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5650_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17589"
}
]
},
"cve": "CVE-2018-17589",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17589",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20473",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128063",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17589",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17589",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20473",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1330",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128063",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-17589",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5650 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5650 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. The AirTiesAir5650 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5650. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "VULMON",
"id": "CVE-2018-17589"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "149599",
"trust": 3.2
},
{
"db": "NVD",
"id": "CVE-2018-17589",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20473",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128063",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-17589",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"id": "VAR-201810-0503",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
}
]
},
"last_update_date": "2023-12-18T12:56:48.137000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://packetstormsecurity.com/files/149599/airties-air5650-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17589"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17589"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "VULHUB",
"id": "VHN-128063"
},
{
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128063"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"date": "2018-10-02T18:29:01.743000",
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128063"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17589"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010355"
},
{
"date": "2018-11-15T19:59:52.337000",
"db": "NVD",
"id": "CVE-2018-17589"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5650 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20473"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1330"
}
],
"trust": 0.6
}
}
VAR-201501-0377
Vulnerability from variot - Updated: 2023-12-18 12:21Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. AirTies Air is a set-top box device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Air 6372 is prone to a cross-site scripting vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201501-0377",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 6372",
"scope": null,
"trust": 1.4,
"vendor": "airties",
"version": null
},
{
"model": "air 6372",
"scope": "eq",
"trust": 1.0,
"vendor": "airties",
"version": "*"
},
{
"model": "air6372so",
"scope": null,
"trust": 0.6,
"vendor": "airties",
"version": null
},
{
"model": "air6372so",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "0"
},
{
"model": "air",
"scope": "eq",
"trust": 0.3,
"vendor": "airties",
"version": "63720"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_6372:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100032"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KnocKout",
"sources": [
{
"db": "BID",
"id": "69762"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
],
"trust": 0.9
},
"cve": "CVE-2014-100032",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2014-100032",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-05824",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-100032",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-05824",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201409-931",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in top.html in the Airties Air 6372 modem allows remote attackers to inject arbitrary web script or HTML via the productboardtype parameter. AirTies Air is a set-top box device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Air 6372 is prone to a cross-site scripting vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-100032",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "128213",
"trust": 2.4
},
{
"db": "BID",
"id": "69762",
"trust": 1.5
},
{
"db": "XF",
"id": "95957",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-05824",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931",
"trust": 0.6
},
{
"db": "BID",
"id": "79949",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"id": "VAR-201501-0377",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
}
],
"trust": 1.367857135
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
}
]
},
"last_update_date": "2023-12-18T12:21:05.196000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Air 6372",
"trust": 0.8,
"url": "http://www.airties.com/product-details.asp?pn=air%206372\u0026cat1=\u0026cat2=\u0026dil=tr"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/128213/airties-air6372so-modem-web-interface-cross-site-scripting.html"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/95957"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/95957"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-100032"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-100032"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69762/references"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/69762"
},
{
"trust": 0.3,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"date": "2014-09-09T00:00:00",
"db": "BID",
"id": "69762"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "79949"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"date": "2015-01-13T15:59:33.257000",
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"date": "2014-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-05824"
},
{
"date": "2014-09-09T00:00:00",
"db": "BID",
"id": "69762"
},
{
"date": "2015-01-13T00:00:00",
"db": "BID",
"id": "79949"
},
{
"date": "2015-01-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-007658"
},
{
"date": "2017-09-08T01:29:02.497000",
"db": "NVD",
"id": "CVE-2014-100032"
},
{
"date": "2015-01-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201409-931"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Airties Air 6372 Modem top.html Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-007658"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "69762"
},
{
"db": "BID",
"id": "79949"
}
],
"trust": 0.6
}
}
VAR-201810-0507
Vulnerability from variot - Updated: 2023-12-18 12:18AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5443v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5443v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5443v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0507",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5443v2",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5443v2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5443v2_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5443v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17594"
}
]
},
"cve": "CVE-2018-17594",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17594",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20478",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128069",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17594",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17594",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20478",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1335",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128069",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5443v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5443v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5443v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5443v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17594",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "149593",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20478",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128069",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"id": "VAR-201810-0507",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
}
]
},
"last_update_date": "2023-12-18T12:18:26.520000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Air 5443",
"trust": 0.8,
"url": "http://www.airties.com.tr/products/dslgw/air5443"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/149593/airties-air5442-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17594"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17594"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "VULHUB",
"id": "VHN-128069"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128069"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"date": "2018-10-02T18:29:02.147000",
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128069"
},
{
"date": "2018-12-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010428"
},
{
"date": "2018-11-15T18:54:46.343000",
"db": "NVD",
"id": "CVE-2018-17594"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5443v2 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20478"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1335"
}
],
"trust": 0.6
}
}
VAR-201810-0504
Vulnerability from variot - Updated: 2023-12-18 12:01AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5442 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5442 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5442. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0504",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5442",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5442"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5442_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5442:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17590"
}
]
},
"cve": "CVE-2018-17590",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17590",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20479",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128065",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17590",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17590",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20479",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1334",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128065",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5442 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5442 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5442 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5442. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-128065",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128065"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "149594",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-17590",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45525",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20479",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128065",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"id": "VAR-201810-0504",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
}
]
},
"last_update_date": "2023-12-18T12:01:12.570000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/149594/airties-air5443v2-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45525/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17590"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17590"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "VULHUB",
"id": "VHN-128065"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128065"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"date": "2018-10-02T18:29:01.837000",
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128065"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010356"
},
{
"date": "2018-11-15T18:55:35.813000",
"db": "NVD",
"id": "CVE-2018-17590"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5442 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20479"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1334"
}
],
"trust": 0.6
}
}
VAR-201810-0506
Vulnerability from variot - Updated: 2023-12-18 12:01AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5453 A cross-site scripting vulnerability exists in the device software.The information may be obtained and the information may be falsified. AirTiesAir5453 is a wireless router product from Airties, Turkey. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5453",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5453"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5453_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5453:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17593"
}
]
},
"cve": "CVE-2018-17593",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17593",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20480",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128068",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17593",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17593",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20480",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1333",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128068",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5453 A cross-site scripting vulnerability exists in the device software.The information may be obtained and the information may be falsified. AirTiesAir5453 is a wireless router product from Airties, Turkey. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-128068",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128068"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "149595",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-17593",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45525",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20480",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128068",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"id": "VAR-201810-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
}
]
},
"last_update_date": "2023-12-18T12:01:12.542000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/149595/airties-air5453-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45525/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17593"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17593"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "VULHUB",
"id": "VHN-128068"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128068"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"date": "2018-10-02T18:29:02.053000",
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128068"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010352"
},
{
"date": "2018-11-15T18:55:11.483000",
"db": "NVD",
"id": "CVE-2018-17593"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5453 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20480"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1333"
}
],
"trust": 0.6
}
}
VAR-201810-0502
Vulnerability from variot - Updated: 2023-12-18 12:01AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5021 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0502",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5021",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5021_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17588"
}
]
},
"cve": "CVE-2018-17588",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17588",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20481",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128062",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17588",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17588",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20481",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1331",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128062",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5021 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5021 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-128062",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128062"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17588",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "149598",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45525",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20481",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128062",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"id": "VAR-201810-0502",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
}
]
},
"last_update_date": "2023-12-18T12:01:12.510000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/149598/airties-air5021-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45525/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17588"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17588"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"db": "VULHUB",
"id": "VHN-128062"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128062"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"date": "2018-10-02T18:29:01.633000",
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20481"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128062"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010354"
},
{
"date": "2018-11-15T19:59:08.083000",
"db": "NVD",
"id": "CVE-2018-17588"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5021 Device site software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010354"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1331"
}
],
"trust": 0.6
}
}
VAR-201810-0501
Vulnerability from variot - Updated: 2023-12-18 12:01AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5750 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0501",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5750",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5750"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5750_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17587"
}
]
},
"cve": "CVE-2018-17587",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17587",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20474",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128061",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17587",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17587",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20474",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1329",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128061",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5750 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5750 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5750 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5750. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-128061",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128061"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17587",
"trust": 3.1
},
{
"db": "PACKETSTORM",
"id": "149600",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45525",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20474",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128061",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"id": "VAR-201810-0501",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
}
]
},
"last_update_date": "2023-12-18T12:01:12.481000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/149600/airties-air5750-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45525/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17587"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17587"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"db": "VULHUB",
"id": "VHN-128061"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128061"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"date": "2018-10-02T18:29:01.523000",
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20474"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128061"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010353"
},
{
"date": "2018-11-15T20:04:43.393000",
"db": "NVD",
"id": "CVE-2018-17587"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5750 Device site software cross-site scripting vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010353"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1329"
}
],
"trust": 0.6
}
}
VAR-201810-0505
Vulnerability from variot - Updated: 2023-12-18 12:01AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5343v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5343v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5343v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a 'productboardtype' parameter to the top.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0505",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "air 5343v2",
"scope": "eq",
"trust": 2.4,
"vendor": "airties",
"version": "1.0.0.18"
},
{
"model": "air",
"scope": "eq",
"trust": 0.6,
"vendor": "airties",
"version": "5343v2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:airties:air_5343v2_firmware:1.0.0.18:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:airties:air_5343v2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17591"
}
]
},
"cve": "CVE-2018-17591",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17591",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-20538",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-128066",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-17591",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17591",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-20538",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-1336",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-128066",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter. AirTies Air 5343v2 The device software contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. AirTiesAir5343v2 is a wireless router product from Airties, Turkey. A cross-site scripting vulnerability exists in AirTiesAir5343v2. A remote attacker can exploit this vulnerability to inject arbitrary web scripts or HTML by sending a \u0027productboardtype\u0027 parameter to the top.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-128066",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128066"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "PACKETSTORM",
"id": "149592",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-17591",
"trust": 3.1
},
{
"db": "EXPLOIT-DB",
"id": "45525",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-20538",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-128066",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"id": "VAR-201810-0505",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
}
],
"trust": 1.48571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
}
]
},
"last_update_date": "2023-12-18T12:01:12.453000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.airties.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://packetstormsecurity.com/files/149592/airties-air5343v2-1.0.0.18-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://www.exploit-db.com/exploits/45525/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17591"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17591"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "VULHUB",
"id": "VHN-128066"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"date": "2018-10-02T00:00:00",
"db": "VULHUB",
"id": "VHN-128066"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"date": "2018-10-02T18:29:01.947000",
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"date": "2018-09-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"date": "2018-11-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128066"
},
{
"date": "2018-12-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-010357"
},
{
"date": "2018-11-15T18:55:25.737000",
"db": "NVD",
"id": "CVE-2018-17591"
},
{
"date": "2018-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "AirTies Air 5343v2 Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-20538"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-1336"
}
],
"trust": 0.6
}
}