Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by hinet
CVE-2022-35222 (GCVE-0-2022-35222)
Vulnerability from cvelistv5 – Published: 2022-08-02 15:21 – Updated: 2024-09-16 20:37
VLAI
Title
HiCOS Citizen verification component - Stack Buffer Overflow
Summary
HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.so CHT PKCS#11 3.0.3.30306
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002
|
|
| HINET | HiCOS Citizen verification component - Stack Buffer Overflow |
Affected:
libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404
|
Date Public
2022-07-29 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:29:17.452Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS Citizen verification component - Stack Buffer Overflow",
"vendor": "HINET",
"versions": [
{
"status": "affected",
"version": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
],
"datePublic": "2022-07-29T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-02T15:21:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
},
"title": "HiCOS Citizen verification component - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-29T06:52:00.000Z",
"ID": "CVE-2022-35222",
"STATE": "PUBLIC",
"TITLE": "HiCOS Citizen verification component - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS Citizen verification component - Stack Buffer Overflow",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "=",
"version_value": "libHicos_p11v1.so CHT PKCS#11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "=",
"version_value": "HiCOSPKCS11.dll CHT PKCS#11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "=",
"version_value": "libHicos_p11v1.dylib CHT PKCS#11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS Citizen verification component has a stack-based buffer overflow vulnerability due to insufficient parameter length validation. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system command or disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6363-f5ec2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download the latest version"
}
],
"source": {
"advisory": "TVN-202207006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-35222",
"datePublished": "2022-08-02T15:21:00.177Z",
"dateReserved": "2022-07-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:37:53.650Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32962 (GCVE-0-2022-32962)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 18:24
VLAI
Title
HiCOS’ client-side citizen digital certificate - Double Free
Summary
HiCOS’ client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service.
Severity
6.8 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.428Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:43.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Double Free",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32962",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Double Free"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen certificate component has a double free vulnerability. An unauthenticated physical attacker can exploit this vulnerability to corrupt memory and execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-415 Double Free"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6293-86576-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206008",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32962",
"datePublished": "2022-07-20T02:03:43.658Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:24:45.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32961 (GCVE-0-2022-32961)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:03 – Updated: 2024-09-16 16:53
VLAI
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:03:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32961",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HICOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6292-fb267-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206007",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32961",
"datePublished": "2022-07-20T02:03:13.812Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:53:04.178Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32960 (GCVE-0-2022-32960)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-16 16:48
VLAI
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.444Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:51.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32960",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6291-f58b5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206006",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32960",
"datePublished": "2022-07-20T02:02:51.701Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:27.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-32959 (GCVE-0-2022-32959)
Vulnerability from cvelistv5 – Published: 2022-07-20 02:02 – Updated: 2024-09-17 01:31
VLAI
Title
HiCOS’ client-side citizen digital certificate - Stack Buffer Overflow
Summary
HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.
Severity
6.8 (Medium)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html | x_refsource_MISC |
Impacted products
3 products
| Vendor | Product | Version | |
|---|---|---|---|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30306
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.1.0.00002
(custom)
|
|
| HINET | HiCOS’ client-side citizen digital certificate |
Affected:
unspecified , ≤ 11 3.0.3.30404
(custom)
|
Date Public
2022-07-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:54:03.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"Linux"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30306",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"Windows"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.1.0.00002",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"macOS"
],
"product": "HiCOS\u2019 client-side citizen digital certificate",
"vendor": "HINET",
"versions": [
{
"lessThanOrEqual": "11 3.0.3.30404",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-07-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-20T02:02:25.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
},
"title": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-07-12T01:33:00.000Z",
"ID": "CVE-2022-32959",
"STATE": "PUBLIC",
"TITLE": "HiCOS\u2019 client-side citizen digital certificate - Stack Buffer Overflow"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "HiCOS\u2019 client-side citizen digital certificate",
"version": {
"version_data": [
{
"platform": "Linux",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30306"
},
{
"platform": "Windows",
"version_affected": "\u003c=",
"version_value": "11 3.1.0.00002"
},
{
"platform": "macOS",
"version_affected": "\u003c=",
"version_value": "11 3.0.3.30404"
}
]
}
}
]
},
"vendor_name": "HINET"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiCOS\u2019 client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-787 Out-of-bounds Write"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6290-738fe-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Download latest version"
}
],
"source": {
"advisory": "TVN-202206005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-32959",
"datePublished": "2022-07-20T02:02:25.360Z",
"dateReserved": "2022-06-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:31:04.086Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15065 (GCVE-0-2019-15065)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:23 – Updated: 2024-09-16 23:31
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 6998 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908011 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:23:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15065",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 6998 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3016-b0e90-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908011"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15065",
"datePublished": "2019-10-17T19:23:13.111Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:31:24.179Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15066 (GCVE-0-2019-15066)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:22 – Updated: 2024-09-16 16:48
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 6998
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908012 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:22:14.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15066",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 6998"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 6998. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3017-fd6bc-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908012"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15066",
"datePublished": "2019-10-17T19:22:14.824Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:48:07.146Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13412 (GCVE-0-2019-13412)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:21 – Updated: 2024-09-16 21:02
VLAI
Title
A vulnerability was discovered in HiNet GPON firmware < I040GWR190731 that allows an attacker to read arbitrary files
Summary
A service which is hosted on port 3097 in HiNet GPON firmware < I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L).
Severity
9.3 (Critical)
CWE
- read arbitrary files
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908006 | x_refsource_CONFIRM |
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "read arbitrary files",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:21:13.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13412",
"STATE": "PUBLIC",
"TITLE": "A vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 that allows an attacker to read arbitrary files"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A service which is hosted on port 3097 in HiNet GPON firmware \u003c I040GWR190731 allows an attacker to execute a specific command to read arbitrary files. CVSS 3.0 Base score 9.3. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "read arbitrary files"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3014-904b1-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908006"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13412",
"datePublished": "2019-10-17T19:21:13.687Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T21:02:20.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15064 (GCVE-0-2019-15064)
Vulnerability from cvelistv5 – Published: 2019-10-17 19:19 – Updated: 2024-09-16 19:01
VLAI
Title
HiNet GPON firmware version < I040GWR190731 allows a user login to device without any authentication
Summary
HiNet GPON firmware version < I040GWR190731 allows an attacker login to device without any authentication.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908007 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:34:53.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware version \u003c I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T19:19:53.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-15064",
"STATE": "PUBLIC",
"TITLE": "HiNet GPON firmware version \u003c I040GWR190731 allows a user login to device without any authentication"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware version \u003c I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HiNet GPON firmware version \u003c I040GWR190731 allows an attacker login to device without any authentication."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3015-170fe-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908007"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-15064",
"datePublished": "2019-10-17T19:19:53.093Z",
"dateReserved": "2019-08-15T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:01:42.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13411 (GCVE-0-2019-13411)
Vulnerability from cvelistv5 – Published: 2019-10-17 17:42 – Updated: 2024-09-16 23:27
VLAI
Title
A remote command execution vulnerability was discovered in HiNet GPON firmware < I040GWR190731 port 3097
Summary
An “invalid command” handler issue was discovered in HiNet GPON firmware < I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H).
Severity
10 (Critical)
CWE
- execute arbitrary command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html | x_refsource_CONFIRM |
| https://tvn.twcert.org.tw/taiwanvn/TVN-201908005 | x_refsource_CONFIRM |
Impacted products
Date Public
2019-10-16 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:49:24.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "GPON",
"vendor": "HiNET",
"versions": [
{
"status": "affected",
"version": "firmware before I040GWR190731"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "DEVCORE"
}
],
"datePublic": "2019-10-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "execute arbitrary command",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-17T17:42:23.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097",
"x_generator": {
"engine": "Vulnogram 0.0.8"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2019-10-16T16:00:00.000Z",
"ID": "CVE-2019-13411",
"STATE": "PUBLIC",
"TITLE": "A remote command execution vulnerability was discovered in HiNet GPON firmware \u003c I040GWR190731 port 3097"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "GPON",
"version": {
"version_data": [
{
"version_value": "firmware before I040GWR190731"
}
]
}
}
]
},
"vendor_name": "HiNET"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "DEVCORE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An \u201cinvalid command\u201d handler issue was discovered in HiNet GPON firmware \u003c I040GWR190731. It allows an attacker to execute arbitrary command through port 3097. CVSS 3.0 Base score 10.0. CVSS vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.8"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "execute arbitrary command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html",
"refsource": "CONFIRM",
"url": "https://www.twcert.org.tw/en/cp-128-3013-92adb-2.html"
},
{
"name": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005",
"refsource": "CONFIRM",
"url": "https://tvn.twcert.org.tw/taiwanvn/TVN-201908005"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2019-13411",
"datePublished": "2019-10-17T17:42:23.854Z",
"dateReserved": "2019-07-08T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:27:00.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}