Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
41 vulnerabilities by iodata
VAR-201606-0179
Vulnerability from variot - Updated: 2023-12-18 14:01I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etx-r",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "etx-r",
"scope": null,
"trust": 1.4,
"vendor": "i o data device",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:etx-r_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:etx-r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Junichi MURAKAMI of FFRI, Inc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4821",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000101",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04210",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-93640",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000101",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4821",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000101",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04210",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-311",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93640",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial of service (web-server crash) via unspecified vectors. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a denial-of-service (DoS) vulnerability. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may cause the web server on the product to be terminated abnormally. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nAn attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "VULHUB",
"id": "VHN-93640"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4821",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN96052093",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04210",
"trust": 0.6
},
{
"db": "BID",
"id": "91170",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93640",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"id": "VAR-201606-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
}
]
},
"last_update_date": "2023-12-18T14:01:46.967000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"title": "I-ODATADEVICEETX-R patch for denial of service vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77933"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn96052093/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000101"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4821"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4821"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000101.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "VULHUB",
"id": "VHN-93640"
},
{
"db": "BID",
"id": "91170"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93640"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91170"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"date": "2016-06-19T01:59:14.810000",
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"date": "2016-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"date": "2016-06-20T00:00:00",
"db": "VULHUB",
"id": "VHN-93640"
},
{
"date": "2016-07-06T14:59:00",
"db": "BID",
"id": "91170"
},
{
"date": "2016-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000101"
},
{
"date": "2016-06-20T23:14:33.363000",
"db": "NVD",
"id": "CVE-2016-4821"
},
{
"date": "2016-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04210"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-311"
}
],
"trust": 0.6
}
}
VAR-201605-0315
Vulnerability from variot - Updated: 2023-12-18 13:53Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. The following versions are vulnerable: WN-G300R firmware Ver.1.12 and prior. WN-G300R2 firmware Ver.1.12 and prior. WN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0315",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-g300r2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.12"
},
{
"model": "wn-g300r2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.12"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.01"
},
{
"model": "data device wn-g300r",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.12"
},
{
"model": "data device wn-g300r2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.12"
},
{
"model": "data device wn-g300r3",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.01"
},
{
"model": "wn-g300r2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-g300r",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc.",
"sources": [
{
"db": "BID",
"id": "90609"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1207",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000062",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.4,
"id": "CNVD-2016-03193",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-90026",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000062",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1207",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000062",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03193",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-377",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-90026",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. WN-G300R Series provided by I-O DATA DEVICE, INC. contains a cross-site scripting vulnerability. WN-G300R Series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R Series contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. and Yuta TESHIMA of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. WN-G300R Series Routers are prone to an unspecified HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible. \nThe following versions are vulnerable:\nWN-G300R firmware Ver.1.12 and prior. \nWN-G300R2 firmware Ver.1.12 and prior. \nWN-G300R3 firmware Ver.1.01 and prior. IO DATA WN-G300R etc. Attackers can exploit this vulnerability to inject arbitrary web scripts or HTML",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "VULHUB",
"id": "VHN-90026"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN22978346",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-1207",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062",
"trust": 3.1
},
{
"db": "CNVD",
"id": "CNVD-2016-03193",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377",
"trust": 0.6
},
{
"db": "BID",
"id": "90609",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90026",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"id": "VAR-201605-0315",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
}
],
"trust": 1.5194444333333332
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
}
]
},
"last_update_date": "2023-12-18T13:53:11.913000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
},
{
"title": "Patch for multiple cross-site scripting vulnerabilities in I-ODATA products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75964"
},
{
"title": "Multiple I-O DATA WN-G300R Fixes for product cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61694"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn22978346/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wn-g300r_xss/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000062.html"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000062"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1207"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1207"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"db": "VULHUB",
"id": "VHN-90026"
},
{
"db": "BID",
"id": "90609"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90026"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90609"
},
{
"date": "2016-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"date": "2016-05-14T16:59:01.197000",
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03193"
},
{
"date": "2016-05-17T00:00:00",
"db": "VULHUB",
"id": "VHN-90026"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90609"
},
{
"date": "2016-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000062"
},
{
"date": "2016-05-17T14:50:38.843000",
"db": "NVD",
"id": "CVE-2016-1207"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R Series vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000062"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-377"
}
],
"trust": 0.6
}
}
VAR-201609-0259
Vulnerability from variot - Updated: 2023-12-18 13:53Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201609-0259",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hvl-at1.0s",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at3.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a2.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at3.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a3.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a4.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at4.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at4.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at2.0",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-at2.0a",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "2.03"
},
{
"model": "hvl-a2.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-a3.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-a4.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at1.0s",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at2.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at2.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at3.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at3.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at4.0",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "hvl-at4.0a",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "prior to 2.04"
},
{
"model": "i-o data device hvl-a2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-a3.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at1.0s",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at3.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at2.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at3.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at4.0a",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "i-o data device hvl-at4.0",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "0"
},
{
"model": "data device hvl-at4.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at4.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at3.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at3.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at2.0a",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at2.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at1.0s",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a4.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a3.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-a2.0",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "0"
},
{
"model": "data device hvl-at4.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at3.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at3.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at2.0a",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at2.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-at1.0s",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a4.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a3.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
},
{
"model": "data device hvl-a2.0",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "2.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at4.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at3.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at4.0a_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-a4.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-a3.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at3.0a_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at2.0a_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-a2.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at2.0_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at1.0s_firmware:2.03:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kaito834",
"sources": [
{
"db": "BID",
"id": "92352"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4845",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000134",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-09923",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93664",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000134",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4845",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000134",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-09923",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201608-227",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93664",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL-AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, and HVL-AT4.0A devices with firmware before 2.04 allows remote attackers to hijack the authentication of arbitrary users for requests that delete content. Multiple Recording Hard disk products provided by I-O DATA DEVICE, INC. contain a cross-site request forgery vulnerability due to an issue in the web management screen. kaito834 reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page, an arbitrary content may be deleted. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions in the context of the affected application. Other attacks are also possible. IO DATA DEVICE HVL-A, etc. A remote attacker could exploit this vulnerability to delete content. The following versions are affected: The following products using firmware versions earlier than 2.04 are affected: IO DATA DEVICE HVL-A2.0, HVL-A3.0, HVL-A4.0, HVL-AT1.0S, HVL-AT2.0, HVL -AT3.0, HVL-AT4.0, HVL-AT2.0A, HVL-AT3.0A, HVL-AT4.0A",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "VULHUB",
"id": "VHN-93664"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN35062083",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4845",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134",
"trust": 3.1
},
{
"db": "BID",
"id": "92352",
"trust": 2.6
},
{
"db": "CNVD",
"id": "CNVD-2016-09923",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-93664",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"id": "VAR-201609-0259",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
}
],
"trust": 1.6375
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
}
]
},
"last_update_date": "2023-12-18T13:53:11.079000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
},
{
"title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATADEVICE products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/80512"
},
{
"title": "Multiple I-O DATA DEVICE Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=63615"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn35062083/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/92352"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/hvl-a_csrf/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000134"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4845"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4845"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000134.html"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"db": "VULHUB",
"id": "VHN-93664"
},
{
"db": "BID",
"id": "92352"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-08-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"date": "2016-09-24T00:00:00",
"db": "VULHUB",
"id": "VHN-93664"
},
{
"date": "2016-08-08T00:00:00",
"db": "BID",
"id": "92352"
},
{
"date": "2016-08-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"date": "2016-09-24T10:59:01.243000",
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"date": "2016-08-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-09923"
},
{
"date": "2017-02-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93664"
},
{
"date": "2016-08-08T00:00:00",
"db": "BID",
"id": "92352"
},
{
"date": "2016-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000134"
},
{
"date": "2017-02-19T06:20:14.447000",
"db": "NVD",
"id": "CVE-2016-4845"
},
{
"date": "2016-09-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA Recording Hard disk products vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000134"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201608-227"
}
],
"trust": 0.6
}
}
VAR-201708-0811
Vulnerability from variot - Updated: 2023-12-18 13:52WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0811",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.2"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.0.2"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.0.2"
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"cve": "CVE-2017-2283",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 8.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2017-000188",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-20140",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-110486",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000188",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2283",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000188",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-20140",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-081",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110486",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2283",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN51410509",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-20140",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110486",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"id": "VAR-201708-0811",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
}
]
},
"last_update_date": "2023-12-18T13:52:58.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
},
{
"title": "I-ODATADEVICEWN-G300R3 hardcoded certificate vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/99807"
},
{
"title": "I-O DATA DEVICE WN-G300R3 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=72355"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn51410509/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2283"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2283"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn51410509/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"db": "VULHUB",
"id": "VHN-110486"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"date": "2017-08-02T00:00:00",
"db": "VULHUB",
"id": "VHN-110486"
},
{
"date": "2017-07-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"date": "2017-08-02T16:29:00.487000",
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-20140"
},
{
"date": "2017-08-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110486"
},
{
"date": "2018-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000188"
},
{
"date": "2017-08-07T21:17:56.483000",
"db": "NVD",
"id": "CVE-2017-2283"
},
{
"date": "2017-08-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA WN-G300R31 uses hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000188"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-081"
}
],
"trust": 0.6
}
}
VAR-201508-0611
Vulnerability from variot - Updated: 2023-12-18 13:48I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0611",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g54\\/r2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "np-bbrs",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "with all firmware"
},
{
"model": "wn-g54/r2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "with firmware prior to ver.1.03"
},
{
"model": "data np-bbrs",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data wn-g54/r2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o",
"version": "1.03"
},
{
"model": "wn-g54\\/r2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g54\\/r2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g54\\/r2:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JPCERT",
"sources": [
{
"db": "BID",
"id": "76393"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.9
},
"cve": "CVE-2015-2984",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000117",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-05504",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-80945",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2984",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000117",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-05504",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201508-447",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-80945",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and NP-BBRS routers allow remote attackers to cause a denial of service (SSDP reflection) via UPnP requests. A wired LAN router NP-BBRS and a wireless LAN router WN-G54/R2 provided by I-O DATA DEVICE, INC. contain a vulnerability in the UPnP functionality.The device may be used in a DDoS attack, as a SSDP reflector. An attacker could exploit the vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "VULHUB",
"id": "VHN-80945"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-2984",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN17964918",
"trust": 2.8
},
{
"db": "BID",
"id": "76393",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-05504",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-80945",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"id": "VAR-201508-0611",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
}
]
},
"last_update_date": "2023-12-18T13:48:50.102000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website ",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
},
{
"title": "Patch for I-O DATA DEVICE NP-BBRS and WN-G54/R2 Remote Denial of Service Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/62765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn17964918/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/76393"
},
{
"trust": 2.0,
"url": "http://www.iodata.jp/support/information/2015/wn-g54r2/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000117"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2984"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2984"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"db": "VULHUB",
"id": "VHN-80945"
},
{
"db": "BID",
"id": "76393"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"date": "2015-08-22T00:00:00",
"db": "VULHUB",
"id": "VHN-80945"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76393"
},
{
"date": "2015-08-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"date": "2015-08-22T18:59:00.123000",
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"date": "2015-08-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-05504"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-80945"
},
{
"date": "2015-08-18T00:00:00",
"db": "BID",
"id": "76393"
},
{
"date": "2015-08-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000117"
},
{
"date": "2016-11-28T19:22:19.470000",
"db": "NVD",
"id": "CVE-2015-2984"
},
{
"date": "2015-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA LAN routers vulnerable in UPnP functionality",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000117"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201508-447"
}
],
"trust": 0.6
}
}
VAR-201605-0314
Vulnerability from variot - Updated: 2023-12-18 13:48The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks. The following products are affected: WN-GDN/R3 WN-GDN/R3-S WN-GDN/R3-U WN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201605-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-gdn\\/r3",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "wn-gdn/r3",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-c",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-s",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-gdn/r3-u",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "data device wn-gdn/r3",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-c",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-s",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data device wn-gdn/r3-u",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-gdn\\/r3_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-gdn\\/r3-u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-gdn\\/r3-c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-gdn\\/r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-gdn\\/r3-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi.",
"sources": [
{
"db": "BID",
"id": "90613"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1206",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000061",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-03198",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-90025",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000061",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1206",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000061",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-03198",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201605-376",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-90025",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack. WN-GDN/R3 Series provided by I-O DATA DEVICE, INC. does not limit authentication attempts. WN-GDN/R3 series provided by I-O DATA DEVICE, INC. is a wireless LAN router. WPS functionality in WN-GDN/R3 Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. WN-GDN/R3 Series Routers are prone to an authentication-bypass vulnerability. Successfully exploiting this issue may lead to further attacks. \nThe following products are affected:\nWN-GDN/R3\nWN-GDN/R3-S\nWN-GDN/R3-U\nWN-GDN/R3-C. There are security vulnerabilities in the WPS implementation of several IO DATA DEVICE products",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "VULHUB",
"id": "VHN-90025"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1206",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN25674893",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2016-03198",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376",
"trust": 0.6
},
{
"db": "BID",
"id": "90613",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-90025",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"id": "VAR-201605-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
}
]
},
"last_update_date": "2023-12-18T13:48:47.597000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
},
{
"title": "Manual - Settings screen",
"trust": 0.8,
"url": "http://www.iodata.jp/lib/manual/wn-gdn_r3_h01/htm2/set06.htm"
},
{
"title": "Patches for multiple I-ODATADEVICE product PIN recovery vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/75962"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn25674893/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/"
},
{
"trust": 1.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000061"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1206"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu723755/"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1206"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000061.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"db": "VULHUB",
"id": "VHN-90025"
},
{
"db": "BID",
"id": "90613"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"date": "2016-05-14T00:00:00",
"db": "VULHUB",
"id": "VHN-90025"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90613"
},
{
"date": "2016-05-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"date": "2016-05-14T16:59:00.133000",
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"date": "2016-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-03198"
},
{
"date": "2016-05-18T00:00:00",
"db": "VULHUB",
"id": "VHN-90025"
},
{
"date": "2016-05-12T00:00:00",
"db": "BID",
"id": "90613"
},
{
"date": "2016-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000061"
},
{
"date": "2016-05-18T21:40:39.460000",
"db": "NVD",
"id": "CVE-2016-1206"
},
{
"date": "2016-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-GDN/R3 Series does not limit authentication attempts",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000061"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201605-376"
}
],
"trust": 0.6
}
}
VAR-201711-0037
Vulnerability from variot - Updated: 2023-12-18 13:34I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201711-0037",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lan disk connect",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.02"
},
{
"model": "lan disk connect",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver2.02"
},
{
"model": "lan disk connect",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "2.02"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:lan_disk_connect_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:lan_disk_connect:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"cve": "CVE-2017-10875",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000233",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-101241",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 3.5,
"baseSeverity": "Low",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000233",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-10875",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000233",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNNVD",
"id": "CNNVD-201711-387",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101241",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an attacker to cause a denial of service in the application via unspecified vectors. contains a denial-of-service (DoS) vulnerability (CWE-119) due to a flaw in processing certain packets. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Receiving a specially crafted packet may result in a denial-of-service (DoS) condition. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "VULHUB",
"id": "VHN-101241"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10875",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN87886530",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-101241",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"id": "VAR-201711-0037",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:34:06.214000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/ld-connect/"
},
{
"title": "I-O DATA DEVICE LAN DISK Connect Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=76255"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn87886530/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/ld-connect/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10875"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10875"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-101241"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-13T00:00:00",
"db": "VULHUB",
"id": "VHN-101241"
},
{
"date": "2017-11-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"date": "2017-11-13T14:29:00.650000",
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-29T00:00:00",
"db": "VULHUB",
"id": "VHN-101241"
},
{
"date": "2018-03-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000233"
},
{
"date": "2017-11-29T15:19:33.723000",
"db": "NVD",
"id": "CVE-2017-10875"
},
{
"date": "2017-11-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA LAN DISK Connect vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201711-387"
}
],
"trust": 0.6
}
}
VAR-201310-0460
Vulnerability from variot - Updated: 2023-12-18 13:29I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. Following devices running firmware versions 1.07 and prior are vulnerable: HDL-A series including HDL-AS, HDL-AH and HDL-A/E HDL2-A series including HDL2-AH and HDL2-A/E
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0460",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hdl2-a\\/e",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-ah",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-as",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl2-ah",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-a\\/e",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "hdl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "hdl2-a",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "hdl-a series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "(includes hdl-as, hdl-ah, hdl-a/e series) firmware version 1.07"
},
{
"model": "hdl-a/e series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-ah series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl-as series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-a series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "(includes hdl2-ah, hdl2-a/e series) firmware version 1.07"
},
{
"model": "hdl2-a/e series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "hdl2-ah series",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "data hdl-a series",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "data hdl2-a series",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl2-a\\/e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl2-ah:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl2-a_firmware:1.07:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-ah:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-as:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-a\\/e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kazuki Hirota from Keio University Keiji Takeda Research Group.",
"sources": [
{
"db": "BID",
"id": "63225"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4712",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-000095",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14024",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-64714",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4712",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2013-000095",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14024",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-471",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64714",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified vectors. HDL-A and HDL2-A Series provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. HDL-A and HDL2-A Series contain a vulnerability related to the management of sessions. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may impersonate a user. As a result, information may be disclosed or altered. I-O DATA HDL is a network mobile device with built-in LAN connectivity. I-O DATA HDL has an unspecified error that allows an attacker to exploit a vulnerability to hijack other user sessions. Multiple I-O DATA products are prone to an unspecified session-hijacking vulnerability. \nFollowing devices running firmware versions 1.07 and prior are vulnerable:\nHDL-A series including HDL-AS, HDL-AH and HDL-A/E\nHDL2-A series including HDL2-AH and HDL2-A/E",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "VULHUB",
"id": "VHN-64714"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4712",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN52509236",
"trust": 3.1
},
{
"db": "BID",
"id": "63225",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14024",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#52509236",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64714",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"id": "VAR-201310-0460",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
}
]
},
"last_update_date": "2023-12-18T13:29:52.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iobb.net/remotelinkaccess/"
},
{
"title": "Patch for Unknown Session Hijacking Vulnerabilities in Multiple I-O DATA Products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40481"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn52509236/index.html"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn52509236/225184/index.html"
},
{
"trust": 1.7,
"url": "http://rm2.iobb.net"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000095"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4712"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4712"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000095.html"
},
{
"trust": 0.6,
"url": "http://jvn.jp/jp/jvn52509236/index.html"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/ja/contents/2013/jvndb-2013-000095.html"
},
{
"trust": 0.6,
"url": "http:"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"db": "VULHUB",
"id": "VHN-64714"
},
{
"db": "BID",
"id": "63225"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"date": "2013-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-64714"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63225"
},
{
"date": "2013-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"date": "2013-10-19T10:36:07.697000",
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"date": "2013-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14024"
},
{
"date": "2013-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64714"
},
{
"date": "2013-10-18T00:00:00",
"db": "BID",
"id": "63225"
},
{
"date": "2013-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000095"
},
{
"date": "2013-10-21T14:31:41.990000",
"db": "NVD",
"id": "CVE-2013-4712"
},
{
"date": "2013-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HDL-A and HDL2-A Series vulnerable in session management",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000095"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-471"
}
],
"trust": 0.6
}
}
VAR-201407-0486
Vulnerability from variot - Updated: 2023-12-18 13:14The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201407-0486",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-ptcam\\/poe camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-wptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.8"
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "ts-wlc2 camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "ts-wlcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlcam\\/v camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-wlcam\\/v camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.0.6"
},
{
"model": "ts-ptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.02"
},
{
"model": "ts-wlcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.06"
},
{
"model": "ts-wlcam/v",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.06"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.08"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.08"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.08"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.02"
},
{
"model": "ts-wlcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wlcam/v",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.06"
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.8"
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "ts-wlcam\\/v camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.0.6"
},
{
"model": "ts-wlcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.08"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlcam\\/v_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlcam\\/v_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlcam_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlcam_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlc2_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlc2_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "68989"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3895",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-000087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-04720",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-71835",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3895",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000087",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2014-04720",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201407-707",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71835",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors. Multiple IP Cameras provided by I-O DATA contain an authentication bypass vulnerability.An attacker who can access the product may be able to gain access to configuration and credential information. As a result, the attacker may take control of the product. I-O DATA DEVICE I-O DATA TS-WLCAM and others are camera products of Japan I-O DATA DEVICE. Security vulnerabilities exist in several I-O DATA DEVICE I-O DATA IP Cameras products. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "VULHUB",
"id": "VHN-71835"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3895",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN94592501",
"trust": 2.5
},
{
"db": "BID",
"id": "68989",
"trust": 1.0
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-04720",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71835",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"id": "VAR-201407-0486",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
}
],
"trust": 1.40159314
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
}
]
},
"last_update_date": "2023-12-18T13:14:46.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2014/qwatch/"
},
{
"title": "A variety of I-O DATA DEVICE I-O DATA IP Cameras security bypass vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/48075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000087"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2014/qwatch/"
},
{
"trust": 1.7,
"url": "http://jvn.jp/en/jp/jvn94592501/index.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3895"
},
{
"trust": 0.8,
"url": "http://www.ipa.go.jp/security/ciadr/vul/20140729-jvn.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/en/jp/jvn94592501/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3895"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"db": "VULHUB",
"id": "VHN-71835"
},
{
"db": "BID",
"id": "68989"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"date": "2014-07-29T00:00:00",
"db": "VULHUB",
"id": "VHN-71835"
},
{
"date": "2014-07-31T00:00:00",
"db": "BID",
"id": "68989"
},
{
"date": "2014-07-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"date": "2014-07-29T20:55:08.583000",
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"date": "2014-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-04720"
},
{
"date": "2014-07-30T00:00:00",
"db": "VULHUB",
"id": "VHN-71835"
},
{
"date": "2014-07-31T00:00:00",
"db": "BID",
"id": "68989"
},
{
"date": "2014-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000087"
},
{
"date": "2014-07-30T18:48:14.953000",
"db": "NVD",
"id": "CVE-2014-3895"
},
{
"date": "2014-07-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA IP Cameras vulnerable to authentication bypass",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-000087"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201407-707"
}
],
"trust": 0.6
}
}
VAR-201706-0094
Vulnerability from variot - Updated: 2023-12-18 13:14I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0094",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
}
],
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7819",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000234",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-96639",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000234",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7819",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000234",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-712",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96639",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "VULHUB",
"id": "VHN-96639"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7819",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN25059363",
"trust": 2.8
},
{
"db": "BID",
"id": "94594",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96639",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"id": "VAR-201706-0094",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:16.151000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"title": "I-O DATA DEVICE TS-WRLP and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65979"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn25059363/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94594"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7819"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7819"
},
{
"trust": 0.3,
"url": "www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96639"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96639"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94594"
},
{
"date": "2016-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"date": "2017-06-09T16:29:00.843000",
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96639"
},
{
"date": "2016-12-20T01:04:00",
"db": "BID",
"id": "94594"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000234"
},
{
"date": "2017-06-16T12:35:30.173000",
"db": "NVD",
"id": "CVE-2016-7819"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000234"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-712"
}
],
"trust": 0.6
}
}
VAR-201706-0095
Vulnerability from variot - Updated: 2023-12-18 13:14Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. Attackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. The following products are affected : TS-WRLP firmware version 1.01.02 and prior. TS-WRLA firmware version 1.01.02 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.01.02"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01.02"
}
],
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94594"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000235",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-96640",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000235",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000235",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-713",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96640",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and TS-WRLA firmware version 1.01.02 and earlier allows an attacker with administrator rights to cause a denial-of-service (DoS) or execute arbitrary code via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed or a denial-of-service (DoS) condition may be caused. \nAttackers may leverage these issues to execute arbitrary code and commands in the context of the affected device. Failed exploits may result in denial-of-service conditions. \nThe following products are affected :\nTS-WRLP firmware version 1.01.02 and prior. \nTS-WRLA firmware version 1.01.02 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "VULHUB",
"id": "VHN-96640"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN25059363",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7820",
"trust": 2.8
},
{
"db": "BID",
"id": "94594",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96640",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"id": "VAR-201706-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:14:16.120000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"title": "I-O DATA DEVICE TS-WRLP and TS-WRLA Buffer Overflow Vulnerability and Command Injection Vulnerability Fixes",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65980"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn25059363/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94594"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap_2/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7820"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7820"
},
{
"trust": 0.3,
"url": "www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96640"
},
{
"db": "BID",
"id": "94594"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96640"
},
{
"date": "2016-11-30T00:00:00",
"db": "BID",
"id": "94594"
},
{
"date": "2016-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"date": "2017-06-09T16:29:00.877000",
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"date": "2016-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96640"
},
{
"date": "2016-12-20T01:04:00",
"db": "BID",
"id": "94594"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000235"
},
{
"date": "2017-06-16T12:31:24.023000",
"db": "NVD",
"id": "CVE-2016-7820"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000235"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-713"
}
],
"trust": 0.6
}
}
VAR-201707-0424
Vulnerability from variot - Updated: 2023-12-18 13:14Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. TS-WPTCAM2 firmware version 1.19 and prior. TS-PTCAM firmware version 1.19 and prior. TS-PTCAM/POE firmware version 1.19 and prior. TS-WLC2 firmware version 1.19 and prior. TS-WLCE firmware version 1.19 and prior. TS-WRLC firmware version 1.19 and prior
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201707-0424",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wlce camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wrlc camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "ts-wptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc2 camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam camera",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.01"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.19"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.19"
},
{
"model": "ts-ptcam",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-ptcam/poe",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wlc2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wrlc",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.19"
},
{
"model": "ts-wptcam2",
"scope": "lt",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.01"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "ts-ptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wrlc camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-ptcam\\/poe camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc2 camera",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "data device inc ts-wrlc",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wptcam2",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wlce",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-wlc2",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-ptcam/poe",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
},
{
"model": "data device inc ts-ptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam\\/poe_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlc2_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlc2_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlce_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlce_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlc_camera_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.19",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlc_camera:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama",
"sources": [
{
"db": "BID",
"id": "99144"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2223",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000141",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-13901",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-110426",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000141",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2223",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000141",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-13901",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201706-885",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110426",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, TS-PTCAM, TS-PTCAM/POE, TS-WLC2, TS-WLCE, TS-WRLC firmware version 1.19 and earlier and TS-WPTCAM2 firmware version 1.01 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contains a cross-site request forgery vulnerability (CWE-352). Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATATS-WPTCAM and so on are all network cameras from I-ODATADEVICE, Japan. A remote attacker could exploit this vulnerability to perform unauthorized operations. Other attacks are also possible. \nTS-WPTCAM2 firmware version 1.19 and prior. \nTS-PTCAM firmware version 1.19 and prior. \nTS-PTCAM/POE firmware version 1.19 and prior. \nTS-WLC2 firmware version 1.19 and prior. \nTS-WLCE firmware version 1.19 and prior. \nTS-WRLC firmware version 1.19 and prior",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "VULHUB",
"id": "VHN-110426"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2223",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN65411235",
"trust": 3.4
},
{
"db": "BID",
"id": "99144",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-13901",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110426",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"id": "VAR-201707-0424",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
}
],
"trust": 1.4956070953846154
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
}
]
},
"last_update_date": "2023-12-18T13:14:14.366000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201706/"
},
{
"title": "Patches for cross-site request forgery vulnerabilities for multiple I-ODATANetworkCamera products",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/97864"
},
{
"title": "Multiple I-O DATA Network Camera Repair measures for product cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71129"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn65411235/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/99144"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201706/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2223"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2223"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn65411235/"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"db": "VULHUB",
"id": "VHN-110426"
},
{
"db": "BID",
"id": "99144"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"date": "2017-07-07T00:00:00",
"db": "VULHUB",
"id": "VHN-110426"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99144"
},
{
"date": "2017-06-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"date": "2017-07-07T13:29:00.740000",
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"date": "2017-06-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-13901"
},
{
"date": "2017-07-16T00:00:00",
"db": "VULHUB",
"id": "VHN-110426"
},
{
"date": "2017-06-20T00:00:00",
"db": "BID",
"id": "99144"
},
{
"date": "2018-02-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000141"
},
{
"date": "2017-07-16T23:37:49.463000",
"db": "NVD",
"id": "CVE-2017-2223"
},
{
"date": "2017-07-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000141"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201706-885"
}
],
"trust": 0.6
}
}
VAR-201704-0925
Vulnerability from variot - Updated: 2023-12-18 13:08Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0925",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.03"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.03"
},
{
"model": "wn-g300r3",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"cve": "CVE-2017-2142",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000060",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-04290",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-110345",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000060",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2142",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2017-000060",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-04290",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-100",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110345",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain a stack based buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN81024552",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-2142",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04290",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110345",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"id": "VAR-201704-0925",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
}
]
},
"last_update_date": "2023-12-18T13:08:53.077000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"title": "WN-G300R3 Stack Buffer Overflow Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91703"
},
{
"title": "I-O DATA WN-G300R3 Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69775"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn81024552/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2142"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2142"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn81024552/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"db": "VULHUB",
"id": "VHN-110345"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110345"
},
{
"date": "2017-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"date": "2017-04-28T16:59:01.777000",
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"date": "2017-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04290"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110345"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000060"
},
{
"date": "2017-05-05T17:39:57.260000",
"db": "NVD",
"id": "CVE-2017-2142"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 vulnerable to stack based buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000060"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-100"
}
],
"trust": 0.6
}
}
VAR-201704-0924
Vulnerability from variot - Updated: 2023-12-18 13:08WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0924",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.03"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "ver.1.03"
},
{
"model": "wn-g300r3",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.03"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.03",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"cve": "CVE-2017-2141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000059",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-04291",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-110344",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000059",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2141",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000059",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-04291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201705-101",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-110344",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors. WN-G300R3 provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. The WN-G300R3 is a wireless LAN router device from I-ODATADEVICE. There is a security vulnerability in IO DATA WN-G300R3 devices using firmware version 1.03 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2141",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN81024552",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04291",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110344",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"id": "VAR-201704-0924",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
}
],
"trust": 1.2833333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
}
]
},
"last_update_date": "2023-12-18T13:08:53.046000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"title": "WN-G300R3OS command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91704"
},
{
"title": "I-O DATA WN-G300R3 Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69776"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn81024552/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2141"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2141"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn81024552/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"db": "VULHUB",
"id": "VHN-110344"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110344"
},
{
"date": "2017-04-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"date": "2017-04-28T16:59:01.747000",
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"date": "2017-04-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04291"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110344"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000059"
},
{
"date": "2017-05-05T17:39:29.713000",
"db": "NVD",
"id": "CVE-2017-2141"
},
{
"date": "2017-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-G300R3 vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000059"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201705-101"
}
],
"trust": 0.6
}
}
VAR-202001-0632
Vulnerability from variot - Updated: 2023-12-18 13:07A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. Multiple products contain vulnerabilities in insufficient protection of credentials.Information may be obtained. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY OTHER)
Blazej Adamczyk (br0x)
blazej.adamczyk@gmail.com
https://sploit.tech/
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
11.12.2019
1 Sensitive data disclosure and incorrect access control in several series of Realtek SDK based routers ══════════════════════════════════════════════════════════════════════════
CVE: CVE-2019-19822
SDK vendor: Realtek
Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc., MAX-C300N, T-BROAD and possibly others..
Product: Realtek SDK based routers backed by Boa HTTP server (and possibly others) and using apmib library for memory management.
Boa Version: <= Boa/0.94.14rc21 SDK Version: < 2020/02/15
Description: Realtek SDK based routers which use form based instead HTTP Basic authentication (that includes Realtek APMIB 0.11f and Boa HTTP server 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords).
This affects: • TOTOLINK A3002RU through 2.0.0, • TOTOLINK 702R through 2.1.3, • TOTOLINK N301RT through 2.1.6, • TOTOLINK N302R through 3.4.0, • TOTOLINK N300RT through 3.4.0, • TOTOLINK N200RE through 4.0.0, • TOTOLINK N150RT through 3.4.0, and • TOTOLINK N100RE through 3.4.0; • Rutek RTK 11N AP through 2019-12-12; • Sapido GR297n through 2019-12-12; • CIK TELECOM MESH ROUTER through 2019-12-12; • KCTVJEJU Wireless AP through 2019-12-12; • Fibergate FGN-R2 through 2019-12-12; • Hi-Wifi MAX-C300N through 2019-12-12; • HCN MAX-C300N through 2019-12-12; • T-broad GN-866ac through 2019-12-12; • Coship EMTA AP through 2019-12-12; and • IO-Data WN-AC1167R through 2019-12-12; and • possibly others.
Technical details: The apmib library at some point of initialization dumps the whole memory contents the file /web/config.dat. This folder is actually used by the boa http server as index directory. Additionally if the router is configured for form-based authentication the access control verifies credentials only for some URLs but ".dat" files are not restricted. This issue does not affect routers which use HTTP Basic authentication to secure all URLs.
PoC: ┌──── │ $ curl http://routerip/config.dat └────
2 Password stored in plaintext in Realtek SDK based routers ═══════════════════════════════════════════════════════════
CVE: CVE-2019-19823
SDK vendor: Realtek
Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc., MAX-C300N, T-BROAD and possibly others..
Product: Realtek SDK based routers backed by Boa HTTP server (and possibly others) and using apmib library for memory management.
Boa Version: <= Boa/0.94.14rc21 SDK Version: < 2020/02/15
Description: Realtek SDK based routers (that includes Realtek APMIB 0.11f and Boa HTTP server 0.94.14rc21) store passwords in plaintext.
This affects: • TOTOLINK A3002RU through 2.0.0, • TOTOLINK 702R through 2.1.3, • TOTOLINK N301RT through 2.1.6, • TOTOLINK N302R through 3.4.0, • TOTOLINK N300RT through 3.4.0, • TOTOLINK N200RE through 4.0.0, • TOTOLINK N150RT through 3.4.0, and • TOTOLINK N100RE through 3.4.0; • Rutek RTK 11N AP through 2019-12-12; • Sapido GR297n through 2019-12-12; • CIK TELECOM MESH ROUTER through 2019-12-12; • KCTVJEJU Wireless AP through 2019-12-12; • Fibergate FGN-R2 through 2019-12-12; • Hi-Wifi MAX-C300N through 2019-12-12; • HCN MAX-C300N through 2019-12-12; • T-broad GN-866ac through 2019-12-12; • Coship EMTA AP through 2019-12-12; and • IO-Data WN-AC1167R through 2019-12-12; and • possibly others.
Technical details: Data stored in memory in COMPCS (apmib library) format contains device administration and other passwords in plaintext. The apmib library additionally at some point of initialization dumps the whole memory contents the file /web/config.dat which might be used to easily retrieve user passwords.
3 Code execution in several TOTOLINK routers ════════════════════════════════════════════
CVE: CVE-2019-19824
Vendor: TOTOLINK
Product: TOTOLINK Realtek SDK based routers
Boa Version: <= Boa/0.94.14rc21
Description: On several Realted SDK based TOTOLINK routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals.
This affects: • A3002RU through 2.0.0, • A702R through 2.1.3, • N301RT through 2.1.6, • N302R through 3.4.0, • N300RT through 3.4.0, • N200RE through 4.0.0, • N150RT through 3.4.0, • N100RE through 3.4.0, and • possibly others.
PoC: ┌──── │ $ curl 'http://routerip/boafrm/formSysCmd' --user "admin:password" │ --data 'submit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0& │ save_apply=Run+Command&sysCmd=cp%20%2Fetc%2Fpasswd%20%2Fweb%2Fxxxx.dat' └────
4 Incorrectly implemented captcha protection in TOTOLINK routers ════════════════════════════════════════════════════════════════
CVE: CVE-2019-19825
Vendor: TOTOLINK
Product: TOTOLINK Realtek SDK based routers
Boa Version: <= Boa/0.94.14rc21
Description: Guessable captcha vulnerability (CWE-804) in several series of TOTOLINK routers allows a remote attacker to automatically login to the router without reading and providing real captcha.
The following command returns captcha in plain text: ┌──── │ $ curl 'http://routerip/boafrm/formLogin' --data '{"topicurl":"setting/getSanvas"}' └────
Additionally by using the HTTP Basic in a HEADER the attacker can execute router actions without providing captcha at all.
This affects: • A3002RU through 2.0.0, • A702R through 2.1.3, • N301RT through 2.1.6, • N302R through 3.4.0, • N300RT through 3.4.0, • N200RE through 4.0.0, • N150RT through 3.4.0, • N100RE through 3.4.0, and • possibly others.
5 Exploiting all together on TOTOLINK routers ═════════════════════════════════════════════
CVSS v3 socre: 9.6 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (assuming Administrative Access on WAN is enabled the score is 10.0)
Exploiting all the vulnerabilities together allows a remote unauthenticated attacker to execute any code with root permissions and reveal administration password.
The only thing that is needed is the access to router administration interface (either access to local network or Administrative Access on WAN enabled)
Description, video and possibly an exploit: https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
Timeline: • 17.12.2019 - Contacted all identified vendors, i.e. TOTOLINK, CIK Telecom, Sapido, Fibergate and Coship. • 18.12.2019 - received TOTOLINK first line support response totally not related to my message and showing me how to log into my router. I responded right away and asked to forward the message to technical/security team. • 19.12.2019 - received response from CIK Telecom stating that the routers support encryption (SIC!). I replied asking to forward the message to technical/security team. • 19.12.20219 - CIK Telecom responded that for further assistance I should contact them over the phone. I replied that I need to explain the details as a written message as this is technical. • 27.12.2019, 06.01.2020 - I resent the messages to TOTOLINK and CIK Telecom but none have replied till the date of disclosure. • 06.01.2020 - I finally contacted Realtek as the Supplier of the SDK. • 10.01.2020 - I got a response and I replied with encrypted details on the bugs. • 14-15.01.2020 - Realtek replied that the issue with dumping configuration by apmib exists but it is not directly exploitable in the defualt SDK configuration becuase it uses HTTP Basic authentication which protects all URLs. They agreed however that most of the Vendors modify the software including authentication mechanism thus making it vulnerable. • 23.01.2020 - Realtek responded that they are goining to fix the issue with dumping configuration to the config.dat file in version released on 15.02.2020. They also said that after fixing the issue the impact of storing password in plaintext is less significant thus they will not fix the CVE-2019-19823 yet but will try to fix it in the future.
Temporary workaround: Unfortunately I did not get any good information from real vendors like TOTOLINK and for now I would suggest to disable administration interface from WAN and restricting LAN router administration interface access using some kind of firewall if possible.
Credit: Blazej Adamczyk | blazej.adamczyk@gmail.com | http://sploit.tech/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0632",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n300rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "wireless ap",
"scope": "lte",
"trust": 1.0,
"vendor": "kctvjeju",
"version": "2019-12-12"
},
{
"model": "n302r",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n301rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.1.6"
},
{
"model": "n200re",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "4.0.0"
},
{
"model": "rtk 11n ap",
"scope": "lte",
"trust": 1.0,
"vendor": "realtek",
"version": "2019-12-12"
},
{
"model": "gr297n",
"scope": "lte",
"trust": 1.0,
"vendor": "sapido",
"version": "2019-12-12"
},
{
"model": "max-c300n",
"scope": "lte",
"trust": 1.0,
"vendor": "hiwifi",
"version": "2019-12-12"
},
{
"model": "a702r",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.1.3"
},
{
"model": "emta ap firmwre",
"scope": "lte",
"trust": 1.0,
"vendor": "coship",
"version": "2019-12-12"
},
{
"model": "mesh router",
"scope": "lte",
"trust": 1.0,
"vendor": "ciktel",
"version": "2019-12-12"
},
{
"model": "gn-866ac",
"scope": "lte",
"trust": 1.0,
"vendor": "tbroad",
"version": "2019-12-12"
},
{
"model": "n100re",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "wn-ac1167r firmwre",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2019-12-12"
},
{
"model": "a3002ru",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.0.0"
},
{
"model": "n150rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "max-c300n",
"scope": "lte",
"trust": 1.0,
"vendor": "hcn max c300n",
"version": "2019-12-12"
},
{
"model": "fgn-r2",
"scope": "lte",
"trust": 1.0,
"vendor": "fg products",
"version": "2019-12-12"
},
{
"model": "mesh router",
"scope": "eq",
"trust": 0.8,
"vendor": "cik telecom",
"version": "2019/12/12"
},
{
"model": "wireless ap",
"scope": "eq",
"trust": 0.8,
"vendor": "kctvjeju",
"version": "2019/12/12"
},
{
"model": "gr297n",
"scope": "eq",
"trust": 0.8,
"vendor": "sapido",
"version": "2019/12/12"
},
{
"model": "a3002ru",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "2.0.0"
},
{
"model": "a702r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "2.1.3"
},
{
"model": "n100re",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n150rt",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n200re",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "4.0.0"
},
{
"model": "n300rt",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n302r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:a702r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n302r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n302r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n300rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n200re_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n150rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n150rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n100re_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n100re:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:realtek:rtk_11n_ap_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:realtek:rtk_11n_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sapido:gr297n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sapido:gr297n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ciktel:mesh_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ciktel:mesh_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:kctvjeju:wireless_ap_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:kctvjeju:wireless_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fg-products:fgn-r2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fg-products:fgn-r2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hiwifi:max-c300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hiwifi:max-c300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tbroad:gn-866ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tbroad:gn-866ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:coship:emta_ap_firmwre:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:coship:emta_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1167r_firmwre:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1167r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hcn_max-c300n_project:hcn_max-c300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hcn_max-c300n_project:hcn_max-c300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n301rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n301rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
],
"trust": 0.7
},
"cve": "CVE-2019-19823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014482",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014482",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19823",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014482",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1179",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) stores cleartext administrative passwords in flash memory and in a file. This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. Multiple products contain vulnerabilities in insufficient protection of credentials.Information may be obtained. \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF\n REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY\n OTHER)\n\n\n Blazej Adamczyk (br0x)\n blazej.adamczyk@gmail.com\n https://sploit.tech/\n \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n\n 11.12.2019\n\n\n\n\n\n1 Sensitive data disclosure and incorrect access control in several series\nof Realtek SDK based routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19822\n\n SDK vendor: Realtek\n\n Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc.,\n MAX-C300N, T-BROAD and possibly others.. \n\n Product: Realtek SDK based routers backed by Boa HTTP server (and\n possibly others) and using apmib library for memory management. \n\n Boa Version: \u003c= Boa/0.94.14rc21 SDK Version: \u003c 2020/02/15\n\n Description: Realtek SDK based routers which use form based instead\n HTTP Basic authentication (that includes Realtek APMIB 0.11f and Boa\n HTTP server 0.94.14rc21) allows remote attackers to retrieve the\n configuration, including sensitive data (usernames and passwords). \n\n This affects:\n \u2022 TOTOLINK A3002RU through 2.0.0,\n \u2022 TOTOLINK 702R through 2.1.3,\n \u2022 TOTOLINK N301RT through 2.1.6,\n \u2022 TOTOLINK N302R through 3.4.0,\n \u2022 TOTOLINK N300RT through 3.4.0,\n \u2022 TOTOLINK N200RE through 4.0.0,\n \u2022 TOTOLINK N150RT through 3.4.0, and\n \u2022 TOTOLINK N100RE through 3.4.0;\n \u2022 Rutek RTK 11N AP through 2019-12-12;\n \u2022 Sapido GR297n through 2019-12-12;\n \u2022 CIK TELECOM MESH ROUTER through 2019-12-12;\n \u2022 KCTVJEJU Wireless AP through 2019-12-12;\n \u2022 Fibergate FGN-R2 through 2019-12-12;\n \u2022 Hi-Wifi MAX-C300N through 2019-12-12;\n \u2022 HCN MAX-C300N through 2019-12-12;\n \u2022 T-broad GN-866ac through 2019-12-12;\n \u2022 Coship EMTA AP through 2019-12-12; and\n \u2022 IO-Data WN-AC1167R through 2019-12-12; and\n \u2022 possibly others. \n\n Technical details: The apmib library at some point of initialization\n dumps the whole memory contents the file /web/config.dat. This folder\n is actually used by the boa http server as index directory. \n Additionally if the router is configured for form-based authentication\n the access control verifies credentials only for some URLs but \".dat\"\n files are not restricted. This issue does not affect routers which use\n HTTP Basic authentication to secure all URLs. \n\n PoC:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl http://routerip/config.dat\n \u2514\u2500\u2500\u2500\u2500\n\n\n2 Password stored in plaintext in Realtek SDK based routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19823\n\n SDK vendor: Realtek\n\n Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc.,\n MAX-C300N, T-BROAD and possibly others.. \n\n Product: Realtek SDK based routers backed by Boa HTTP server (and\n possibly others) and using apmib library for memory management. \n\n Boa Version: \u003c= Boa/0.94.14rc21 SDK Version: \u003c 2020/02/15\n\n Description: Realtek SDK based routers (that includes Realtek APMIB\n 0.11f and Boa HTTP server 0.94.14rc21) store passwords in plaintext. \n\n This affects:\n \u2022 TOTOLINK A3002RU through 2.0.0,\n \u2022 TOTOLINK 702R through 2.1.3,\n \u2022 TOTOLINK N301RT through 2.1.6,\n \u2022 TOTOLINK N302R through 3.4.0,\n \u2022 TOTOLINK N300RT through 3.4.0,\n \u2022 TOTOLINK N200RE through 4.0.0,\n \u2022 TOTOLINK N150RT through 3.4.0, and\n \u2022 TOTOLINK N100RE through 3.4.0;\n \u2022 Rutek RTK 11N AP through 2019-12-12;\n \u2022 Sapido GR297n through 2019-12-12;\n \u2022 CIK TELECOM MESH ROUTER through 2019-12-12;\n \u2022 KCTVJEJU Wireless AP through 2019-12-12;\n \u2022 Fibergate FGN-R2 through 2019-12-12;\n \u2022 Hi-Wifi MAX-C300N through 2019-12-12;\n \u2022 HCN MAX-C300N through 2019-12-12;\n \u2022 T-broad GN-866ac through 2019-12-12;\n \u2022 Coship EMTA AP through 2019-12-12; and\n \u2022 IO-Data WN-AC1167R through 2019-12-12; and\n \u2022 possibly others. \n\n Technical details: Data stored in memory in COMPCS (apmib library)\n format contains device administration and other passwords in\n plaintext. The apmib library additionally at some point of\n initialization dumps the whole memory contents the file\n /web/config.dat which might be used to easily retrieve user passwords. \n\n\n3 Code execution in several TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19824\n\n Vendor: TOTOLINK\n\n Product: TOTOLINK Realtek SDK based routers\n\n Boa Version: \u003c= Boa/0.94.14rc21\n\n Description: On several Realted SDK based TOTOLINK routers, an\n authenticated attacker may execute arbitrary OS commands via the\n sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI\n (syscmd.htm) is not available. This allows for full control over the\n device\u0027s internals. \n\n This affects:\n \u2022 A3002RU through 2.0.0,\n \u2022 A702R through 2.1.3,\n \u2022 N301RT through 2.1.6,\n \u2022 N302R through 3.4.0,\n \u2022 N300RT through 3.4.0,\n \u2022 N200RE through 4.0.0,\n \u2022 N150RT through 3.4.0,\n \u2022 N100RE through 3.4.0, and\n \u2022 possibly others. \n\n PoC:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl \u0027http://routerip/boafrm/formSysCmd\u0027 --user \"admin:password\" \n \u2502 --data \u0027submit-url=%2Fsyscmd.htm\u0026sysCmdselect=5\u0026sysCmdselects=0\u0026\n \u2502 save_apply=Run+Command\u0026sysCmd=cp%20%2Fetc%2Fpasswd%20%2Fweb%2Fxxxx.dat\u0027\n \u2514\u2500\u2500\u2500\u2500\n\n\n4 Incorrectly implemented captcha protection in TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19825\n\n Vendor: TOTOLINK\n\n Product: TOTOLINK Realtek SDK based routers\n\n Boa Version: \u003c= Boa/0.94.14rc21\n\n Description: Guessable captcha vulnerability (CWE-804) in several\n series of TOTOLINK routers allows a remote attacker to automatically\n login to the router without reading and providing real captcha. \n\n The following command returns captcha in plain text:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl \u0027http://routerip/boafrm/formLogin\u0027 --data \u0027{\"topicurl\":\"setting/getSanvas\"}\u0027\n \u2514\u2500\u2500\u2500\u2500\n\n Additionally by using the HTTP Basic in a HEADER the attacker can\n execute router actions without providing captcha at all. \n\n This affects:\n \u2022 A3002RU through 2.0.0,\n \u2022 A702R through 2.1.3,\n \u2022 N301RT through 2.1.6,\n \u2022 N302R through 3.4.0,\n \u2022 N300RT through 3.4.0,\n \u2022 N200RE through 4.0.0,\n \u2022 N150RT through 3.4.0,\n \u2022 N100RE through 3.4.0, and\n \u2022 possibly others. \n\n\n5 Exploiting all together on TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVSS v3 socre: 9.6 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (assuming\n Administrative Access on WAN is enabled the score is 10.0)\n\n Exploiting all the vulnerabilities together allows a remote\n unauthenticated attacker to execute any code with root permissions and\n reveal administration password. \n\n The only thing that is needed is the access to router administration\n interface (either access to local network or Administrative Access on\n WAN enabled)\n\n Description, video and possibly an exploit:\n https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html\n\n Timeline:\n \u2022 17.12.2019 - Contacted all identified vendors, i.e. TOTOLINK, CIK\n Telecom, Sapido, Fibergate and Coship. \n \u2022 18.12.2019 - received TOTOLINK first line support response totally\n not related to my message and showing me how to log into my router. \n I responded right away and asked to forward the message to\n technical/security team. \n \u2022 19.12.2019 - received response from CIK Telecom stating that the\n routers support encryption (SIC!). I replied asking to forward the\n message to technical/security team. \n \u2022 19.12.20219 - CIK Telecom responded that for further assistance I\n should contact them over the phone. I replied that I need to explain\n the details as a written message as this is technical. \n \u2022 27.12.2019, 06.01.2020 - I resent the messages to TOTOLINK and CIK\n Telecom but none have replied till the date of disclosure. \n \u2022 06.01.2020 - I finally contacted Realtek as the Supplier of the SDK. \n \u2022 10.01.2020 - I got a response and I replied with encrypted details\n on the bugs. \n \u2022 14-15.01.2020 - Realtek replied that the issue with dumping\n configuration by apmib exists but it is not directly exploitable in\n the defualt SDK configuration becuase it uses HTTP Basic\n authentication which protects all URLs. They agreed however that\n most of the Vendors modify the software including authentication\n mechanism thus making it vulnerable. \n \u2022 23.01.2020 - Realtek responded that they are goining to fix the\n issue with dumping configuration to the config.dat file in version\n released on 15.02.2020. They also said that after fixing the issue\n the impact of storing password in plaintext is less significant thus\n they will not fix the CVE-2019-19823 yet but will try to fix it in\n the future. \n\n Temporary workaround: Unfortunately I did not get any good information\n from real vendors like TOTOLINK and for now I would suggest to disable\n administration interface from WAN and restricting LAN router\n administration interface access using some kind of firewall if\n possible. \n\n Credit: Blazej Adamczyk | blazej.adamczyk@gmail.com | http://sploit.tech/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "PACKETSTORM",
"id": "156083"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19823",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "156083",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014482",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179",
"trust": 0.6
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"id": "VAR-202001-0632",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3182676575
},
"last_update_date": "2023-12-18T13:07:46.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MESH Router",
"trust": 0.8,
"url": "https://www.ciktel.com/devices/router"
},
{
"title": "KCTV",
"trust": 0.8,
"url": "https://www.facebook.com/kctvjeju/"
},
{
"title": "GR297n4",
"trust": 0.8,
"url": "http://www.sapido.com.tw/en-new/product-gr297n-p01.htm"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://totolink.net/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://sploit.tech/"
},
{
"trust": 1.6,
"url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz"
},
{
"trust": 1.6,
"url": "http://packetstormsecurity.com/files/156083/realtek-sdk-information-disclosure-code-execution.html"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/jan/36"
},
{
"trust": 1.6,
"url": "http://seclists.org/fulldisclosure/2020/jan/38"
},
{
"trust": 1.6,
"url": "https://github.com/saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#l13"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19823"
},
{
"trust": 1.0,
"url": "https://sploit.tech"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19824"
},
{
"trust": 0.1,
"url": "https://sploit.tech/2019/12/16/realtek-totolink.html"
},
{
"trust": 0.1,
"url": "http://routerip/config.dat"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19825"
},
{
"trust": 0.1,
"url": "http://routerip/boafrm/formsyscmd\u0027"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19822"
},
{
"trust": 0.1,
"url": "http://routerip/boafrm/formlogin\u0027"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"date": "2020-01-24T23:23:23",
"db": "PACKETSTORM",
"id": "156083"
},
{
"date": "2020-01-27T18:15:12.883000",
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"date": "2020-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014482"
},
{
"date": "2020-02-06T16:04:39.370000",
"db": "NVD",
"id": "CVE-2019-19823"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate protection of credentials in multiple products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014482"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1179"
}
],
"trust": 0.6
}
}
VAR-202001-0631
Vulnerability from variot - Updated: 2023-12-18 13:07A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. Multiple products contain vulnerabilities in insufficient protection of credentials.Information may be obtained. ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY OTHER)
Blazej Adamczyk (br0x)
blazej.adamczyk@gmail.com
https://sploit.tech/
━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
11.12.2019
1 Sensitive data disclosure and incorrect access control in several series of Realtek SDK based routers ══════════════════════════════════════════════════════════════════════════
CVE: CVE-2019-19822
SDK vendor: Realtek
Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc., MAX-C300N, T-BROAD and possibly others..
Product: Realtek SDK based routers backed by Boa HTTP server (and possibly others) and using apmib library for memory management.
This affects: • TOTOLINK A3002RU through 2.0.0, • TOTOLINK 702R through 2.1.3, • TOTOLINK N301RT through 2.1.6, • TOTOLINK N302R through 3.4.0, • TOTOLINK N300RT through 3.4.0, • TOTOLINK N200RE through 4.0.0, • TOTOLINK N150RT through 3.4.0, and • TOTOLINK N100RE through 3.4.0; • Rutek RTK 11N AP through 2019-12-12; • Sapido GR297n through 2019-12-12; • CIK TELECOM MESH ROUTER through 2019-12-12; • KCTVJEJU Wireless AP through 2019-12-12; • Fibergate FGN-R2 through 2019-12-12; • Hi-Wifi MAX-C300N through 2019-12-12; • HCN MAX-C300N through 2019-12-12; • T-broad GN-866ac through 2019-12-12; • Coship EMTA AP through 2019-12-12; and • IO-Data WN-AC1167R through 2019-12-12; and • possibly others.
Technical details: The apmib library at some point of initialization dumps the whole memory contents the file /web/config.dat. This folder is actually used by the boa http server as index directory. Additionally if the router is configured for form-based authentication the access control verifies credentials only for some URLs but ".dat" files are not restricted. This issue does not affect routers which use HTTP Basic authentication to secure all URLs.
PoC: ┌──── │ $ curl http://routerip/config.dat └────
2 Password stored in plaintext in Realtek SDK based routers ═══════════════════════════════════════════════════════════
CVE: CVE-2019-19823
SDK vendor: Realtek
Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc., MAX-C300N, T-BROAD and possibly others..
Product: Realtek SDK based routers backed by Boa HTTP server (and possibly others) and using apmib library for memory management.
Boa Version: <= Boa/0.94.14rc21 SDK Version: < 2020/02/15
Description: Realtek SDK based routers (that includes Realtek APMIB 0.11f and Boa HTTP server 0.94.14rc21) store passwords in plaintext.
This affects: • TOTOLINK A3002RU through 2.0.0, • TOTOLINK 702R through 2.1.3, • TOTOLINK N301RT through 2.1.6, • TOTOLINK N302R through 3.4.0, • TOTOLINK N300RT through 3.4.0, • TOTOLINK N200RE through 4.0.0, • TOTOLINK N150RT through 3.4.0, and • TOTOLINK N100RE through 3.4.0; • Rutek RTK 11N AP through 2019-12-12; • Sapido GR297n through 2019-12-12; • CIK TELECOM MESH ROUTER through 2019-12-12; • KCTVJEJU Wireless AP through 2019-12-12; • Fibergate FGN-R2 through 2019-12-12; • Hi-Wifi MAX-C300N through 2019-12-12; • HCN MAX-C300N through 2019-12-12; • T-broad GN-866ac through 2019-12-12; • Coship EMTA AP through 2019-12-12; and • IO-Data WN-AC1167R through 2019-12-12; and • possibly others.
Technical details: Data stored in memory in COMPCS (apmib library) format contains device administration and other passwords in plaintext. The apmib library additionally at some point of initialization dumps the whole memory contents the file /web/config.dat which might be used to easily retrieve user passwords.
3 Code execution in several TOTOLINK routers ════════════════════════════════════════════
CVE: CVE-2019-19824
Vendor: TOTOLINK
Product: TOTOLINK Realtek SDK based routers
Boa Version: <= Boa/0.94.14rc21
Description: On several Realted SDK based TOTOLINK routers, an authenticated attacker may execute arbitrary OS commands via the sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI (syscmd.htm) is not available. This allows for full control over the device's internals.
This affects: • A3002RU through 2.0.0, • A702R through 2.1.3, • N301RT through 2.1.6, • N302R through 3.4.0, • N300RT through 3.4.0, • N200RE through 4.0.0, • N150RT through 3.4.0, • N100RE through 3.4.0, and • possibly others.
PoC: ┌──── │ $ curl 'http://routerip/boafrm/formSysCmd' --user "admin:password" │ --data 'submit-url=%2Fsyscmd.htm&sysCmdselect=5&sysCmdselects=0& │ save_apply=Run+Command&sysCmd=cp%20%2Fetc%2Fpasswd%20%2Fweb%2Fxxxx.dat' └────
4 Incorrectly implemented captcha protection in TOTOLINK routers ════════════════════════════════════════════════════════════════
CVE: CVE-2019-19825
Vendor: TOTOLINK
Product: TOTOLINK Realtek SDK based routers
Boa Version: <= Boa/0.94.14rc21
Description: Guessable captcha vulnerability (CWE-804) in several series of TOTOLINK routers allows a remote attacker to automatically login to the router without reading and providing real captcha.
The following command returns captcha in plain text: ┌──── │ $ curl 'http://routerip/boafrm/formLogin' --data '{"topicurl":"setting/getSanvas"}' └────
Additionally by using the HTTP Basic in a HEADER the attacker can execute router actions without providing captcha at all.
This affects: • A3002RU through 2.0.0, • A702R through 2.1.3, • N301RT through 2.1.6, • N302R through 3.4.0, • N300RT through 3.4.0, • N200RE through 4.0.0, • N150RT through 3.4.0, • N100RE through 3.4.0, and • possibly others.
5 Exploiting all together on TOTOLINK routers ═════════════════════════════════════════════
CVSS v3 socre: 9.6 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (assuming Administrative Access on WAN is enabled the score is 10.0)
Exploiting all the vulnerabilities together allows a remote unauthenticated attacker to execute any code with root permissions and reveal administration password.
The only thing that is needed is the access to router administration interface (either access to local network or Administrative Access on WAN enabled)
Description, video and possibly an exploit: https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html
Timeline: • 17.12.2019 - Contacted all identified vendors, i.e. TOTOLINK, CIK Telecom, Sapido, Fibergate and Coship. • 18.12.2019 - received TOTOLINK first line support response totally not related to my message and showing me how to log into my router. I responded right away and asked to forward the message to technical/security team. • 19.12.2019 - received response from CIK Telecom stating that the routers support encryption (SIC!). I replied asking to forward the message to technical/security team. • 19.12.20219 - CIK Telecom responded that for further assistance I should contact them over the phone. I replied that I need to explain the details as a written message as this is technical. • 27.12.2019, 06.01.2020 - I resent the messages to TOTOLINK and CIK Telecom but none have replied till the date of disclosure. • 06.01.2020 - I finally contacted Realtek as the Supplier of the SDK. • 10.01.2020 - I got a response and I replied with encrypted details on the bugs. • 14-15.01.2020 - Realtek replied that the issue with dumping configuration by apmib exists but it is not directly exploitable in the defualt SDK configuration becuase it uses HTTP Basic authentication which protects all URLs. They agreed however that most of the Vendors modify the software including authentication mechanism thus making it vulnerable. • 23.01.2020 - Realtek responded that they are goining to fix the issue with dumping configuration to the config.dat file in version released on 15.02.2020. They also said that after fixing the issue the impact of storing password in plaintext is less significant thus they will not fix the CVE-2019-19823 yet but will try to fix it in the future.
Temporary workaround: Unfortunately I did not get any good information from real vendors like TOTOLINK and for now I would suggest to disable administration interface from WAN and restricting LAN router administration interface access using some kind of firewall if possible.
Credit: Blazej Adamczyk | blazej.adamczyk@gmail.com | http://sploit.tech/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0631",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n300rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "wireless ap",
"scope": "lte",
"trust": 1.0,
"vendor": "kctvjeju",
"version": "2019-12-12"
},
{
"model": "n302r",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n301rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.1.6"
},
{
"model": "n200re",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "4.0.0"
},
{
"model": "rtk 11n ap",
"scope": "lte",
"trust": 1.0,
"vendor": "realtek",
"version": "2019-12-12"
},
{
"model": "gr297n",
"scope": "lte",
"trust": 1.0,
"vendor": "sapido",
"version": "2019-12-12"
},
{
"model": "max-c300n",
"scope": "lte",
"trust": 1.0,
"vendor": "hiwifi",
"version": "2019-12-12"
},
{
"model": "a702r",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.1.3"
},
{
"model": "emta ap firmwre",
"scope": "lte",
"trust": 1.0,
"vendor": "coship",
"version": "2019-12-12"
},
{
"model": "mesh router",
"scope": "lte",
"trust": 1.0,
"vendor": "ciktel",
"version": "2019-12-12"
},
{
"model": "gn-866ac",
"scope": "lte",
"trust": 1.0,
"vendor": "tbroad",
"version": "2019-12-12"
},
{
"model": "n100re",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "wn-ac1167r firmwre",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2019-12-12"
},
{
"model": "a3002ru",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "2.0.0"
},
{
"model": "n150rt",
"scope": "lte",
"trust": 1.0,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "max-c300n",
"scope": "lte",
"trust": 1.0,
"vendor": "hcn max c300n",
"version": "2019-12-12"
},
{
"model": "fgn-r2",
"scope": "lte",
"trust": 1.0,
"vendor": "fg products",
"version": "2019-12-12"
},
{
"model": "mesh router",
"scope": "eq",
"trust": 0.8,
"vendor": "cik telecom",
"version": "2019/12/12"
},
{
"model": "wireless ap",
"scope": "eq",
"trust": 0.8,
"vendor": "kctvjeju",
"version": "2019/12/12"
},
{
"model": "gr297n",
"scope": "eq",
"trust": 0.8,
"vendor": "sapido",
"version": "2019/12/12"
},
{
"model": "a3002ru",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "2.0.0"
},
{
"model": "a702r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "2.1.3"
},
{
"model": "n100re",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n150rt",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n200re",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "4.0.0"
},
{
"model": "n300rt",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
},
{
"model": "n302r",
"scope": "eq",
"trust": 0.8,
"vendor": "totolink",
"version": "3.4.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:a3002ru_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:a3002ru:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:a702r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:a702r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n302r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n302r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n300rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n300rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n200re_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.0.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n200re:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n150rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n150rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n100re_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.4.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n100re:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:realtek:rtk_11n_ap_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:realtek:rtk_11n_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sapido:gr297n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sapido:gr297n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ciktel:mesh_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:ciktel:mesh_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:kctvjeju:wireless_ap_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:kctvjeju:wireless_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fg-products:fgn-r2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:fg-products:fgn-r2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hiwifi:max-c300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hiwifi:max-c300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:tbroad:gn-866ac_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tbroad:gn-866ac:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:coship:emta_ap_firmwre:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:coship:emta_ap:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1167r_firmwre:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1167r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:hcn_max-c300n_project:hcn_max-c300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2019-12-12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:hcn_max-c300n_project:hcn_max-c300n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:totolink:n301rt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.1.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:totolink:n301rt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Blazej Adamczyk",
"sources": [
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
],
"trust": 0.7
},
"cve": "CVE-2019-19822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2019-014481",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2019-19822",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2019-014481",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-19822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2019-014481",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202001-1178",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-19822",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A certain router administration interface (that includes Realtek APMIB 0.11f for Boa 0.94.14rc21) allows remote attackers to retrieve the configuration, including sensitive data (usernames and passwords). This affects TOTOLINK A3002RU through 2.0.0, A702R through 2.1.3, N301RT through 2.1.6, N302R through 3.4.0, N300RT through 3.4.0, N200RE through 4.0.0, N150RT through 3.4.0, and N100RE through 3.4.0; Rutek RTK 11N AP through 2019-12-12; Sapido GR297n through 2019-12-12; CIK TELECOM MESH ROUTER through 2019-12-12; KCTVJEJU Wireless AP through 2019-12-12; Fibergate FGN-R2 through 2019-12-12; Hi-Wifi MAX-C300N through 2019-12-12; HCN MAX-C300N through 2019-12-12; T-broad GN-866ac through 2019-12-12; Coship EMTA AP through 2019-12-12; and IO-Data WN-AC1167R through 2019-12-12. Multiple products contain vulnerabilities in insufficient protection of credentials.Information may be obtained. \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n MULTIPLE VULNERABILITIES IN SEVERAL SERIES OF\n REALTEK SDK BASED ROUTERS (TOTOLINK AND MANY\n OTHER)\n\n\n Blazej Adamczyk (br0x)\n blazej.adamczyk@gmail.com\n https://sploit.tech/\n \u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\u2501\n\n\n 11.12.2019\n\n\n\n\n\n1 Sensitive data disclosure and incorrect access control in several series\nof Realtek SDK based routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19822\n\n SDK vendor: Realtek\n\n Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc.,\n MAX-C300N, T-BROAD and possibly others.. \n\n Product: Realtek SDK based routers backed by Boa HTTP server (and\n possibly others) and using apmib library for memory management. \n\n This affects:\n \u2022 TOTOLINK A3002RU through 2.0.0,\n \u2022 TOTOLINK 702R through 2.1.3,\n \u2022 TOTOLINK N301RT through 2.1.6,\n \u2022 TOTOLINK N302R through 3.4.0,\n \u2022 TOTOLINK N300RT through 3.4.0,\n \u2022 TOTOLINK N200RE through 4.0.0,\n \u2022 TOTOLINK N150RT through 3.4.0, and\n \u2022 TOTOLINK N100RE through 3.4.0;\n \u2022 Rutek RTK 11N AP through 2019-12-12;\n \u2022 Sapido GR297n through 2019-12-12;\n \u2022 CIK TELECOM MESH ROUTER through 2019-12-12;\n \u2022 KCTVJEJU Wireless AP through 2019-12-12;\n \u2022 Fibergate FGN-R2 through 2019-12-12;\n \u2022 Hi-Wifi MAX-C300N through 2019-12-12;\n \u2022 HCN MAX-C300N through 2019-12-12;\n \u2022 T-broad GN-866ac through 2019-12-12;\n \u2022 Coship EMTA AP through 2019-12-12; and\n \u2022 IO-Data WN-AC1167R through 2019-12-12; and\n \u2022 possibly others. \n\n Technical details: The apmib library at some point of initialization\n dumps the whole memory contents the file /web/config.dat. This folder\n is actually used by the boa http server as index directory. \n Additionally if the router is configured for form-based authentication\n the access control verifies credentials only for some URLs but \".dat\"\n files are not restricted. This issue does not affect routers which use\n HTTP Basic authentication to secure all URLs. \n\n PoC:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl http://routerip/config.dat\n \u2514\u2500\u2500\u2500\u2500\n\n\n2 Password stored in plaintext in Realtek SDK based routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19823\n\n SDK vendor: Realtek\n\n Device vendor: TOTOLINK, Sapido, CIK Telecom, Fibergate Inc.,\n MAX-C300N, T-BROAD and possibly others.. \n\n Product: Realtek SDK based routers backed by Boa HTTP server (and\n possibly others) and using apmib library for memory management. \n\n Boa Version: \u003c= Boa/0.94.14rc21 SDK Version: \u003c 2020/02/15\n\n Description: Realtek SDK based routers (that includes Realtek APMIB\n 0.11f and Boa HTTP server 0.94.14rc21) store passwords in plaintext. \n\n This affects:\n \u2022 TOTOLINK A3002RU through 2.0.0,\n \u2022 TOTOLINK 702R through 2.1.3,\n \u2022 TOTOLINK N301RT through 2.1.6,\n \u2022 TOTOLINK N302R through 3.4.0,\n \u2022 TOTOLINK N300RT through 3.4.0,\n \u2022 TOTOLINK N200RE through 4.0.0,\n \u2022 TOTOLINK N150RT through 3.4.0, and\n \u2022 TOTOLINK N100RE through 3.4.0;\n \u2022 Rutek RTK 11N AP through 2019-12-12;\n \u2022 Sapido GR297n through 2019-12-12;\n \u2022 CIK TELECOM MESH ROUTER through 2019-12-12;\n \u2022 KCTVJEJU Wireless AP through 2019-12-12;\n \u2022 Fibergate FGN-R2 through 2019-12-12;\n \u2022 Hi-Wifi MAX-C300N through 2019-12-12;\n \u2022 HCN MAX-C300N through 2019-12-12;\n \u2022 T-broad GN-866ac through 2019-12-12;\n \u2022 Coship EMTA AP through 2019-12-12; and\n \u2022 IO-Data WN-AC1167R through 2019-12-12; and\n \u2022 possibly others. \n\n Technical details: Data stored in memory in COMPCS (apmib library)\n format contains device administration and other passwords in\n plaintext. The apmib library additionally at some point of\n initialization dumps the whole memory contents the file\n /web/config.dat which might be used to easily retrieve user passwords. \n\n\n3 Code execution in several TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19824\n\n Vendor: TOTOLINK\n\n Product: TOTOLINK Realtek SDK based routers\n\n Boa Version: \u003c= Boa/0.94.14rc21\n\n Description: On several Realted SDK based TOTOLINK routers, an\n authenticated attacker may execute arbitrary OS commands via the\n sysCmd parameter to the boafrm/formSysCmd URI, even if the GUI\n (syscmd.htm) is not available. This allows for full control over the\n device\u0027s internals. \n\n This affects:\n \u2022 A3002RU through 2.0.0,\n \u2022 A702R through 2.1.3,\n \u2022 N301RT through 2.1.6,\n \u2022 N302R through 3.4.0,\n \u2022 N300RT through 3.4.0,\n \u2022 N200RE through 4.0.0,\n \u2022 N150RT through 3.4.0,\n \u2022 N100RE through 3.4.0, and\n \u2022 possibly others. \n\n PoC:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl \u0027http://routerip/boafrm/formSysCmd\u0027 --user \"admin:password\" \n \u2502 --data \u0027submit-url=%2Fsyscmd.htm\u0026sysCmdselect=5\u0026sysCmdselects=0\u0026\n \u2502 save_apply=Run+Command\u0026sysCmd=cp%20%2Fetc%2Fpasswd%20%2Fweb%2Fxxxx.dat\u0027\n \u2514\u2500\u2500\u2500\u2500\n\n\n4 Incorrectly implemented captcha protection in TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVE: CVE-2019-19825\n\n Vendor: TOTOLINK\n\n Product: TOTOLINK Realtek SDK based routers\n\n Boa Version: \u003c= Boa/0.94.14rc21\n\n Description: Guessable captcha vulnerability (CWE-804) in several\n series of TOTOLINK routers allows a remote attacker to automatically\n login to the router without reading and providing real captcha. \n\n The following command returns captcha in plain text:\n \u250c\u2500\u2500\u2500\u2500\n \u2502 $ curl \u0027http://routerip/boafrm/formLogin\u0027 --data \u0027{\"topicurl\":\"setting/getSanvas\"}\u0027\n \u2514\u2500\u2500\u2500\u2500\n\n Additionally by using the HTTP Basic in a HEADER the attacker can\n execute router actions without providing captcha at all. \n\n This affects:\n \u2022 A3002RU through 2.0.0,\n \u2022 A702R through 2.1.3,\n \u2022 N301RT through 2.1.6,\n \u2022 N302R through 3.4.0,\n \u2022 N300RT through 3.4.0,\n \u2022 N200RE through 4.0.0,\n \u2022 N150RT through 3.4.0,\n \u2022 N100RE through 3.4.0, and\n \u2022 possibly others. \n\n\n5 Exploiting all together on TOTOLINK routers\n\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\u2550\n\n CVSS v3 socre: 9.6 AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H (assuming\n Administrative Access on WAN is enabled the score is 10.0)\n\n Exploiting all the vulnerabilities together allows a remote\n unauthenticated attacker to execute any code with root permissions and\n reveal administration password. \n\n The only thing that is needed is the access to router administration\n interface (either access to local network or Administrative Access on\n WAN enabled)\n\n Description, video and possibly an exploit:\n https://sploit.tech/2019/12/16/Realtek-TOTOLINK.html\n\n Timeline:\n \u2022 17.12.2019 - Contacted all identified vendors, i.e. TOTOLINK, CIK\n Telecom, Sapido, Fibergate and Coship. \n \u2022 18.12.2019 - received TOTOLINK first line support response totally\n not related to my message and showing me how to log into my router. \n I responded right away and asked to forward the message to\n technical/security team. \n \u2022 19.12.2019 - received response from CIK Telecom stating that the\n routers support encryption (SIC!). I replied asking to forward the\n message to technical/security team. \n \u2022 19.12.20219 - CIK Telecom responded that for further assistance I\n should contact them over the phone. I replied that I need to explain\n the details as a written message as this is technical. \n \u2022 27.12.2019, 06.01.2020 - I resent the messages to TOTOLINK and CIK\n Telecom but none have replied till the date of disclosure. \n \u2022 06.01.2020 - I finally contacted Realtek as the Supplier of the SDK. \n \u2022 10.01.2020 - I got a response and I replied with encrypted details\n on the bugs. \n \u2022 14-15.01.2020 - Realtek replied that the issue with dumping\n configuration by apmib exists but it is not directly exploitable in\n the defualt SDK configuration becuase it uses HTTP Basic\n authentication which protects all URLs. They agreed however that\n most of the Vendors modify the software including authentication\n mechanism thus making it vulnerable. \n \u2022 23.01.2020 - Realtek responded that they are goining to fix the\n issue with dumping configuration to the config.dat file in version\n released on 15.02.2020. They also said that after fixing the issue\n the impact of storing password in plaintext is less significant thus\n they will not fix the CVE-2019-19823 yet but will try to fix it in\n the future. \n\n Temporary workaround: Unfortunately I did not get any good information\n from real vendors like TOTOLINK and for now I would suggest to disable\n administration interface from WAN and restricting LAN router\n administration interface access using some kind of firewall if\n possible. \n\n Credit: Blazej Adamczyk | blazej.adamczyk@gmail.com | http://sploit.tech/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "PACKETSTORM",
"id": "156083"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-19822",
"trust": 2.6
},
{
"db": "PACKETSTORM",
"id": "156083",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-19822",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"id": "VAR-202001-0631",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.3182676575
},
"last_update_date": "2023-12-18T13:07:46.663000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MESH Router",
"trust": 0.8,
"url": "https://www.ciktel.com/devices/router"
},
{
"title": "KCTV",
"trust": 0.8,
"url": "https://www.facebook.com/kctvjeju/"
},
{
"title": "GR297n4",
"trust": 0.8,
"url": "http://www.sapido.com.tw/en-new/product-gr297n-p01.htm"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://totolink.net/"
},
{
"title": "totoroot",
"trust": 0.1,
"url": "https://github.com/lkkula/totoroot "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-522",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://opensource.actiontec.com/sourcecode/wcb3000x/wecb3000n_gpl_0.16.8.4.tgz"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/156083/realtek-sdk-information-disclosure-code-execution.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2020/jan/36"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2020/jan/38"
},
{
"trust": 1.7,
"url": "https://github.com/saturn49/wecb/blob/755ce19a493c78270c04b5aaf39664f0cddbb420/rtl819x/users/boa/apmib/apmib.h#l13"
},
{
"trust": 1.7,
"url": "https://sploit.tech"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19822"
},
{
"trust": 1.0,
"url": "https://sploit.tech/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-19822"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/306.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/lkkula/totoroot"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/175106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19823"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19824"
},
{
"trust": 0.1,
"url": "https://sploit.tech/2019/12/16/realtek-totolink.html"
},
{
"trust": 0.1,
"url": "http://routerip/config.dat"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19825"
},
{
"trust": 0.1,
"url": "http://routerip/boafrm/formsyscmd\u0027"
},
{
"trust": 0.1,
"url": "http://routerip/boafrm/formlogin\u0027"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"db": "PACKETSTORM",
"id": "156083"
},
{
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-01-27T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"date": "2020-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"date": "2020-01-24T23:23:23",
"db": "PACKETSTORM",
"id": "156083"
},
{
"date": "2020-01-27T18:15:12.790000",
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"date": "2020-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-19822"
},
{
"date": "2020-02-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-014481"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-19822"
},
{
"date": "2022-03-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Inadequate protection of credentials in multiple products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-014481"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access control error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202001-1178"
}
],
"trust": 0.6
}
}
VAR-201704-0928
Vulnerability from variot - Updated: 2023-12-18 13:03Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user's web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0928",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.04"
},
{
"model": "wn-ac1167gr",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.04"
},
{
"model": "wn-ac1167gr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "data device wn-ac1167gr",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.04"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1167gr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1167gr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc.",
"sources": [
{
"db": "BID",
"id": "97714"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.9
},
"cve": "CVE-2017-2148",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 1.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000070",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 1.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.5,
"id": "CNVD-2017-04568",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-110351",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2017-000070",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2148",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000070",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-04568",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1010",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-110351",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. WN-AC1167GR provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-AC1167GR contains a stored cross-site scripting vulnerability (CWE-79). Satoshi Ogawa of Mitsui Bussan Secure Directions,Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user accesses a malicious URL while logged in, an arbitrary script may be executed on the user\u0027s web browser. I-O DATA WN-AC1167GR is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. IO DATA WN-AC1167GR is a wireless router produced by Japan IO DATA DEVICE company",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "VULHUB",
"id": "VHN-110351"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2148",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN01537659",
"trust": 3.4
},
{
"db": "BID",
"id": "97714",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-04568",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110351",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"id": "VAR-201704-0928",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
}
],
"trust": 1.3875
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
}
]
},
"last_update_date": "2023-12-18T13:03:08.329000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
},
{
"title": "Patch for WN-AC1167GR Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/91864"
},
{
"title": "I-O DATA WN-AC1167GR Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=69715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn01537659/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/97714"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/wn-ac1167gr/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2148"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2148"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn01537659/"
},
{
"trust": 0.3,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"db": "VULHUB",
"id": "VHN-110351"
},
{
"db": "BID",
"id": "97714"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110351"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "97714"
},
{
"date": "2017-04-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"date": "2017-04-28T16:59:01.887000",
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"date": "2017-04-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-04-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-04568"
},
{
"date": "2017-05-05T00:00:00",
"db": "VULHUB",
"id": "VHN-110351"
},
{
"date": "2017-04-14T00:00:00",
"db": "BID",
"id": "97714"
},
{
"date": "2017-06-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000070"
},
{
"date": "2017-05-05T17:40:08.027000",
"db": "NVD",
"id": "CVE-2017-2148"
},
{
"date": "2017-05-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WN-AC1167GR vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000070"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1010"
}
],
"trust": 0.6
}
}
VAR-201704-0948
Vulnerability from variot - Updated: 2023-12-18 13:03TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0948",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam\\/poe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlc2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlce_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlce:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam2_firmware:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2112",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000040",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-02696",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110315",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000040",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2112",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000040",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02696",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-087",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110315",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an OS command injection vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110315"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2112",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02696",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110315",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"id": "VAR-201704-0948",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
}
]
},
"last_update_date": "2023-12-18T13:03:08.294000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcamera command injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/90468"
},
{
"title": "Multiple I-O DATA network camera Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000040.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2112"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2112"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"db": "VULHUB",
"id": "VHN-110315"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110315"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"date": "2017-04-28T16:59:01.077000",
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02696"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110315"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000040"
},
{
"date": "2017-05-11T14:20:43.530000",
"db": "NVD",
"id": "CVE-2017-2112"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000040"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-087"
}
],
"trust": 0.6
}
}
VAR-201704-0947
Vulnerability from variot - Updated: 2023-12-18 13:03HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user's web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0947",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam\\/poe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlc2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlce_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlce:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam2_firmware:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2111",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000039",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2017-02674",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-110314",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2017-000039",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2111",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2017-000039",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-02674",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-086",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-110314",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier may allow a remote attackers to display false information. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a HTTP header injection vulnerability. Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Forged information may be displayed on the logged-in user\u0027s web browser by exploiting HTTP response splitting. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110314"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2111",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02674",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110314",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"id": "VAR-201704-0947",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
}
]
},
"last_update_date": "2023-12-18T13:03:08.254000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcameraHTTP header injection vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/90445"
},
{
"title": "Multiple I-O DATA network camera Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67990"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-93",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000039.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2111"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2111"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"db": "VULHUB",
"id": "VHN-110314"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110314"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"date": "2017-04-28T16:59:01.043000",
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02674"
},
{
"date": "2017-05-11T00:00:00",
"db": "VULHUB",
"id": "VHN-110314"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000039"
},
{
"date": "2017-05-11T15:03:10.383000",
"db": "NVD",
"id": "CVE-2017-2111"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to HTTP header injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000039"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-086"
}
],
"trust": 0.6
}
}
VAR-201704-0949
Vulnerability from variot - Updated: 2023-12-18 13:03Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. Remote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0949",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "ts-ptcam\\/poe",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wrlc",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.17"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlce",
"scope": "eq",
"trust": 0.9,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.17"
},
{
"model": "ts-ptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-ptcam/poe",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlc2",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wlce",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.18"
},
{
"model": "ts-wptcam2",
"scope": "eq",
"trust": 0.6,
"vendor": "i o data device",
"version": "1.00"
},
{
"model": "ts-wrlc",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.17"
},
{
"model": "ts-ptcam\\/poe",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-ptcam",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wlc2",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.18"
},
{
"model": "ts-wptcam",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.00"
},
{
"model": "ts-wlc",
"scope": "eq",
"trust": 0.3,
"vendor": "iodata",
"version": "21.18"
},
{
"model": "ts-wrlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.01"
},
{
"model": "ts-wptcam",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlce",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "1.19"
},
{
"model": "ts-wlc",
"scope": "ne",
"trust": 0.3,
"vendor": "iodata",
"version": "21.19"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam\\/poe_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam\\/poe:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-ptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-ptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlc_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.17",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlc:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlc2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlc2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wlce_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wlce:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam2_firmware:1.00:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wptcam_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wptcam:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takayoshi Isayama of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "96620"
}
],
"trust": 0.3
},
"cve": "CVE-2017-2113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000041",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2017-02695",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-110316",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000041",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-2113",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2017-000041",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-02695",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201703-088",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-110316",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware version 1.00, TS-WLCE firmware version 1.18 and earlier, TS-WLC2 firmware version 1.18 and earlier, TS-WRLC firmware version 1.17 and earlier, TS-PTCAM firmware version 1.18 and earlier, TS-PTCAM/POE firmware version 1.18 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain a Buffer overflow vulnerability. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported respective vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A remote unauthenticated attacker may execute an arbitrary OS command on the product. I-ODATATS-WLC2 and so on are all network cameras from I-ODATADEVICE, Japan. \nRemote attackers can exploit these issues to execute arbitrary code, cause denial-of-service conditions or to insert a crafted HTTP header into an HTTP response that could cause a web page redirection to a possible malicious website. IO DATA TS-WLC2 etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "VULHUB",
"id": "VHN-110316"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-2113",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN46830433",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041",
"trust": 2.0
},
{
"db": "BID",
"id": "96620",
"trust": 1.4
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-02695",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-110316",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"id": "VAR-201704-0949",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
}
],
"trust": 1.3627042399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
}
]
},
"last_update_date": "2023-12-18T13:03:08.220000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"title": "Patches for multiple I-ODATAnetworkcamera buffer overflow vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/90473"
},
{
"title": "Multiple I-O DATA network camera Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=67988"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn46830433/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2017/camera201702/"
},
{
"trust": 1.2,
"url": "http://jvndb.jvn.jp/en/contents/2017/jvndb-2017-000041.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/96620"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2113"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-2113"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"db": "VULHUB",
"id": "VHN-110316"
},
{
"db": "BID",
"id": "96620"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-03-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"date": "2017-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-110316"
},
{
"date": "2017-03-02T00:00:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"date": "2017-04-28T16:59:01.107000",
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"date": "2017-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-02695"
},
{
"date": "2017-05-10T00:00:00",
"db": "VULHUB",
"id": "VHN-110316"
},
{
"date": "2017-03-16T00:01:00",
"db": "BID",
"id": "96620"
},
{
"date": "2017-06-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000041"
},
{
"date": "2017-05-10T19:18:25.603000",
"db": "NVD",
"id": "CVE-2017-2113"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000041"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201703-088"
}
],
"trust": 0.6
}
}
VAR-201802-0652
Vulnerability from variot - Updated: 2023-12-18 12:44Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201802-0652",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "whg-napgal",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "gv-ntx1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02.00"
},
{
"model": "wn-gx300gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.00"
},
{
"model": "hdl2-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "wn-ac1167dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "whg-napga",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "wn-ac583rk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.06"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "3.11"
},
{
"model": "wn-ag300dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "wn-g300ex",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "hdl-xv",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.50"
},
{
"model": "wn-ag750dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "hvl-s",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-ac1600dgr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.06"
},
{
"model": "hdl-ah",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "hdl-gtr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.37"
},
{
"model": "wnpr2600g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "wn-ac1300ex",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "hvl-ata",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "whg-ac1750al",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "wn-ac583trk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "whg-napg",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.08"
},
{
"model": "hvl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "hdl-xr2uw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "hfas1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.40"
},
{
"model": "hdl-a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "whg-ac1750a",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "3.00"
},
{
"model": "whg-ac1750",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.07"
},
{
"model": "gv-ntx2",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.02.00"
},
{
"model": "wnpr1167f",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "bx-vp1",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wnpr1167g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-g300sr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "hdl-xrw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "hvl-at",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.04"
},
{
"model": "hdl-xr",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "hdl-xr2u",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "2.01"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "hdl2-ah",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.26"
},
{
"model": "wnpr1750g",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "hdl-gt",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.37"
},
{
"model": "hdl-xvw",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.50"
},
{
"model": "hdl-t",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "hls-c",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.12"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.14"
},
{
"model": "bx-vp1",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "gv-ntx1",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02.00"
},
{
"model": "gv-ntx2",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02.00"
},
{
"model": "hdl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl-ah series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl-gt series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.37"
},
{
"model": "hdl-gtr series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.37"
},
{
"model": "hdl-t series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.12"
},
{
"model": "hdl-xr series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xr2u series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xr2uw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xrw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.01"
},
{
"model": "hdl-xv series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.50"
},
{
"model": "hdl-xvw series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.50"
},
{
"model": "hdl2-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hdl2-ah series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.26"
},
{
"model": "hfas1 series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.40"
},
{
"model": "hls-c series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.12"
},
{
"model": "hvl-a series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-at series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-ata series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.04"
},
{
"model": "hvl-s series",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "whg-ac1750/a",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.00"
},
{
"model": "whg-ac1750/al",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.07"
},
{
"model": "whg-napg/a",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.08"
},
{
"model": "whg-napg/al",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ac1167dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02"
},
{
"model": "wn-ac1300ex",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.02"
},
{
"model": "wn-ac1600dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.06"
},
{
"model": "wn-ac583rk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.06"
},
{
"model": "wn-ac583trk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ag300dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.05"
},
{
"model": "wn-ag750dgr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.08"
},
{
"model": "wn-ax1167gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 3.11"
},
{
"model": "wn-g300ex",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "wn-g300r",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.14"
},
{
"model": "wn-g300r3",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.04"
},
{
"model": "wn-g300sr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wn-gx300gr",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 2.00"
},
{
"model": "wnpr1167f",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wnpr1167g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00"
},
{
"model": "wnpr1750g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "wnpr2600g",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.01"
},
{
"model": "hdl-gtr series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.37"
},
{
"model": "hdl-gt series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.37"
},
{
"model": "hdl-xv/xvw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=1.50"
},
{
"model": "hdl-xr2u/xr2uw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=2.0.1"
},
{
"model": "hdl-xr/xrw series",
"scope": "lte",
"trust": 0.6,
"vendor": "i o data device",
"version": "\u003c=2.01"
},
{
"model": "wn-ac1600dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "2.06"
},
{
"model": "wn-g300r",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.14"
},
{
"model": "wn-ac1300ex",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "wn-g300r3",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.04"
},
{
"model": "wn-ag300dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "wn-ac1167dgr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.02"
},
{
"model": "wn-ac583trk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05"
},
{
"model": "wn-g300sr",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00"
},
{
"model": "wn-g300ex",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.01"
},
{
"model": "wn-ac583rk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xrw_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xrw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xr2u_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xr2u:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xr2uw_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xr2uw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xv_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-xvw_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-xvw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-gt_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.37",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-gt:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-gtr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.37",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-gtr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-ah_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-ah:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl2-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl2-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl2-ah_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.26",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl2-ah:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hdl-t_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hdl-t:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hls-c_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.12",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hls-c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-at_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-ata_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hvl-s_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hvl-s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:hfas1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.40",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:hfas1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-napg_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-napg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-napga_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-napga:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-napgal_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-napgal:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-ac1750a_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-ac1750a:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-ac1750_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-ac1750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:whg-ac1750al_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.07",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:whg-ac1750al:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ax1167gr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.11",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ax1167gr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-gx300gr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-gx300gr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wnpr2600g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wnpr2600g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wnpr1750g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wnpr1750g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wnpr1167g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wnpr1167g:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wnpr1167f_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wnpr1167f:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ag750dgr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ag750dgr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.14",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ag300dgr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ag300dgr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1600dgr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1600dgr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1167dgr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1167dgr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300ex_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300ex:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac1300ex_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac1300ex:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac583trk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac583trk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-ac583rk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-ac583rk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wn-g300sr_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wn-g300sr:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:bx-vp1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:bx-vp1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:gv-ntx1_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:gv-ntx1:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:gv-ntx2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.02.00",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:gv-ntx2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"cve": "CVE-2018-0512",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000007",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2018-05725",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-118714",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000007",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0512",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2018-000007",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-05725",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201802-259",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118714",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devices with IP address setting tool \"MagicalFinder\" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in the affected device may execute an arbitrary OS command. I-ODATADEVICEHDL-XR/XRWseries and so on are different series of network attached storage devices of Japan I-ODATADEVICE. There are operating system command injection vulnerabilities in MagicalFinder in several I-ODATADEVICE products. The following products and versions are affected: HDL-XR/XRW series with firmware version 2.01 and earlier; HDL-XR2U/XR2UW series with firmware version 2.01 and earlier; HDL-XV/XVW series with firmware version 1.50 and earlier; HDL-GT series with firmware version 1.37 and earlier; HDL-GTR series with firmware version earlier than 1.37, etc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-0512",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN36048131",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-05725",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118714",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"id": "VAR-201802-0652",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
}
],
"trust": 1.4824074111111112
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
}
]
},
"last_update_date": "2023-12-18T12:44:11.692000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
},
{
"title": "A variety of I-ODATADEVICE products MagicalFinder operating system command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/122133"
},
{
"title": "Multiple I-O DATA DEVICE product MagicalFinder Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=78373"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn36048131/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/magicalfinder/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0512"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0512"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"db": "VULHUB",
"id": "VHN-118714"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-20T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"date": "2018-02-08T00:00:00",
"db": "VULHUB",
"id": "VHN-118714"
},
{
"date": "2018-02-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"date": "2018-02-08T14:29:00.213000",
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-05-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-05725"
},
{
"date": "2018-03-06T00:00:00",
"db": "VULHUB",
"id": "VHN-118714"
},
{
"date": "2018-04-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000007"
},
{
"date": "2018-03-06T13:41:37.133000",
"db": "NVD",
"id": "CVE-2018-0512"
},
{
"date": "2018-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000007"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201802-259"
}
],
"trust": 0.6
}
}
VAR-201606-0178
Vulnerability from variot - Updated: 2023-12-18 12:37Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "etx-r",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": null
},
{
"model": "etx-r",
"scope": null,
"trust": 1.4,
"vendor": "i o data device",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:etx-r_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:etx-r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Junichi MURAKAMI of FFRI, Inc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4820",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000100",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2016-04211",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-93639",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000100",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4820",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000100",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04211",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-312",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93639",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ETX-R devices allows remote attackers to hijack the authentication of arbitrary users. ETX-R provided by I-O DATA DEVICE, INC. is a wired LAN router. ETX-R contains a cross-site request forgery vulnerability (CWE-352). Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. I-ODATADEVICEETX-R is a router product of I-ODATADEVICE, Japan. \nExploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. This may lead to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "VULHUB",
"id": "VHN-93639"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN61317238",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2016-4820",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04211",
"trust": 0.6
},
{
"db": "BID",
"id": "91173",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93639",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"id": "VAR-201606-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
}
]
},
"last_update_date": "2023-12-18T12:37:48.126000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"title": "Patch for I-ODATADEVICEETX-R cross-site request forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/77932"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://jvn.jp/en/jp/jvn61317238/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/etx-r/"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000100"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4820"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4820"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000100.html"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "VULHUB",
"id": "VHN-93639"
},
{
"db": "BID",
"id": "91173"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"date": "2016-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-93639"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91173"
},
{
"date": "2016-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"date": "2016-06-19T01:59:13.857000",
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"date": "2016-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"date": "2016-06-21T00:00:00",
"db": "VULHUB",
"id": "VHN-93639"
},
{
"date": "2016-06-14T00:00:00",
"db": "BID",
"id": "91173"
},
{
"date": "2016-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000100"
},
{
"date": "2016-06-21T17:48:34.423000",
"db": "NVD",
"id": "CVE-2016-4820"
},
{
"date": "2016-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE ETX-R Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04211"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-312"
}
],
"trust": 0.6
}
}
VAR-201706-0090
Vulnerability from variot - Updated: 2023-12-18 12:37I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0090",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00.01"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.00.01"
},
{
"model": "data ts-wrlp",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.00.01"
},
{
"model": "data ts-wrla",
"scope": "lte",
"trust": 0.6,
"vendor": "i o",
"version": "\u003c=1.00.01"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.00.01"
},
{
"model": "data device ts-wrlp",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.0.1"
},
{
"model": "data device ts-wrla",
"scope": "eq",
"trust": 0.3,
"vendor": "i o",
"version": "1.0.1"
},
{
"model": "data device ts-wrlp",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "1.1.2"
},
{
"model": "data device ts-wrla",
"scope": "ne",
"trust": 0.3,
"vendor": "i o",
"version": "1.1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.01",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions",
"sources": [
{
"db": "BID",
"id": "94250"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000221",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-11326",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-96634",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000221",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7814",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000221",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11326",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-354",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96634",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and TS-WRLA firmware version 1.00.01 and earlier allow remote attackers to obtain authentication credentials via unspecified vectors. Multiple network camera products provided by I-O DATA DEVICE, INC. contain an information disclosure vulnerability (CWE-200). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Information such as authentication credentials may be disclosed by an attacker who can access the product. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "VULHUB",
"id": "VHN-96634"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7814",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN34103586",
"trust": 2.8
},
{
"db": "BID",
"id": "94250",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-11326",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-96634",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"id": "VAR-201706-0090",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
}
]
},
"last_update_date": "2023-12-18T12:37:22.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
},
{
"title": "Patches for multiple I-ODATANetworkCamera product information disclosure vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/84086"
},
{
"title": "I-O DATA Network camera Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65715"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn34103586/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94250"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7814"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7814"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn34103586/index.html jvn#34103586 "
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/support/information/2016/ts-wrlap/ "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"db": "VULHUB",
"id": "VHN-96634"
},
{
"db": "BID",
"id": "94250"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96634"
},
{
"date": "2016-11-11T00:00:00",
"db": "BID",
"id": "94250"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"date": "2017-06-09T16:29:00.720000",
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"date": "2016-11-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11326"
},
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96634"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94250"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000221"
},
{
"date": "2017-06-16T14:36:57.287000",
"db": "NVD",
"id": "CVE-2016-7814"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000221"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-354"
}
],
"trust": 0.6
}
}
VAR-201809-0631
Vulnerability from variot - Updated: 2023-12-18 12:36Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0631",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp/e",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"cve": "CVE-2018-0662",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "VHN-118864",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000089",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0662",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-403",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118864",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to add malicious files on the device and execute arbitrary code. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "VULHUB",
"id": "VHN-118864"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN83701666",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0662",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118864",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"id": "VAR-201809-0631",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:33.715000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"title": "Multiple I-O DATA Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84697"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn83701666/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118864"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118864"
},
{
"date": "2018-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-07T14:29:03.117000",
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118864"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-0662"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-403"
}
],
"trust": 0.6
}
}
VAR-201809-0630
Vulnerability from variot - Updated: 2023-12-18 12:36Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities. The following products and versions are affected: IO DATA TS-WRLP with firmware version 1.09.04 and earlier; TS-WRLA with firmware version 1.09.04 and earlier; TS-WRLP/E with firmware version 1.09.04 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0630",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp/e",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0661"
}
]
},
"cve": "CVE-2018-0661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-118863",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000089",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-118863",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118863"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) allow an attacker on the same network segment to bypass access restriction to add files on a specific directory that may result in executing arbitrary OS commands/code or information including credentials leakage or alteration. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. Several IO DATA products have security vulnerabilities. The following products and versions are affected: IO DATA TS-WRLP with firmware version 1.09.04 and earlier; TS-WRLA with firmware version 1.09.04 and earlier; TS-WRLP/E with firmware version 1.09.04 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "VULHUB",
"id": "VHN-118863"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN83701666",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0661",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118863",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118863"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"id": "VAR-201809-0630",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118863"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:33.686000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"title": "Multiple I-O DATA Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84698"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
},
{
"problemtype": "CWE-284",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118863"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn83701666/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118863"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118863"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118863"
},
{
"date": "2018-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-07T14:29:02.990000",
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-118863"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-0661"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-404"
}
],
"trust": 0.6
}
}
VAR-201809-0632
Vulnerability from variot - Updated: 2023-12-18 12:36Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0632",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp/e",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware ver.1.09.04"
},
{
"model": "ts-wrlp",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrlp\\/e",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
},
{
"model": "ts-wrla",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.09.04"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrlp\\/e_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrlp\\/e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:ts-wrla_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.09.04",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:ts-wrla:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"cve": "CVE-2018-0663",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P/BS: 5.8AV:L/AC:L/Au:N/C:P/I:P/A:P/BS:4.6",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P/BS: 4.6",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-118865",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 6.3",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2018-000089",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/BS: 4.3",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000089",
"trust": 2.4,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2018-0663",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-402",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-118865",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple I-O DATA network camera products (TS-WRLP firmware Ver.1.09.04 and earlier, TS-WRLA firmware Ver.1.09.04 and earlier, TS-WRLP/E firmware Ver.1.09.04 and earlier) use hardcoded credentials which may allow an remote authenticated attacker to execute arbitrary OS commands on the device via unspecified vector. Multiple network camera products provided by I-O DATA DEVICE, INC. contain multiple vulnerabilities listed below. * Permissions, Privileges, and Access Controls (CWE-264) - CVE-2018-0661 * Insufficient Verification of Data Authenticity (CWE-345) - CVE-2018-0662 * Use of Hard-coded Credentials (CWE-798) - CVE-2018-0663 The following researchers reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. CVE-2018-0661 Yutaka Kokubu, Toshitsugu Yoneyama, and Daiki Ichinose of Mitsui Bussan Secure Directions, Inc. CVE-2018-0662 Daiki Ichinose of Mitsui Bussan Secure Directions, Inc",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "VULHUB",
"id": "VHN-118865"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN83701666",
"trust": 2.5
},
{
"db": "NVD",
"id": "CVE-2018-0663",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-118865",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"id": "VAR-201809-0632",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:36:33.662000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"title": "Multiple I-O DATA Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84696"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn83701666/index.html"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2018/ts-wrlp/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0663"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0661"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0662"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0663"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-118865"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118865"
},
{
"date": "2018-08-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-09-07T14:29:03.257000",
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-118865"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000089"
},
{
"date": "2018-11-01T12:48:05.440000",
"db": "NVD",
"id": "CVE-2018-0663"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in multiple I-O DATA network camera products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000089"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-402"
}
],
"trust": 0.6
}
}
VAR-201704-0456
Vulnerability from variot - Updated: 2023-12-18 12:30Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user's web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-0456",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rockdisk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05e1-2.0.5"
},
{
"model": "rockdisk",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.05e1-2.0.5"
},
{
"model": "rockdisk \u003c1.05e1-2.0.5",
"scope": null,
"trust": 0.6,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05e1-2.0.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05e1-2.0.5",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:rockdisk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"cve": "CVE-2014-3887",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2014-000069",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CNVD-2017-07173",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-71827",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-3887",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2014-000069",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2017-07173",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-743",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-71827",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. An arbitrary script may be executed on the user\u0027s web browser. I-ODATADEVICERockDisk is a network storage (NAS) device from I-ODATADEVICE, Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN74608669",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2014-3887",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-07173",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-71827",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"id": "VAR-201704-0456",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
}
]
},
"last_update_date": "2023-12-18T12:30:49.903000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"title": "Patch for I-ODATADEVICERockDisk Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/94063"
},
{
"title": "I-O DATA DEVICE RockDisk Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=70221"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://jvn.jp/en/jp/jvn74608669/index.html"
},
{
"trust": 1.7,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3887"
},
{
"trust": 0.8,
"url": "http://jvn.jp/jp/jvn74608669/index.html"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/en/contents/2013/jvndb-2013-000096.html"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3887"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "VULHUB",
"id": "VHN-71827"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"date": "2017-04-13T00:00:00",
"db": "VULHUB",
"id": "VHN-71827"
},
{
"date": "2014-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"date": "2017-04-13T17:59:00.277000",
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"date": "2017-04-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"date": "2017-04-20T00:00:00",
"db": "VULHUB",
"id": "VHN-71827"
},
{
"date": "2017-05-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-000069"
},
{
"date": "2017-04-20T16:16:38.160000",
"db": "NVD",
"id": "CVE-2014-3887"
},
{
"date": "2017-05-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE RockDisk Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-07173"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-743"
}
],
"trust": 0.6
}
}
VAR-201311-0283
Vulnerability from variot - Updated: 2023-12-18 12:30Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0283",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03w-1.14"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03y-1.16"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04b-1.21"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04m-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04r3-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04a-1.2"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04n-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.04t-2.0.2"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.6,
"vendor": "iodata",
"version": "1.03v3-1.13"
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.05c-2.0.3"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": "1.04d-2.0.1"
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 1.0,
"vendor": "iodata",
"version": null
},
{
"model": "rockdisk",
"scope": null,
"trust": 0.8,
"vendor": "i o data device",
"version": null
},
{
"model": "rockdisk",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "version 1.05e1-2.0.5"
},
{
"model": "data rockdisk nas 1.05c-2.0.3",
"scope": null,
"trust": 0.6,
"vendor": "i o",
"version": null
},
{
"model": "rockdisk",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.05c-2.0.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04r3-2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04n-2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04m-2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04d-2.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04b-1.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05c-2.0.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04a-1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.03y-1.16:beta:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.04t-2.0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.03w-1.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:iodata:rockdisk_firmware:1.03v3-1.13:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:rockdisk:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yuji Tounai of bogus.jp",
"sources": [
{
"db": "BID",
"id": "63392"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.9
},
"cve": "CVE-2013-4713",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2013-000096",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-14194",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-64715",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4713",
"trust": 1.0,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2013-000096",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14194",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-720",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-64715",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. RockDisk provided by I-O DATA DEVICE, INC. are LAN connectable hard disk drives. RockDisk contains a cross-site scripting vulnerability. Yuji Tounai of bogus.jp reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. I-O DATA RockDisk NAS incorrectly filters data returned to users, allowing remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information, or hijack user sessions. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "VULHUB",
"id": "VHN-64715"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000096",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2013-4713",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN74608669",
"trust": 3.1
},
{
"db": "BID",
"id": "63392",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "55463",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2013-14194",
"trust": 0.6
},
{
"db": "JVN",
"id": "JVN#74608669",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-64715",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"id": "VAR-201311-0283",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
}
]
},
"last_update_date": "2023-12-18T12:30:49.871000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"title": "I-O DATA RockDisk NAS has patches for unidentified cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/40628"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn74608669/index.html"
},
{
"trust": 3.1,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2013-000096"
},
{
"trust": 1.7,
"url": "http://www.ioplaza.jp/shop/contents/rdiskmanual.aspx"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4713"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4713"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/55463/"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/63392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"db": "VULHUB",
"id": "VHN-64715"
},
{
"db": "BID",
"id": "63392"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"date": "2013-11-01T00:00:00",
"db": "VULHUB",
"id": "VHN-64715"
},
{
"date": "2013-10-29T00:00:00",
"db": "BID",
"id": "63392"
},
{
"date": "2013-10-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"date": "2013-11-01T02:55:04.933000",
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"date": "2013-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-01T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14194"
},
{
"date": "2013-11-21T00:00:00",
"db": "VULHUB",
"id": "VHN-64715"
},
{
"date": "2013-11-01T01:01:00",
"db": "BID",
"id": "63392"
},
{
"date": "2014-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-000096"
},
{
"date": "2013-11-21T19:30:22.917000",
"db": "NVD",
"id": "CVE-2013-4713"
},
{
"date": "2013-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RockDisk vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-000096"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-720"
}
],
"trust": 0.6
}
}
VAR-201706-0084
Vulnerability from variot - Updated: 2023-12-18 12:29I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. Attackers can exploit these issues to execute remote command or to bypass certain security restrictions and perform unauthorized actions. WFS-SR01 firmware version 1.10 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0084",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wfs-sr01_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wfs-sr01:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "94089"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7807",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000215",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-96627",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000215",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7807",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000215",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96627",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to bypass access restriction to access data on storage devices inserted into the product via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains access restriction bypass vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nAttackers can exploit these issues to execute remote command or to bypass certain security restrictions and perform unauthorized actions. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "VULHUB",
"id": "VHN-96627"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7807",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN18228200",
"trust": 2.8
},
{
"db": "BID",
"id": "94089",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96627",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"id": "VAR-201706-0084",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:29:35.934000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/wfssr01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-nocwe",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn18228200/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94089"
},
{
"trust": 1.7,
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7807"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7807"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96627"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96627"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94089"
},
{
"date": "2016-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"date": "2017-06-09T16:29:00.517000",
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96627"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94089"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000215"
},
{
"date": "2017-06-15T19:32:41.457000",
"db": "NVD",
"id": "CVE-2016-7807"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access restriction bypass vulnerability in WFS-SR01",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000215"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-018"
}
],
"trust": 0.6
}
}
VAR-201706-0083
Vulnerability from variot - Updated: 2023-12-18 12:29I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in "Pocket Router Function". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. WFS-SR01 firmware version 1.10 and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0083",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 1.0,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "lte",
"trust": 0.8,
"vendor": "i o data device",
"version": "firmware version 1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.6,
"vendor": "iodata",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "1.10"
},
{
"model": "wfs-sr01",
"scope": "eq",
"trust": 0.3,
"vendor": "i o data device",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:iodata:wfs-sr01_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:iodata:wfs-sr01:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported the issue.",
"sources": [
{
"db": "BID",
"id": "94089"
}
],
"trust": 0.3
},
"cve": "CVE-2016-7806",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000214",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-96626",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-7806",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000214",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7806",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2016-000214",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-017",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-96626",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-7806",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow remote attackers to execute arbitrary OS commands via unspecified vectors. WFS-SR01 provided by I-O DATA DEVICE, INC. is a portable storage device which provides wireless LAN router function. WFS-SR01 contains command injection vulnerability in \"Pocket Router Function\". I-O DATA DEVICE, INC. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and I-O DATA DEVICE, INC. \nWFS-SR01 firmware version 1.10 and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7806",
"trust": 2.9
},
{
"db": "JVN",
"id": "JVN18228200",
"trust": 2.9
},
{
"db": "BID",
"id": "94089",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-96626",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-7806",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"id": "VAR-201706-0083",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:29:35.902000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "I-O DATA DEVICE, INC. website",
"trust": 0.8,
"url": "http://www.iodata.jp/wfssr01/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-nocwe",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://jvn.jp/en/jp/jvn18228200/index.html"
},
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/94089"
},
{
"trust": 1.8,
"url": "http://www.iodata.jp/support/information/2016/wfs-sr01/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7806"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7806"
},
{
"trust": 0.3,
"url": "http://www.iodata.jp/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96626"
},
{
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"db": "BID",
"id": "94089"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96626"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"date": "2016-11-02T00:00:00",
"db": "BID",
"id": "94089"
},
{
"date": "2016-11-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"date": "2017-06-09T16:29:00.487000",
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"date": "2016-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96626"
},
{
"date": "2017-06-15T00:00:00",
"db": "VULMON",
"id": "CVE-2016-7806"
},
{
"date": "2016-11-24T01:07:00",
"db": "BID",
"id": "94089"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000214"
},
{
"date": "2017-06-15T19:35:39.727000",
"db": "NVD",
"id": "CVE-2016-7806"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Command injection vulnerability in WFS-SR01",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000214"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-017"
}
],
"trust": 0.6
}
}