cvelistv5 - CVE-2017-10903

CVE-2017-10903 (GCVE-0-2017-10903)

Vulnerability from cvelistv5

Published

2017-12-01 14:00

Modified

2024-08-05 17:50

Severity ?

CWE

Improper authentication

Summary

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

References

URL

	Vendor	Product	Version
	Princeton Ltd.	PTW-WMS1	Version: firmware version 2.000.012

CVE-2017-10903

Vulnerability from jvndb

Published

2017-11-30 15:45

Modified

2018-03-14 14:13

Severity ?

7.3 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

Multiple vulnerabilities in Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1

Details

Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. * Improper Access Restriction (CWE-284) - CVE-2017-10900 * Buffer Overflow (CWE-119) - CVE-2017-10901 * OS Command Injection (CWE-78) - CVE-2017-10902 * Improper Authentication (CWE-287) - CVE-2017-10903 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN98295787/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10900
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10901
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10902
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10903
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10900
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10901
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10902
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-10903
	IPA SECURITY ALERTS	https://www.ipa.go.jp/security/ciadr/vul/20171130-1-jvn.html
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Princeton Ltd.

PTW-WMS1 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000241.html",
  "dc:date": "2018-03-14T14:13+09:00",
  "dcterms:issued": "2017-11-30T15:45+09:00",
  "dcterms:modified": "2018-03-14T14:13+09:00",
  "description": "Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1 contains multiple vulnerabilities listed below. \r\n* Improper Access Restriction (CWE-284) - CVE-2017-10900\r\n* Buffer Overflow (CWE-119) - CVE-2017-10901\r\n* OS Command Injection (CWE-78) - CVE-2017-10902\r\n* Improper Authentication (CWE-287) - CVE-2017-10903\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000241.html",
  "sec:cpe": {
    "#text": "cpe:/o:princeton:ptw-wms1_firmware",
    "@product": "PTW-WMS1 firmware",
    "@vendor": "Princeton Ltd.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000241",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN98295787/index.html",
      "@id": "JVN#98295787",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10900",
      "@id": "CVE-2017-10900",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10901",
      "@id": "CVE-2017-10901",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10902",
      "@id": "CVE-2017-10902",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10903",
      "@id": "CVE-2017-10903",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10900",
      "@id": "CVE-2017-10900",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10901",
      "@id": "CVE-2017-10901",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10902",
      "@id": "CVE-2017-10902",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10903",
      "@id": "CVE-2017-10903",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/security/ciadr/vul/20171130-1-jvn.html",
      "@id": "Security Alert for Vulnerability in Digizo ShAirDisk (JVN#98295787)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1"
}

var-201712-0053

Vulnerability from variot

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage "Digizo ShAirDisk" PTW-WMS1 contains multiple vulnerabilities listed below. * Improper Access Restriction (CWE-284) - CVE-2017-10900 * Buffer Overflow (CWE-119) - CVE-2017-10901 * OS Command Injection (CWE-78) - CVE-2017-10902 * Improper Authentication (CWE-287) - CVE-2017-10903 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A remote attacker may access the shared disk connected to the device, and then obtain or delete information in the disk. - CVE-2017-10900 * Receiving a specially crafted packet from a remote attacker may result in a denial-of-service (DoS) condition. - CVE-2017-10901 * A remote attacker may log in the device and execute an arbitrary OS command. - CVE-2017-10903. A security vulnerability exists in PrincetonPTW-WMS1 using firmware version 2.000.012

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201712-0053",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "ptw-wms1",
        "scope": "eq",
        "trust": 2.2,
        "vendor": "princeton",
        "version": "2.000.012"
      },
      {
        "model": "ptw-wms1",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "princeton",
        "version": "version 2.000.012"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:princeton:ptw-wms1_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      }
    ]
  },
  "cve": "CVE-2017-10903",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-10903",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2017-37969",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-101272",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-10903",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 7.5,
            "baseSeverity": "High",
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000241",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2017-000241",
            "trust": 1.6,
            "value": "Critical"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000241",
            "trust": 1.6,
            "value": "High"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-10903",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-37969",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-099",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-101272",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2017-10903",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors. Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1 provided by Princeton Ltd. is a Wi-Fi storage. Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1 contains multiple vulnerabilities listed below. * Improper Access Restriction (CWE-284) - CVE-2017-10900 * Buffer Overflow (CWE-119) - CVE-2017-10901 * OS Command Injection (CWE-78) - CVE-2017-10902 * Improper Authentication (CWE-287) - CVE-2017-10903 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A remote attacker may access the shared disk connected to the device, and then obtain or delete information in the disk. - CVE-2017-10900 * Receiving a specially crafted packet from a remote attacker may result in a denial-of-service (DoS) condition. - CVE-2017-10901 * A remote attacker may log in the device and execute an arbitrary OS command. - CVE-2017-10903. A security vulnerability exists in PrincetonPTW-WMS1 using firmware version 2.000.012",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903"
      }
    ],
    "trust": 2.34
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-10903",
        "trust": 3.2
      },
      {
        "db": "JVN",
        "id": "JVN98295787",
        "trust": 3.2
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "id": "VAR-201712-0053",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      }
    ],
    "trust": 1.35384614
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:52:15.534000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Princeton Ltd. website",
        "trust": 0.8,
        "url": "http://www.princeton.co.jp/news/2016/12/201612271100.html"
      },
      {
        "title": "PrincetonPTW-WMS1 patch for improper authentication vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/111615"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-287",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "https://jvn.jp/en/jp/jvn98295787/index.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10903"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10900"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10901"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10902"
      },
      {
        "trust": 0.8,
        "url": "https://www.ipa.go.jp/security/ciadr/vul/20171130-1-jvn.html"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10900"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10901"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10902"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-10903"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn98295787/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/287.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "date": "2017-12-01T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "date": "2017-11-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "date": "2017-07-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "date": "2017-12-01T14:29:00.600000",
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-12-25T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-37969"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-101272"
      },
      {
        "date": "2017-12-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2017-10903"
      },
      {
        "date": "2018-03-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      },
      {
        "date": "2017-12-04T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      },
      {
        "date": "2024-11-21T03:06:42.890000",
        "db": "NVD",
        "id": "CVE-2017-10903"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Wireless mobile storage \"Digizo ShAirDisk\" PTW-WMS1",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000241"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "authorization issue",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-099"
      }
    ],
    "trust": 0.6
  }
}

gsd-2017-10903

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

Aliases

CVE-2017-10903

Aliases

CVE-2017-10903

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-10903",
    "description": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.",
    "id": "GSD-2017-10903"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-10903"
      ],
      "details": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.",
      "id": "GSD-2017-10903",
      "modified": "2023-12-13T01:21:14.389666Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-10903",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "PTW-WMS1",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version 2.000.012"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Princeton Ltd."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Improper authentication"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#98295787",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN98295787/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:princeton:ptw-wms1_firmware:2.000.012:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:princeton:ptw-wms1:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-10903"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-287"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#98295787",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "Vendor Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN98295787/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": true,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-12-12T15:44Z",
      "publishedDate": "2017-12-01T14:29Z"
    }
  }
}

fkie_cve-2017-10903

Vulnerability from fkie_nvd

Published

2017-12-01 14:29

Modified

2025-04-20 01:37

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

References

	URL	Tags
	vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN98295787/index.html	Third Party Advisory, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN98295787/index.html	Third Party Advisory, Vendor Advisory

Impacted products

	Vendor	Product	Version
	princeton	ptw-wms1_firmware	2.000.012
	princeton	ptw-wms1	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:princeton:ptw-wms1_firmware:2.000.012:*:*:*:*:*:*:*",
              "matchCriteriaId": "F788289A-F80D-4C43-B0F3-620FB4D061A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:princeton:ptw-wms1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "96741396-A914-452E-A06F-85076F511C55",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Problema de autenticaci\u00f3n incorrecta en PTW-WMS1 con versi\u00f3n de firmware 2.000.012 permite que los atacantes remotos inicien sesi\u00f3n en el dispositivo con privilegios root y realicen operaciones arbitrarias mediante vectores no especificados."
    }
  ],
  "id": "CVE-2017-10903",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": true,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-12-01T14:29:00.600",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN98295787/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN98295787/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-93hg-wrwc-xv7f

Vulnerability from github

Published

2022-05-17 00:16

Modified

2022-05-17 00:16

Severity ?

9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-10903"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-287"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-12-01T14:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "Improper authentication issue in PTW-WMS1 firmware version 2.000.012 allows remote attackers to log in to the device with root privileges and conduct arbitrary operations via unspecified vectors.",
  "id": "GHSA-93hg-wrwc-xv7f",
  "modified": "2022-05-17T00:16:23Z",
  "published": "2022-05-17T00:16:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10903"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN98295787/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-37969

Vulnerability from cnvd

Title

Princeton PTW-WMS1不当认证漏洞

Description

Princeton PTW-WMS1是日本Princeton公司的一款无线存储设备。使用2.000.012版本固件的Princeton PTW-WMS1中存在安全漏洞。远程攻击者可利用该漏洞以root权限登录到设备，并执行任意操作。

Severity

高

Patch Name

Princeton PTW-WMS1不当认证漏洞的补丁

Patch Description

Princeton PTW-WMS1是日本Princeton公司的一款无线存储设备。使用2.000.012版本固件的Princeton PTW-WMS1中存在安全漏洞。远程攻击者可利用该漏洞以root权限登录到设备，并执行任意操作。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://www.princeton.co.jp/news/2016/12/201612271100.html

Reference

http://jvn.jp/en/jp/JVN98295787/

Impacted products

Name
Princeton Ltd. PTW-WMS1 firmware 2.000.012

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-10903"
    }
  },
  "description": "Princeton PTW-WMS1\u662f\u65e5\u672cPrinceton\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5b58\u50a8\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75282.000.012\u7248\u672c\u56fa\u4ef6\u7684Princeton PTW-WMS1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u767b\u5f55\u5230\u8bbe\u5907\uff0c\u5e76\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002",
  "discovererName": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://www.princeton.co.jp/news/2016/12/201612271100.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-37969",
  "openTime": "2017-12-25",
  "patchDescription": "Princeton PTW-WMS1\u662f\u65e5\u672cPrinceton\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u5b58\u50a8\u8bbe\u5907\u3002\r\n\r\n\u4f7f\u75282.000.012\u7248\u672c\u56fa\u4ef6\u7684Princeton PTW-WMS1\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5root\u6743\u9650\u767b\u5f55\u5230\u8bbe\u5907\uff0c\u5e76\u6267\u884c\u4efb\u610f\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Princeton PTW-WMS1\u4e0d\u5f53\u8ba4\u8bc1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Princeton Ltd. PTW-WMS1 firmware 2.000.012"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN98295787/",
  "serverity": "\u9ad8",
  "submitTime": "2017-12-01",
  "title": "Princeton PTW-WMS1\u4e0d\u5f53\u8ba4\u8bc1\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-10903 (GCVE-0-2017-10903)

Vulnerability from cvelistv5

CVE-2017-10903

Vulnerability from jvndb

var-201712-0053

Vulnerability from variot

gsd-2017-10903

Vulnerability from gsd

fkie_cve-2017-10903

Vulnerability from fkie_nvd

ghsa-93hg-wrwc-xv7f

Vulnerability from github

cnvd-2017-37969

Vulnerability from cnvd

Tags

Sightings

Nomenclature