cvelistv5 - CVE-2017-2277

CVE-2017-2277 (GCVE-0-2017-2277)

Vulnerability from cvelistv5

Published

2017-07-22 00:00

Modified

2024-08-05 13:48

Severity ?

CWE

Fails to restrict access

Summary

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.

References

URL

	Vendor	Product	Version
	Sony Corporation	WG-C10	Version: v3.0.79 and earlier

ghsa-hh8j-qqj6-cm4x

Vulnerability from github

Published

2022-05-13 01:18

Modified

2022-05-13 01:18

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2277"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-22T00:29:00Z",
    "severity": "CRITICAL"
  },
  "details": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.",
  "id": "GHSA-hh8j-qqj6-cm4x",
  "modified": "2022-05-13T01:18:22Z",
  "published": "2022-05-13T01:18:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2277"
    },
    {
      "type": "WEB",
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN77412145/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-2277

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.

Aliases

CVE-2017-2277

Aliases

CVE-2017-2277

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2277",
    "description": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.",
    "id": "GSD-2017-2277"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2277"
      ],
      "details": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.",
      "id": "GSD-2017-2277",
      "modified": "2023-12-13T01:21:05.230813Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2277",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WG-C10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "v3.0.79 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Fails to restrict access"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#77412145",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN77412145/index.html"
          },
          {
            "name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10",
            "refsource": "MISC",
            "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.79",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2277"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#77412145",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN77412145/index.html"
            },
            {
              "name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.2
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2017-07-22T00:29Z"
    }
  }
}

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0322",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "v3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sony",
        "version": "\u003c=3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "3.0.79"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:sony:wg-c10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      }
    ]
  },
  "cve": "CVE-2017-2277",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2017-2277",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000176",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2017-24405",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-110480",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 3.9,
            "id": "CVE-2017-2277",
            "impactScore": 5.2,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "IPA",
            "availabilityImpact": "Low",
            "baseScore": 7.3,
            "baseSeverity": "High",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000176",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2277",
            "trust": 1.0,
            "value": "CRITICAL"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000176",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-24405",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1098",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110480",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2277",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN77412145",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098",
        "trust": 0.7
      },
      {
        "db": "JVN",
        "id": "JVN14151222",
        "trust": 0.6
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "id": "VAR-201707-0322",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      }
    ],
    "trust": 1.2999999999999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:38:28.895000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Notice for the WG-C10 Portable Wireless Server",
        "trust": 0.8,
        "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-284",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn77412145/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2277"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2277"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn14151222/"
      },
      {
        "trust": 0.1,
        "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026amp;mdl=wgc10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "date": "2017-07-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "date": "2017-07-22T00:29:00.373000",
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-24405"
      },
      {
        "date": "2020-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110480"
      },
      {
        "date": "2018-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      },
      {
        "date": "2020-10-23T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      },
      {
        "date": "2024-11-21T03:23:11.727000",
        "db": "NVD",
        "id": "CVE-2017-2277"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "SONY Portable Wireless Server WG-C10 fails to restrict access permissions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000176"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1098"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2017-2277

Vulnerability from fkie_nvd

Published

2017-07-22 00:29

Modified

2025-04-20 01:37

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Summary

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN77412145/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN77412145/index.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	sony	wg-c10_firmware	*
	sony	wg-c10	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDA4687-99EE-4314-8762-E63526D6F261",
              "versionEndIncluding": "3.0.79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "398093BE-5188-46B3-BFC5-117D7907C50A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "WG-C10 versi\u00f3n 3.0.79 y anteriores, permite a un atacante omitir las restricciones de acceso para obtener o alterar la informaci\u00f3n almacenada en el almacenamiento externo conectado al producto por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2017-2277",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-22T00:29:00.373",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN77412145/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN77412145/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2017-2277

Vulnerability from jvndb

Published

2017-07-19 15:07

Modified

2018-02-14 12:02

Severity ?

7.3 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Details

Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN77412145/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2277
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2277
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Sony Corporation

WG-C10

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000176.html",
  "dc:date": "2018-02-14T12:02+09:00",
  "dcterms:issued": "2017-07-19T15:07+09:00",
  "dcterms:modified": "2018-02-14T12:02+09:00",
  "description": "Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284).\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000176.html",
  "sec:cpe": {
    "#text": "cpe:/h:sony:wg-c10",
    "@product": "WG-C10",
    "@vendor": "Sony Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "7.5",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "7.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000176",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN77412145/index.html",
      "@id": "JVN#77412145",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2277",
      "@id": "CVE-2017-2277",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2277",
      "@id": "CVE-2017-2277",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "SONY Portable Wireless Server WG-C10 fails to restrict access permissions"
}

cnvd-2017-24405

Vulnerability from cnvd

Title

Sony WG-C10安全绕过漏洞

Description

Sony WG-C10是日本索尼（Sony）公司的一款无线便携式服务器。 Sony WG-C10 3.0.79及之前的版本中存在安全漏洞。攻击者可利用该漏洞绕过访问控制，获取或更改储存在外部储存设备中的信息。

Severity

高

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https://www.sony.com/

Reference

http://jvn.jp/en/jp/JVN14151222/

Impacted products

Name
Sony WG-C10 <=3.0.79

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2277",
      "cveUrl": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2277"
    }
  },
  "description": "Sony WG-C10\u662f\u65e5\u672c\u7d22\u5c3c\uff08Sony\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u4fbf\u643a\u5f0f\u670d\u52a1\u5668\u3002\r\n\r\nSony WG-C10 3.0.79\u53ca\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u7ed5\u8fc7\u8bbf\u95ee\u63a7\u5236\uff0c\u83b7\u53d6\u6216\u66f4\u6539\u50a8\u5b58\u5728\u5916\u90e8\u50a8\u5b58\u8bbe\u5907\u4e2d\u7684\u4fe1\u606f\u3002",
  "discovererName": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps://www.sony.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-24405",
  "openTime": "2017-09-03",
  "products": {
    "product": "Sony WG-C10 \u003c=3.0.79"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN14151222/",
  "serverity": "\u9ad8",
  "submitTime": "2017-07-19",
  "title": "Sony WG-C10\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2277 (GCVE-0-2017-2277)

Vulnerability from cvelistv5

ghsa-hh8j-qqj6-cm4x

Vulnerability from github

gsd-2017-2277

Vulnerability from gsd

var-201707-0322

Vulnerability from variot

fkie_cve-2017-2277

Vulnerability from fkie_nvd

CVE-2017-2277

Vulnerability from jvndb

cnvd-2017-24405

Vulnerability from cnvd

Tags

Sightings

Nomenclature