cvelistv5 - CVE-2018-0677

CVE-2018-0677 (GCVE-0-2018-0677)

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 03:35

Severity ?

CWE

OS Command Injection

Summary

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

References

URL

	Vendor	Product	Version
	Panasonic Corporation	BN-SDWBP3	Version: firmware version 1.0.9 and earlier

var-201901-0727

Vulnerability from variot

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0727",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "bn-sdwbp3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "panasonic",
        "version": "1.0.9"
      },
      {
        "model": "bn-sdwbp3",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "panasonic",
        "version": "version 1.0.9"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:panasonic:bn-sdwbp3_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      }
    ]
  },
  "cve": "CVE-2018-0677",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000122",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.1,
            "id": "CVE-2018-0677",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000122",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 5.1,
            "id": "VHN-118879",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000122",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 0.9,
            "id": "CVE-2018-0677",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000122",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000122",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0677",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000122",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-266",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-118879",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An attacker may access to the management screen and execute an arbitrary command. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An operating system command injection vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN65082538",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122",
        "trust": 1.4
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-118879",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "id": "VAR-201901-0727",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:00:09.262000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Panasonic Wi-Fi Card reader - App Store",
        "trust": 0.8,
        "url": "https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja\u0026ls=1\u0026mt=8"
      },
      {
        "title": "Panasonic Wi-Fi Card reader - Google Play",
        "trust": 0.8,
        "url": "https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw\u0026hl=en_US"
      },
      {
        "title": "Panasonic Corporation website",
        "trust": 0.8,
        "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
      },
      {
        "title": "Panasonic BN-SDWBP3 Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88449"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-287",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn65082538/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0676"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0677"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0678"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html"
      },
      {
        "trust": 0.1,
        "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026amp;site_domain=p3"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "date": "2019-06-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "date": "2019-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "date": "2019-01-09T23:29:01.857000",
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-02-11T00:00:00",
        "db": "VULHUB",
        "id": "VHN-118879"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      },
      {
        "date": "2019-07-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      },
      {
        "date": "2024-11-21T03:38:43.383000",
        "db": "NVD",
        "id": "CVE-2018-0677"
      }
    ]
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Panasonic BN-SDWBP3",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000122"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-266"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2018-0677

Vulnerability from fkie_nvd

Published

2019-01-09 23:29

Modified

2024-11-21 03:38

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN65082538/index.html	Third Party Advisory
vultures@jpcert.or.jp	https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN65082538/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3	Vendor Advisory

Impacted products

	Vendor	Product	Version
	panasonic	bn-sdwbp3_firmware	*
	panasonic	bn-sdwbp3	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "66ADD8DF-CEA0-4B87-979F-0852F475BA82",
              "versionEndIncluding": "1.0.9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E706E01-319D-4E5B-96CB-67A6DCBD3F6C",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "BN-SDWBP3, con firmware 1.0.9 y anteriores, permite a un atacante con permisos de administrador en el mismo segmento de red ejecutar comandos arbitrarios del sistema operativo mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-0677",
  "lastModified": "2024-11-21T03:38:43.383",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.7,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:01.857",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN65082538/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN65082538/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2018-0677

Vulnerability from jvndb

Published

2019-06-28 18:28

Modified

2019-08-27 17:46

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Panasonic BN-SDWBP3

Details

BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN65082538/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0676
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0677
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0678
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0676
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0677
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0678
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Improper Authentication(CWE-287)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Panasonic Corporation

BN-SDWBP3 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000122.html",
  "dc:date": "2019-08-27T17:46+09:00",
  "dcterms:issued": "2019-06-28T18:28+09:00",
  "dcterms:modified": "2019-08-27T17:46+09:00",
  "description": "BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below.\r\n  * Improper Authentication (CWE-287) - CVE-2018-0676\r\n  * OS Command Injection(CWE-78) - CVE-2018-0677\r\n  * Buffer Overflow (CWE-119) - CVE-2018-0678\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000122.html",
  "sec:cpe": {
    "#text": "cpe:/o:panasonic:bn-sdwbp3_firmware",
    "@product": "BN-SDWBP3 firmware",
    "@vendor": "Panasonic Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000122",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN65082538/index.html",
      "@id": "JVN#65082538",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0676",
      "@id": "CVE-2018-0676",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0677",
      "@id": "CVE-2018-0677",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0678",
      "@id": "CVE-2018-0678",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0676",
      "@id": "CVE-2018-0676",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0677",
      "@id": "CVE-2018-0677",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0678",
      "@id": "CVE-2018-0678",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-287",
      "@title": "Improper Authentication(CWE-287)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in Panasonic BN-SDWBP3"
}

gsd-2018-0677

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

Aliases

CVE-2018-0677

Aliases

CVE-2018-0677

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0677",
    "description": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.",
    "id": "GSD-2018-0677"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0677"
      ],
      "details": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.",
      "id": "GSD-2018-0677",
      "modified": "2023-12-13T01:22:24.678907Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0677",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "BN-SDWBP3",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version 1.0.9 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Panasonic Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#65082538",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN65082538/index.html"
          },
          {
            "name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
            "refsource": "MISC",
            "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:panasonic:bn-sdwbp3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.9",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:panasonic:bn-sdwbp3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0677"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
            },
            {
              "name": "JVN#65082538",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN65082538/index.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.7,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-02-11T13:44Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

ghsa-qv65-jj38-5c62

Vulnerability from github

Published

2022-05-14 01:35

Modified

2022-05-14 01:35

Severity ?

6.8 (Medium) - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0677"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "BN-SDWBP3 firmware version 1.0.9 and earlier allows attacker with administrator rights on the same network segment to execute arbitrary OS commands via unspecified vectors.",
  "id": "GHSA-qv65-jj38-5c62",
  "modified": "2022-05-14T01:35:21Z",
  "published": "2022-05-14T01:35:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0677"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN65082538/index.html"
    },
    {
      "type": "WEB",
      "url": "https://p3.support.panasonic.com/faq/show/5017?\u0026site_domain=p3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0677 (GCVE-0-2018-0677)

Vulnerability from cvelistv5

var-201901-0727

Vulnerability from variot

fkie_cve-2018-0677

Vulnerability from fkie_nvd

CVE-2018-0677

Vulnerability from jvndb

gsd-2018-0677

Vulnerability from gsd

ghsa-qv65-jj38-5c62

Vulnerability from github

Tags

Sightings

Nomenclature