cnvd-2016-00914
Vulnerability from cnvd
Title
KDDI HOME SPOT CUBE devices CRLF注入漏洞
Description
KDDI HOME SPOT CUBE是日本KDDI公司的一款家庭无线路由器产品。 KDDI HOME SPOT CUBE 2之前版本中存在CRLF注入漏洞。远程攻击者可利用该漏洞注入任意HTTP头。
Severity
Patch Name
KDDI HOME SPOT CUBE devices CRLF注入漏洞的补丁
Patch Description
KDDI HOME SPOT CUBE是日本KDDI公司的一款家庭无线路由器产品。 KDDI HOME SPOT CUBE 2之前版本中存在CRLF注入漏洞。远程攻击者可利用该漏洞注入任意HTTP头。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已经发布升级补丁/版本以修复这个安全问题,请用户及时下载更新: http://www.au.kddi.com/

Reference
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1138
Impacted products
Name
KDDI HOME SPOT CUBE devices <2
Show details on source website

To clipboard 

{
  "bids": {
    "bid": {
      "bidNumber": "81982"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1138"
    }
  },
  "description": "KDDI HOME SPOT CUBE\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u5ead\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nKDDI HOME SPOT CUBE 2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fHTTP\u5934\u3002",
  "discovererName": "Masaki Yoshikawa",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u5347\u7ea7\u8865\u4e01/\u7248\u672c\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u7528\u6237\u53ca\u65f6\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttp://www.au.kddi.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00914",
  "openTime": "2016-02-15",
  "patchDescription": "KDDI HOME SPOT CUBE\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u5ead\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nKDDI HOME SPOT CUBE 2\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728CRLF\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610fHTTP\u5934\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "KDDI HOME SPOT CUBE devices CRLF\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "KDDI HOME SPOT CUBE devices \u003c2"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1138",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-02",
  "title": "KDDI HOME SPOT CUBE devices CRLF\u6ce8\u5165\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.