cnvd - cnvd-2018-05859

cnvd-2018-05859

Vulnerability from cnvd

Title

Fuji Electric FS010W跨站请求伪造漏洞

Description

Fuji Electric FS010W是日本富士电机（Fuji Electric）公司的一款无线路由器产品。使用FS010W_00_V1.3.0及之前版本固件的Fuji Electric FS010W中存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行未授权的操作。

Severity

中

Formal description

目前没有详细的解决方案提供： https://www.fsi.co.jp/

Reference

https://jvn.jp/en/jp/JVN83834277/index.html

Impacted products

Name
Fuji Electric FS010W <=FS010W_00_V1.3.0

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0520"
    }
  },
  "description": "Fuji Electric FS010W\u662f\u65e5\u672c\u5bcc\u58eb\u7535\u673a\uff08Fuji Electric\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u7528FS010W_00_V1.3.0\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Fuji Electric FS010W\u4e2d\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u7684\u64cd\u4f5c\u3002",
  "discovererName": "Manabu Kobayashi",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.fsi.co.jp/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05859",
  "openTime": "2018-03-21",
  "products": {
    "product": "Fuji Electric FS010W \u003c=FS010W_00_V1.3.0"
  },
  "referenceLink": "https://jvn.jp/en/jp/JVN83834277/index.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-02-27",
  "title": "Fuji Electric FS010W\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2018-0520 (GCVE-0-2018-0520)

Vulnerability from cvelistv5

Published

2018-02-23 15:00

Modified

2024-08-05 03:28

Severity ?

CWE

Cross-site request forgery

Summary

Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors.

References

URL

Tags

https://jvn.jp/en/jp/JVN83834277/index.html

third-party-advisory, x_refsource_JVN

Impacted products

	Vendor	Product	Version
	FUJI SOFT INCORPORATED	FS010W	Version: firmware FS010W_00_V1.3.0 and earlier

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:28:11.092Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#83834277",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN83834277/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "FS010W",
          "vendor": "FUJI SOFT INCORPORATED",
          "versions": [
            {
              "status": "affected",
              "version": "firmware FS010W_00_V1.3.0 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2018-02-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site request forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-23T14:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#83834277",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN83834277/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0520",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "FS010W",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware FS010W_00_V1.3.0 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FUJI SOFT INCORPORATED"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to hijack the authentication of administrators via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#83834277",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN83834277/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0520",
    "datePublished": "2018-02-23T15:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:28:11.092Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.