cvelistv5 - cve-2017-2183

CVE-2017-2183 (GCVE-0-2017-2183)

Vulnerability from cvelistv5

Published

2017-07-07 13:00

Modified

2024-08-05 13:48

Severity ?

CWE

OS Command Injection

Summary

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

References

URL

	Vendor	Product	Version
	KDDI CORPORATION	HOME SPOT CUBE2	Version: firmware V101 and earlier

fkie_cve-2017-2183

Vulnerability from fkie_nvd

Published

2017-07-07 13:29

Modified

2025-04-20 01:37

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN24348065/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/99282	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://www.au.com/information/notice_mobile/update/update-20170612-01/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN24348065/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/99282	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.au.com/information/notice_mobile/update/update-20170612-01/	Vendor Advisory

Impacted products

Vendor	Product	Version
kddi	home_spot_cube_2_firmware	v100
kddi	home_spot_cube_2_firmware	v101
kddi	home_spot_cube_2	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CD41B8B-D43A-466D-B994-B6B7AE8554DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v101:*:*:*:*:*:*:*",
              "matchCriteriaId": "2957E610-4807-4EA0-9242-B4F693E222F1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "330A6D16-3BBA-4D46-B7C1-17C08C8373D5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings."
    },
    {
      "lang": "es",
      "value": "HOME SPOT CUBE2 con versiones de firmware V101 y anteriores permite que atacantes autenticados ejecuten comandos arbitrarios del sistema operativo mediante Clock Settings."
    }
  ],
  "id": "CVE-2017-2183",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.2,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 5.1,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-07T13:29:00.317",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99282"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/99282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an attacker who can access the management screen of the product. The WebUI is one of the graphical user interfaces. An operating system command injection vulnerability exists in the WebUI in KDDIHOMESPOTCUBE2 using firmware versions 101 and earlier. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands. HOME SPOT CUBE2 is prone to following security vulnerabilities: 1. A buffer-overflow vulnerability 3. Other attacks may also be possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0411",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "home spot cube 2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "kddi",
        "version": "v100"
      },
      {
        "model": "home spot cube 2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "kddi",
        "version": "v101"
      },
      {
        "model": "home spot cube2",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "kddi",
        "version": "v101"
      },
      {
        "model": "home spot cube2",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "kddi",
        "version": "\u003c=v101"
      },
      {
        "model": "home spot cube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kddi",
        "version": "101"
      },
      {
        "model": "home spot cube",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kddi",
        "version": "102"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:kddi:home_spot_cube_2_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2183",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "CVE-2017-2183",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000135",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2017-14889",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "VHN-110386",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "id": "CVE-2017-2183",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000135",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2183",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000135",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14889",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1110",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110386",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an attacker who can access the management screen of the product. The WebUI is one of the graphical user interfaces. An operating system command injection vulnerability exists in the WebUI in KDDIHOMESPOTCUBE2 using firmware versions 101 and earlier. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands. HOME SPOT CUBE2 is prone to following security vulnerabilities:\n1. A buffer-overflow vulnerability\n3. Other attacks  may also be possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN24348065",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "99282",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "id": "VAR-201707-0411",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      }
    ],
    "trust": 1.45
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:12:59.099000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About Firmware update for HOME SPOT CUBE2",
        "trust": 0.8,
        "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
      },
      {
        "title": "KDDIHOMESPOTCUBEWebUI operating system command injection vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/98206"
      },
      {
        "title": "KDDI HOME SPOT CUBE Fixes for operating system command injection vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71309"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-78",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://jvn.jp/en/jp/jvn24348065/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99282"
      },
      {
        "trust": 1.7,
        "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2183"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2183"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn24348065/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kddi.com/english/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "date": "2017-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99282"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "date": "2017-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "date": "2017-07-07T13:29:00.317000",
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14889"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110386"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99282"
      },
      {
        "date": "2018-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      },
      {
        "date": "2017-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      },
      {
        "date": "2024-11-21T03:23:03.060000",
        "db": "NVD",
        "id": "CVE-2017-2183"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HOME SPOT CUBE2 vulnerable to OS command injection in clock settings",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000135"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "operating system commend injection",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1110"
      }
    ],
    "trust": 0.6
  }
}

ghsa-v6xm-gcvx-99rx

Vulnerability from github

Published

2022-05-17 02:29

Modified

2025-04-20 03:40

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2183"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-07T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.",
  "id": "GHSA-v6xm-gcvx-99rx",
  "modified": "2025-04-20T03:40:25Z",
  "published": "2022-05-17T02:29:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2183"
    },
    {
      "type": "WEB",
      "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99282"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cve-2017-2183

Vulnerability from jvndb

Published

2017-06-21 13:44

Modified

2018-02-14 11:54

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

HOME SPOT CUBE2 vulnerable to OS command injection in clock settings

Details

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN24348065/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2183
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2183
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

KDDI

HOME SPOT CUBE2 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000135.html",
  "dc:date": "2018-02-14T11:54+09:00",
  "dcterms:issued": "2017-06-21T13:44+09:00",
  "dcterms:modified": "2018-02-14T11:54+09:00",
  "description": "HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains OS command injection in clock settings.\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000135.html",
  "sec:cpe": {
    "#text": "cpe:/o:kddi:home_spot_cube_2_firmware",
    "@product": "HOME SPOT CUBE2 firmware",
    "@vendor": "KDDI",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000135",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN24348065/index.html",
      "@id": "JVN#24348065",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2183",
      "@id": "CVE-2017-2183",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2183",
      "@id": "CVE-2017-2183",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "HOME SPOT CUBE2 vulnerable to OS command injection in clock settings"
}

gsd-2017-2183

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.

Aliases

CVE-2017-2183

Aliases

CVE-2017-2183

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2183",
    "description": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.",
    "id": "GSD-2017-2183"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2183"
      ],
      "details": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings.",
      "id": "GSD-2017-2183",
      "modified": "2023-12-13T01:21:05.744479Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2183",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HOME SPOT CUBE2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware V101 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "KDDI CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "OS Command Injection"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
            "refsource": "CONFIRM",
            "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
          },
          {
            "name": "99282",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99282"
          },
          {
            "name": "JVN#24348065",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2183"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
            },
            {
              "name": "JVN#24348065",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
            },
            {
              "name": "99282",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99282"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 5.1,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-14T15:51Z",
      "publishedDate": "2017-07-07T13:29Z"
    }
  }
}

cnvd-2017-14889

Vulnerability from cnvd

Title

KDDI HOME SPOT CUBE WebUI 操作系统命令注入漏洞

Description

KDDI HOME SPOT CUBE是日本KDDI公司的一款家庭无线路由器产品。WebUI是其中的一个图形用户界面。使用101及之前版本固件的KDDI HOME SPOT CUBE2中的WebUI中存在操作系统命令注入漏洞。远程攻击者可利用该漏洞执行任意的操作系统命令。

Severity

中

Patch Name

KDDI HOME SPOT CUBE WebUI 操作系统命令注入漏洞的补丁

Patch Description

KDDI HOME SPOT CUBE是日本KDDI公司的一款家庭无线路由器产品。WebUI是其中的一个图形用户界面。使用101及之前版本固件的KDDI HOME SPOT CUBE2中的WebUI中存在操作系统命令注入漏洞。远程攻击者可利用该漏洞执行任意的操作系统命令。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页： http://www.kddi.com/english/

Reference

http://jvn.jp/en/jp/JVN24348065/

Impacted products

Name
KDDI HOME SPOT CUBE2 <=V101

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2183"
    }
  },
  "description": "KDDI HOME SPOT CUBE\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u5ead\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002WebUI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u5f62\u7528\u6237\u754c\u9762\u3002\r\n\r\n\u4f7f\u7528101\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684KDDI HOME SPOT CUBE2\u4e2d\u7684WebUI\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002",
  "discovererName": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://www.kddi.com/english/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-14889",
  "openTime": "2017-07-17",
  "patchDescription": "KDDI HOME SPOT CUBE\u662f\u65e5\u672cKDDI\u516c\u53f8\u7684\u4e00\u6b3e\u5bb6\u5ead\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002WebUI\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u56fe\u5f62\u7528\u6237\u754c\u9762\u3002\r\n\r\n\u4f7f\u7528101\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684KDDI HOME SPOT CUBE2\u4e2d\u7684WebUI\u4e2d\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u7684\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "KDDI HOME SPOT CUBE WebUI \u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "KDDI HOME SPOT CUBE2 \u003c=\u200bV101"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN24348065/",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-21",
  "title": "KDDI HOME SPOT CUBE WebUI \u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2183 (GCVE-0-2017-2183)

Vulnerability from cvelistv5

fkie_cve-2017-2183

Vulnerability from fkie_nvd

var-201707-0411

Vulnerability from variot

ghsa-v6xm-gcvx-99rx

Vulnerability from github

cve-2017-2183

Vulnerability from jvndb

gsd-2017-2183

Vulnerability from gsd

cnvd-2017-14889

Vulnerability from cnvd

Tags

Sightings

Nomenclature