cvelistv5 - cve-2017-2276

CVE-2017-2276 (GCVE-0-2017-2276)

Vulnerability from cvelistv5

Published

2017-07-22 00:00

Modified

2024-08-05 13:48

Severity ?

CWE

Buffer Overflow

Summary

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

References

URL

	Vendor	Product	Version
	Sony Corporation	WG-C10	Version: v3.0.79 and earlier

fkie_cve-2017-2276

Vulnerability from fkie_nvd

Published

2017-07-22 00:29

Modified

2025-04-20 01:37

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

References

URL	Tags
vultures@jpcert.or.jp	https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN14151222/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN14151222/index.html	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	sony	wg-c10_firmware	*
	sony	wg-c10	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CDA4687-99EE-4314-8762-E63526D6F261",
              "versionEndIncluding": "3.0.79",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "398093BE-5188-46B3-BFC5-117D7907C50A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Un desbordamiento de b\u00fafer en WG-C10 versi\u00f3n 3.0.79 y anteriores, permite a un atacante ejecutar comandos arbitrarios por medio de vectores no especificados."
    }
  ],
  "id": "CVE-2017-2276",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-07-22T00:29:00.340",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2017-2276

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

Aliases

CVE-2017-2276

Aliases

CVE-2017-2276

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2276",
    "description": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.",
    "id": "GSD-2017-2276"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2276"
      ],
      "details": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.",
      "id": "GSD-2017-2276",
      "modified": "2023-12-13T01:21:05.340179Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2276",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WG-C10",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "v3.0.79 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Sony Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#14151222",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
          },
          {
            "name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10",
            "refsource": "MISC",
            "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:sony:wg-c10_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "3.0.79",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:sony:wg-c10:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2276"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#14151222",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
            },
            {
              "name": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-26T20:11Z",
      "publishedDate": "2017-07-22T00:29Z"
    }
  }
}

cve-2017-2276

Vulnerability from jvndb

Published

2017-07-19 15:07

Modified

2018-01-24 12:34

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Details

Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN14151222/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2275
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2276
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2275
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2276
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Sony Corporation

WG-C10

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000175.html",
  "dc:date": "2018-01-24T12:34+09:00",
  "dcterms:issued": "2017-07-19T15:07+09:00",
  "dcterms:modified": "2018-01-24T12:34+09:00",
  "description": "Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. \r\n\r\n * OS command injection (CWE-78) - CVE-2017-2275\r\n * Buffer overflow (CWE-119) - CVE-2017-2276\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000175.html",
  "sec:cpe": {
    "#text": "cpe:/h:sony:wg-c10",
    "@product": "WG-C10",
    "@vendor": "Sony Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000175",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN14151222/index.html",
      "@id": "JVN#14151222",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2275",
      "@id": "CVE-2017-2275",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2276",
      "@id": "CVE-2017-2276",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2275",
      "@id": "CVE-2017-2275",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2276",
      "@id": "CVE-2017-2276",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities SONY Portable Wireless Server WG-C10"
}

ghsa-3fmr-m4vg-vfvw

Vulnerability from github

Published

2022-05-17 02:25

Modified

2022-05-17 02:25

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2276"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-22T00:29:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.",
  "id": "GHSA-3fmr-m4vg-vfvw",
  "modified": "2022-05-17T02:25:41Z",
  "published": "2022-05-17T02:25:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2276"
    },
    {
      "type": "WEB",
      "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN14151222/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

var-201707-0321

Vulnerability from variot

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in to the product as an administrator may execute arbitrary OS commands. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0321",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "sony",
        "version": "3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "sony",
        "version": "v3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "sony",
        "version": "\u003c=3.0.79"
      },
      {
        "model": "wg-c10",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "sony",
        "version": "3.0.79"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:sony:wg-c10",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      }
    ]
  },
  "cve": "CVE-2017-2276",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000175",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CVE-2017-2276",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2017-24404",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "VHN-110479",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000175",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2017-2276",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2017-000175",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2276",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-24404",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201707-1099",
            "trust": 0.6,
            "value": "CRITICAL"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110479",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in to the product as an administrator may execute arbitrary OS commands. There are security vulnerabilities in Sony WG-C103.0.79 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN14151222",
        "trust": 3.1
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "id": "VAR-201707-0321",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      }
    ],
    "trust": 1.2999999999999998
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:38:28.865000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Notice for the WG-C10 Portable Wireless Server",
        "trust": 0.8,
        "url": "https://esupport.sony.com/US/p/news-item.pl?news_id=527\u0026mdl=WGC10"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn14151222/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026mdl=wgc10"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2275"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2276"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2275"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2276"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn14151222/"
      },
      {
        "trust": 0.1,
        "url": "https://esupport.sony.com/us/p/news-item.pl?news_id=527\u0026amp;mdl=wgc10"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-09-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "date": "2017-07-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "date": "2017-07-19T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "date": "2017-07-22T00:29:00.340000",
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-05-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-24404"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110479"
      },
      {
        "date": "2018-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      },
      {
        "date": "2017-07-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      },
      {
        "date": "2024-11-21T03:23:11.613000",
        "db": "NVD",
        "id": "CVE-2017-2276"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities SONY Portable Wireless Server WG-C10",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000175"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201707-1099"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2017-2276 (GCVE-0-2017-2276)

Vulnerability from cvelistv5

fkie_cve-2017-2276

Vulnerability from fkie_nvd

gsd-2017-2276

Vulnerability from gsd

cve-2017-2276

Vulnerability from jvndb

ghsa-3fmr-m4vg-vfvw

Vulnerability from github

var-201707-0321

Vulnerability from variot

Tags

Sightings

Nomenclature