cvelistv5 - cve-2018-0640

CVE-2018-0640 (GCVE-0-2018-0640)

Vulnerability from cvelistv5

Published

2019-01-09 22:00

Modified

2024-08-05 03:35

Severity ?

CWE

Buffer Overflow

Summary

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

References

URL

	Vendor	Product	Version
	NEC Corporation	HC100RC	Version: Ver1.0.1 and earlier

cve-2018-0640

Vulnerability from jvndb

Published

2018-07-12 15:04

Modified

2019-08-27 13:52

Severity ?

6.6 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Aterm HC100RC

Details

Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN84825660/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0634
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0635
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0636
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0637
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0638
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0639
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0640
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0641
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0634
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0635
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0636
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0637
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0638
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0639
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0640
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0641
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

NEC Corporation

Aterm HC100RC

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000077.html",
  "dc:date": "2019-08-27T13:52+09:00",
  "dcterms:issued": "2018-07-12T15:04+09:00",
  "dcterms:modified": "2019-08-27T13:52+09:00",
  "description": "Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below.\r\n\r\n* OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639\r\n* Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000077.html",
  "sec:cpe": {
    "#text": "cpe:/o:nec:aterm_hc100rc_firmware",
    "@product": "Aterm HC100RC",
    "@vendor": "NEC Corporation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000077",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN84825660/index.html",
      "@id": "JVN#84825660",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0634",
      "@id": "CVE-2018-0634",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0635",
      "@id": "CVE-2018-0635",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0636",
      "@id": "CVE-2018-0636",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0637",
      "@id": "CVE-2018-0637",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0638",
      "@id": "CVE-2018-0638",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0639",
      "@id": "CVE-2018-0639",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0640",
      "@id": "CVE-2018-0640",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0641",
      "@id": "CVE-2018-0641",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0634",
      "@id": "CVE-2018-0634",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0635",
      "@id": "CVE-2018-0635",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0636",
      "@id": "CVE-2018-0636",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0637",
      "@id": "CVE-2018-0637",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0638",
      "@id": "CVE-2018-0638",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0639",
      "@id": "CVE-2018-0639",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0640",
      "@id": "CVE-2018-0640",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0641",
      "@id": "CVE-2018-0641",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple vulnerabilities in Aterm HC100RC"
}

var-201901-0744

Vulnerability from variot

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NEC Aterm HC100RC is a network camera from NEC. A buffer overflow vulnerability exists in NEC Aterm HC100RC with firmware version 1.0.1 and earlier

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0744",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aterm hc100rc",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.0.1"
      },
      {
        "model": "aterm hc100rc",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec",
        "version": "camera firmware ver1.0.1"
      },
      {
        "model": "aterm hc100rc",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "nec",
        "version": "\u003c=1.0.1"
      },
      {
        "model": "aterm hc100rc",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "1.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:nec:aterm_hc100rc_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      }
    ]
  },
  "cve": "CVE-2018-0640",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000077",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 1.6,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.0,
            "id": "CVE-2018-0640",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.2,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.1,
            "id": "CNVD-2019-01294",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000077",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 1.6,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.2,
            "id": "CVE-2018-0640",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000077",
            "trust": 1.6,
            "value": "Medium"
          },
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-0640",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-01294",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201901-289",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NEC Aterm HC100RC is a network camera from NEC. A buffer overflow vulnerability exists in NEC Aterm HC100RC with firmware version 1.0.1 and earlier",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-0640",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN84825660",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077",
        "trust": 0.8
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "id": "VAR-201901-0744",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      }
    ],
    "trust": 1.26
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      }
    ]
  },
  "last_update_date": "2024-11-23T21:37:45.475000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "NV18-011",
        "trust": 0.8,
        "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
      },
      {
        "title": "Patch for NEC Aterm HC100RC Buffer Overflow Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/149895"
      },
      {
        "title": "NEC Aterm HC100RC Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88472"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://jvn.jp/en/jp/jvn84825660/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0640"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0638"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0639"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0640"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0641"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0634"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0635"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0636"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0637"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0637"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0638"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0639"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0641"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0634"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0635"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-0636"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "date": "2018-07-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "date": "2019-01-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "date": "2019-01-09T23:29:01.200000",
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-01-14T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-01294"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      },
      {
        "date": "2021-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      },
      {
        "date": "2024-11-21T03:38:38.710000",
        "db": "NVD",
        "id": "CVE-2018-0640"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple vulnerabilities in Aterm HC100RC",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000077"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201901-289"
      }
    ],
    "trust": 0.6
  }
}

gsd-2018-0640

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

Aliases

CVE-2018-0640

Aliases

CVE-2018-0640

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-0640",
    "description": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.",
    "id": "GSD-2018-0640"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-0640"
      ],
      "details": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.",
      "id": "GSD-2018-0640",
      "modified": "2023-12-13T01:22:25.142490Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-0640",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HC100RC",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Ver1.0.1 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#84825660",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN84825660/index.html"
          },
          {
            "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
            "refsource": "MISC",
            "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_hc100rc_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_hc100rc:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0640"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#84825660",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN84825660/index.html"
            },
            {
              "name": "https://jpn.nec.com/security-info/secinfo/nv18-011.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-01-16T19:35Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

fkie_cve-2018-0640

Vulnerability from fkie_nvd

Published

2019-01-09 23:29

Modified

2024-11-21 03:38

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

References

URL	Tags
vultures@jpcert.or.jp	https://jpn.nec.com/security-info/secinfo/nv18-011.html	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN84825660/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jpn.nec.com/security-info/secinfo/nv18-011.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN84825660/index.html	Third Party Advisory

Impacted products

	Vendor	Product	Version
	nec	aterm_hc100rc_firmware	*
	nec	aterm_hc100rc	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_hc100rc_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "60CD4B13-4490-4977-AE7A-72942A3DA2B9",
              "versionEndIncluding": "1.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_hc100rc:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5111AAF-93BC-4BA4-BE0A-3962A7D94632",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter."
    },
    {
      "lang": "es",
      "value": "Aterm HC100RC, en su versi\u00f3n Ver1.0.1 y anteriores, permite a los atacantes con permisos de administrador ejecutar c\u00f3digo arbitrario mediante los par\u00e1metros netWizard.cgi date, time y offset."
    }
  ],
  "id": "CVE-2018-0640",
  "lastModified": "2024-11-21T03:38:38.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:01.200",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN84825660/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN84825660/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cnvd-2019-01294

Vulnerability from cnvd

Title

NEC Aterm HC100RC缓冲区溢出漏洞

Description

NEC Aterm HC100RC是日本电气（NEC）公司的一款网络摄像机。使用1.0.1及之前版本固件的NEC Aterm HC100RC中存在缓冲区溢出漏洞。攻击者可借助‘date’、‘time’和‘offset’参数利用该漏洞执行任意代码。

Severity

中

Patch Name

NEC Aterm HC100RC缓冲区溢出漏洞的补丁

Patch Description

NEC Aterm HC100RC是日本电气（NEC）公司的一款网络摄像机。使用1.0.1及之前版本固件的NEC Aterm HC100RC中存在缓冲区溢出漏洞。攻击者可借助‘date’、‘time’和‘offset’参数利用该漏洞执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://jpn.nec.com/security-info/secinfo/nv18-011.html

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-0640

Impacted products

Name
NEC Aterm HC100RC <=1.0.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-0640"
    }
  },
  "description": "NEC Aterm HC100RC\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u6444\u50cf\u673a\u3002\n\n\u4f7f\u75281.0.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684NEC Aterm HC100RC\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u2018date\u2019\u3001\u2018time\u2019\u548c\u2018offset\u2019\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://jpn.nec.com/security-info/secinfo/nv18-011.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-01294",
  "openTime": "2019-01-14",
  "patchDescription": "NEC Aterm HC100RC\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u4e00\u6b3e\u7f51\u7edc\u6444\u50cf\u673a\u3002\r\n\r\n\u4f7f\u75281.0.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684NEC Aterm HC100RC\u4e2d\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u501f\u52a9\u2018date\u2019\u3001\u2018time\u2019\u548c\u2018offset\u2019\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Aterm HC100RC\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "NEC Aterm HC100RC \u003c=1.0.1"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-0640",
  "serverity": "\u4e2d",
  "submitTime": "2019-01-11",
  "title": "NEC Aterm HC100RC\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}

ghsa-4pjf-jwfp-vg6f

Vulnerability from github

Published

2022-05-14 01:40

Modified

2022-05-14 01:40

Severity ?

7.2 (High) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-0640"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter.",
  "id": "GHSA-4pjf-jwfp-vg6f",
  "modified": "2022-05-14T01:40:19Z",
  "published": "2022-05-14T01:40:19Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0640"
    },
    {
      "type": "WEB",
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-011.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN84825660/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2018-0640 (GCVE-0-2018-0640)

Vulnerability from cvelistv5

cve-2018-0640

Vulnerability from jvndb

var-201901-0744

Vulnerability from variot

gsd-2018-0640

Vulnerability from gsd

fkie_cve-2018-0640

Vulnerability from fkie_nvd

cnvd-2019-01294

Vulnerability from cnvd

ghsa-4pjf-jwfp-vg6f

Vulnerability from github

Tags

Sightings

Nomenclature