jvndb - jvndb-2018-000007

jvndb-2018-000007

Vulnerability from jvndb

Published

2018-02-06 14:22

Modified

2018-04-11 11:51

Severity ?

6.8 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection

Details

"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78). Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN36048131/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0512
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	I-O DATA DEVICE, INC.	BX-VP1
	I-O DATA DEVICE, INC.	GV-NTX1
	I-O DATA DEVICE, INC.	GV-NTX2
	I-O DATA DEVICE, INC.	HDL-A Series
	I-O DATA DEVICE, INC.	HDL-AH Series
	I-O DATA DEVICE, INC.	HDL-GT Series
	I-O DATA DEVICE, INC.	HDL-GTR Series
	I-O DATA DEVICE, INC.	HDL-T Series
	I-O DATA DEVICE, INC.	HDL-XR Series
	I-O DATA DEVICE, INC.	HDL-XR2U Series
	I-O DATA DEVICE, INC.	HDL-XR2UW Series
	I-O DATA DEVICE, INC.	HDL-XRW Series
	I-O DATA DEVICE, INC.	HDL-XV Series
	I-O DATA DEVICE, INC.	HDL-XVW Series
	I-O DATA DEVICE, INC.	HDL2-A Series
	I-O DATA DEVICE, INC.	HDL2-AH Series
	I-O DATA DEVICE, INC.	HFAS1 Series
	I-O DATA DEVICE, INC.	HLS-C Series
	I-O DATA DEVICE, INC.	HVL-A series
	I-O DATA DEVICE, INC.	HVL-AT series
	I-O DATA DEVICE, INC.	HVL-ATA series
	I-O DATA DEVICE, INC.	HVL-S Series
	I-O DATA DEVICE, INC.	WHG-AC1750/AL
	I-O DATA DEVICE, INC.	WHG-AC1750/A
	I-O DATA DEVICE, INC.	WHG-NAPG/A
	I-O DATA DEVICE, INC.	WHG-NAPG/AL
	I-O DATA DEVICE, INC.	WN-AC1167DGR
	I-O DATA DEVICE, INC.	WN-AC1300EX
	I-O DATA DEVICE, INC.	WN-AC1600DGR
	I-O DATA DEVICE, INC.	WN-AC583RK
	I-O DATA DEVICE, INC.	WN-AC583TRK
	I-O DATA DEVICE, INC.	WN-AG300DGR
	I-O DATA DEVICE, INC.	WN-AG750DGR
	I-O DATA DEVICE, INC.	WN-AX1167GR
	I-O DATA DEVICE, INC.	WN-G300EX
	I-O DATA DEVICE, INC.	WN-G300R
	I-O DATA DEVICE, INC.	WN-G300R3
	I-O DATA DEVICE, INC.	WN-G300SR
	I-O DATA DEVICE, INC.	WN-GX300GR
	I-O DATA DEVICE, INC.	WNPR1167F
	I-O DATA DEVICE, INC.	WNPR1167G
	I-O DATA DEVICE, INC.	WNPR1750G
	I-O DATA DEVICE, INC.	WNPR2600G

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
  "dc:date": "2018-04-11T11:51+09:00",
  "dcterms:issued": "2018-02-06T14:22+09:00",
  "dcterms:modified": "2018-04-11T11:51+09:00",
  "description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc.  Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:i-o_data_device:bx-vp1",
      "@product": "BX-VP1",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:gv-ntx1",
      "@product": "GV-NTX1",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:gv-ntx2",
      "@product": "GV-NTX2",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-a",
      "@product": "HDL-A Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-ah",
      "@product": "HDL-AH Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-gt",
      "@product": "HDL-GT Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-gtr",
      "@product": "HDL-GTR Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-t",
      "@product": "HDL-T Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr",
      "@product": "HDL-XR Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr2u",
      "@product": "HDL-XR2U Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
      "@product": "HDL-XR2UW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xrw",
      "@product": "HDL-XRW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xv",
      "@product": "HDL-XV Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl-xvw",
      "@product": "HDL-XVW Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl2-a",
      "@product": "HDL2-A Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hdl2-ah",
      "@product": "HDL2-AH Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hfas1",
      "@product": "HFAS1 Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hls-c",
      "@product": "HLS-C Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-a",
      "@product": "HVL-A series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-at",
      "@product": "HVL-AT series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-ata",
      "@product": "HVL-ATA series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:hvl-s",
      "@product": "HVL-S Series",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
      "@product": "WHG-AC1750/AL",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-ac1750a",
      "@product": "WHG-AC1750/A",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-napga",
      "@product": "WHG-NAPG/A",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:whg-napgal",
      "@product": "WHG-NAPG/AL",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
      "@product": "WN-AC1167DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
      "@product": "WN-AC1300EX",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
      "@product": "WN-AC1600DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac583rk",
      "@product": "WN-AC583RK",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ac583trk",
      "@product": "WN-AC583TRK",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
      "@product": "WN-AG300DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
      "@product": "WN-AG750DGR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
      "@product": "WN-AX1167GR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300ex",
      "@product": "WN-G300EX",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300r",
      "@product": "WN-G300R",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300r3",
      "@product": "WN-G300R3",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-g300sr",
      "@product": "WN-G300SR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wn-gx300gr",
      "@product": "WN-GX300GR",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1167f",
      "@product": "WNPR1167F",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1167g",
      "@product": "WNPR1167G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr1750g",
      "@product": "WNPR1750G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:i-o_data_device:wnpr2600g",
      "@product": "WNPR2600G",
      "@vendor": "I-O DATA DEVICE, INC.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.2",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000007",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
      "@id": "JVN#36048131",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
      "@id": "CVE-2018-0512",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
      "@id": "CVE-2018-0512",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    }
  ],
  "title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}

CVE-2018-0512 (GCVE-0-2018-0512)

Vulnerability from cvelistv5

Published

2018-02-08 14:00

Modified

2024-08-05 03:28

Severity ?

CWE

OS Command Injection

Summary

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

References

URL

Tags

	https://jvn.jp/en/jp/JVN36048131/index.html	third-party-advisory, x_refsource_JVN
	http://www.iodata.jp/support/information/2018/magicalfinder/	x_refsource_CONFIRM