jvndb - jvndb-2018-000097

jvndb-2018-000097

Vulnerability from jvndb

Published

2018-09-13 13:57

Modified

2019-08-27 11:30

Severity ?

4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Summary

Multiple FXC network devices vulnerable to cross-site scripting

Details

Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability (CWE-79). SUNAGAWA, Masanori of Japan Advanced Institute of Science and Technology Graduate School of Advanced Science and Technology Security and Networks reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN68528150/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0679
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0679
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	FXC Inc.	Wireless LAN router AE1021PE
	FXC Inc.	Wireless LAN router AE1021
	FXC Inc.	Power over Ethernet (PoE) Switch FXC5210PE
	FXC Inc.	Managed Ethernet switch FXC5210
	FXC Inc.	Power over Ethernet (PoE) Switch FXC5218PE
	FXC Inc.	Managed Ethernet switch FXC5218
	FXC Inc.	Power over Ethernet (PoE) Switch FXC5224PE
	FXC Inc.	Managed Ethernet switch FXC5224
	FXC Inc.	Managed Ethernet switch FXC5426F
	FXC Inc.	Managed Ethernet switch FXC5428

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000097.html",
  "dc:date": "2019-08-27T11:30+09:00",
  "dcterms:issued": "2018-09-13T13:57+09:00",
  "dcterms:modified": "2019-08-27T11:30+09:00",
  "description": "Multiple network devices provided by FXC Inc. contain a stored cross-site scripting vulnerability (CWE-79).\r\n\r\nSUNAGAWA, Masanori of Japan Advanced Institute of Science and Technology Graduate School of Advanced Science and Technology Security and Networks reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000097.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:fxc:ae1021pe_firmware",
      "@product": "Wireless LAN router AE1021PE",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:ae1021_firmware",
      "@product": "Wireless LAN router AE1021",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5210pe_firmware",
      "@product": "Power over Ethernet (PoE) Switch FXC5210PE",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5210_firmware",
      "@product": "Managed Ethernet switch FXC5210",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5218pe_firmware",
      "@product": "Power over Ethernet (PoE) Switch FXC5218PE",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5218_firmware",
      "@product": "Managed Ethernet switch FXC5218",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5224pe_firmware",
      "@product": "Power over Ethernet (PoE) Switch FXC5224PE",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5224_firmware",
      "@product": "Managed Ethernet switch FXC5224",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5426f_firmware",
      "@product": "Managed Ethernet switch FXC5426F",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:fxc:fxc5428_firmware",
      "@product": "Managed Ethernet switch FXC5428",
      "@vendor": "FXC Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "2.3",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000097",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN68528150/index.html",
      "@id": "JVN#68528150",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0679",
      "@id": "CVE-2018-0679",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0679",
      "@id": "CVE-2018-0679",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple FXC network devices vulnerable to cross-site scripting"
}

CVE-2018-0679 (GCVE-0-2018-0679)

Vulnerability from cvelistv5

Published

2018-11-15 15:00

Modified

2024-08-05 03:35

Severity ?

CWE

Cross-site scripting

Summary

Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.

References

URL

Tags

	https://www.fxc.jp/news/20171228.html	x_refsource_MISC
	http://jvn.jp/en/jp/JVN68528150/index.html	third-party-advisory, x_refsource_JVN

Impacted products

	Vendor	Product	Version
	FXC Inc.	multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)	Version: Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:35:48.781Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.fxc.jp/news/20171228.html"
          },
          {
            "name": "JVN#68528150",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN68528150/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
          "vendor": "FXC Inc.",
          "versions": [
            {
              "status": "affected",
              "version": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
            }
          ]
        }
      ],
      "datePublic": "2018-11-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross-site scripting",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-11-15T14:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.fxc.jp/news/20171228.html"
        },
        {
          "name": "JVN#68528150",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN68528150/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-0679",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FXC Inc."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fxc.jp/news/20171228.html",
              "refsource": "MISC",
              "url": "https://www.fxc.jp/news/20171228.html"
            },
            {
              "name": "JVN#68528150",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN68528150/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2018-0679",
    "datePublished": "2018-11-15T15:00:00",
    "dateReserved": "2017-11-27T00:00:00",
    "dateUpdated": "2024-08-05T03:35:48.781Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

jvndb-2018-000097

Vulnerability from jvndb

CVE-2018-0679 (GCVE-0-2018-0679)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature