VAR-201601-0406
Vulnerability from variot - Updated: 2023-12-18 12:06KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an OS command injection vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed with the privileges of the application. A security vulnerability exists in previous versions of KDDIHOMESPOTCUBE2. KDDI Home Spot Cube is prone to the following security vulnerabilities: Cross-site scripting - CVE-2016-1136 Open redirect - CVE-2016-1137 HTTP header injection - CVE-2016-1138 Cross-site request forgery - CVE-2016-1139 Click jacking - CVE-2016-1140 OS command injection - CVE-2016-1141 Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, or conduct phishing attacks, or inject arbitrary HTTP headers, or execute arbitrary OS commands in context of the affected application,or allow attackers to gain unauthorized access to the affected application or obtain sensitive information, and to to perform certain unauthorized actions. Note- HOME SPOT CUBE2 is not affected by these vulnerabilities
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201601-0406",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "home spot cube",
"scope": "eq",
"trust": 1.6,
"vendor": "kddi",
"version": "2.0"
},
{
"model": "home spot cube",
"scope": null,
"trust": 0.8,
"vendor": "kddi",
"version": null
},
{
"model": "home spot cube devices",
"scope": "lt",
"trust": 0.6,
"vendor": "kddi",
"version": "2"
},
{
"model": "home spot cube",
"scope": "eq",
"trust": 0.3,
"vendor": "kddi",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "BID",
"id": "81982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_firmware:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:kddi:home_spot_cube:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1141"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Masaki Yoshikawa",
"sources": [
{
"db": "BID",
"id": "81982"
}
],
"trust": 0.3
},
"cve": "CVE-2016-1141",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000012",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2016-00911",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-89960",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000012",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1141",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000012",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00911",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201601-694",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89960",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "VULHUB",
"id": "VHN-89960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors. HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE contains an OS command injection vulnerability. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed with the privileges of the application. A security vulnerability exists in previous versions of KDDIHOMESPOTCUBE2. KDDI Home Spot Cube is prone to the following security vulnerabilities:\nCross-site scripting - CVE-2016-1136\nOpen redirect - CVE-2016-1137\nHTTP header injection - CVE-2016-1138\nCross-site request forgery - CVE-2016-1139\nClick jacking - CVE-2016-1140\nOS command injection - CVE-2016-1141\nAttackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, or conduct phishing attacks, or inject arbitrary HTTP headers, or execute arbitrary OS commands in context of the affected application,or allow attackers to gain unauthorized access to the affected application or obtain sensitive information, and to to perform certain unauthorized actions. \nNote- HOME SPOT CUBE2 is not affected by these vulnerabilities",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "BID",
"id": "81982"
},
{
"db": "VULHUB",
"id": "VHN-89960"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-1141",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN54686544",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012",
"trust": 2.5
},
{
"db": "BID",
"id": "81982",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00911",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89960",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "VULHUB",
"id": "VHN-89960"
},
{
"db": "BID",
"id": "81982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"id": "VAR-201601-0406",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "VULHUB",
"id": "VHN-89960"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
}
]
},
"last_update_date": "2023-12-18T12:06:17.310000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Notes on use of HOME SPOT CUBE",
"trust": 0.8,
"url": "http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06"
},
{
"title": "KDDIHOMESPOTCUBEdevices has an unspecified vulnerability (CNVD-2016-00911) patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/71235"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89960"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn54686544/index.html"
},
{
"trust": 2.0,
"url": "http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000012"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1141"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1141"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1140"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "VULHUB",
"id": "VHN-89960"
},
{
"db": "BID",
"id": "81982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"db": "VULHUB",
"id": "VHN-89960"
},
{
"db": "BID",
"id": "81982"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"date": "2016-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-89960"
},
{
"date": "2016-01-27T00:00:00",
"db": "BID",
"id": "81982"
},
{
"date": "2016-01-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"date": "2016-01-30T15:59:05.860000",
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"date": "2016-01-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-02-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00911"
},
{
"date": "2016-02-02T00:00:00",
"db": "VULHUB",
"id": "VHN-89960"
},
{
"date": "2016-01-27T00:00:00",
"db": "BID",
"id": "81982"
},
{
"date": "2016-02-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000012"
},
{
"date": "2016-02-02T15:25:11.820000",
"db": "NVD",
"id": "CVE-2016-1141"
},
{
"date": "2016-02-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOME SPOT CUBE vulnerable to OS command injection",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000012"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201601-694"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…