var-201604-0016
Vulnerability from variot
Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. EatonLightingSystemsEG2WebControl is a controller product from EatonLighting Systems of the United States for connecting the Internet and Wi-Fi LAN to the iLumin network. There is a certification bypass vulnerability in EatonLightingSystemsEG2WebControlV4.04P and earlier. A remote attacker could exploit the vulnerability to directly access the configuration file and view the certificate. Eaton Lighting Systems EG2 Web Control is prone to a security-bypass vulnerability and an information-disclosure vulnerability. Attackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks. EG2 Web Control 4.04P and prior versions are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0016",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "eg2 web control",
"scope": "lte",
"trust": 1.0,
"vendor": "eaton lighting",
"version": "4.04p"
},
{
"model": "eg2 web control",
"scope": "lte",
"trust": 0.8,
"vendor": "eaton",
"version": "4.04p"
},
{
"model": "lighting systems eg2 web control \u003e=4.04p",
"scope": null,
"trust": 0.6,
"vendor": "eaton",
"version": null
},
{
"model": "eg2 web control",
"scope": "eq",
"trust": 0.6,
"vendor": "eaton lighting",
"version": "4.04p"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:eaton:eg2_web_control",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "85861"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
}
],
"trust": 0.9
},
"cve": "CVE-2016-0871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-0871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02007",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-0871",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-0871",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-0871",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-02007",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-032",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton Lighting EG2 Web Control 4.04P and earlier allows remote attackers to read the configuration file, and consequently discover credentials, via a direct request. EatonLightingSystemsEG2WebControl is a controller product from EatonLighting Systems of the United States for connecting the Internet and Wi-Fi LAN to the iLumin network. There is a certification bypass vulnerability in EatonLightingSystemsEG2WebControlV4.04P and earlier. A remote attacker could exploit the vulnerability to directly access the configuration file and view the certificate. Eaton Lighting Systems EG2 Web Control is prone to a security-bypass vulnerability and an information-disclosure vulnerability. \nAttackers can exploit these issues to bypass security restrictions and gain access to potentially sensitive information. This may aid in other attacks. \nEG2 Web Control 4.04P and prior versions are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-0871"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "BID",
"id": "85861"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-0871",
"trust": 3.3
},
{
"db": "ICS CERT",
"id": "ICSA-16-061-03",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2016-02007",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032",
"trust": 0.6
},
{
"db": "BID",
"id": "85861",
"trust": 0.3
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "BID",
"id": "85861"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"id": "VAR-201604-0016",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
}
]
},
"last_update_date": "2024-11-23T22:18:16.459000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Ethernet Gateway",
"trust": 0.8,
"url": "http://www.ilight.co.uk/products-interfaces.html"
},
{
"title": "EatonLightingSystemsEG2WebControl authentication bypasses the patch for the vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/73685"
},
{
"title": "Eaton Lighting Systems EG2 Web Control Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=60767"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-061-03"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-0871"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-0871"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"db": "BID",
"id": "85861"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85861"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"date": "2016-04-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"date": "2016-04-06T23:59:03.457000",
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02007"
},
{
"date": "2016-04-06T00:00:00",
"db": "BID",
"id": "85861"
},
{
"date": "2016-04-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-001952"
},
{
"date": "2016-04-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-032"
},
{
"date": "2024-11-21T02:42:32.867000",
"db": "NVD",
"id": "CVE-2016-0871"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Eaton Lighting EG2 Web Control Vulnerable to reading configuration files",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-001952"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-032"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…