var-201604-0067
Vulnerability from variot
The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Both Accuenergy Acuvim II and IIR are multi-functional network power meters of Accuenergy Company in the United States, which provide functions such as power parameter measurement, four-quadrant electric energy measurement and limit alarm. AXN-NET is one of the Ethernet module accessories
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0067",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acuvim iir net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim iir net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:accuenergy:acuvim_ii",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:accuenergy:acuvim_ii_net_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:accuenergy:acuvim_iir",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:accuenergy:acuvim_iir_net_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "86082"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2294",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2294",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91113",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2294",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2294",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2294",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-324",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91113",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Accuenergy Acuvim II\\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks. Both Accuenergy Acuvim II and IIR are multi-functional network power meters of Accuenergy Company in the United States, which provide functions such as power parameter measurement, four-quadrant electric energy measurement and limit alarm. AXN-NET is one of the Ethernet module accessories",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2294"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "VULHUB",
"id": "VHN-91113"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2294",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-02",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324",
"trust": 0.7
},
{
"db": "BID",
"id": "86082",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91113",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"id": "VAR-201604-0067",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
}
],
"trust": 0.40555555
},
"last_update_date": "2024-11-23T22:38:45.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.accuenergy.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2294"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2294"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-91113"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-91113"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"date": "2016-04-21T11:00:11.073000",
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-91113"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002360"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-324"
},
{
"date": "2024-11-21T02:48:10.357000",
"db": "NVD",
"id": "CVE-2016-2294"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerability in obtaining plaintext mail server password in module",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002360"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-324"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…