VAR-201604-0294
Vulnerability from variot - Updated: 2023-12-18 12:20The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. In addition, JVNVU#98139587 Then CWE-259 It is published as CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlAccess may be obtained by a third party. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. Permissions exist in the web interface of SystechSysLINKSL-1000M2MModularGateway using firmware prior to 01A.8. Obtain a vulnerability in which the program uses hard-coded passwords and does not alert administrators to changes. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syslink sl-1000 modular gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "systech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "systech",
"version": "01a.8"
},
{
"model": "syslink sl-1000 m2m modular gateway \u003c01a.8",
"scope": null,
"trust": 0.6,
"vendor": "systech",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:systech:syslink_sl-1000_modular_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:systech:syslink_sl-1000_modular_gateway_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Faynberg , Jeremy Allen of Carve Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2331",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02643",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-91150",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2331",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2331",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2016-02643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-548",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91150",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. In addition, JVNVU#98139587 Then CWE-259 It is published as CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlAccess may be obtained by a third party. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. Permissions exist in the web interface of SystechSysLINKSL-1000M2MModularGateway using firmware prior to 01A.8. Obtain a vulnerability in which the program uses hard-coded passwords and does not alert administrators to changes. A hard-coded password authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "VULHUB",
"id": "VHN-91150"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2016-2331",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU98139587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02643",
"trust": 0.6
},
{
"db": "BID",
"id": "87337",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91150",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"id": "VAR-201604-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
}
]
},
"last_update_date": "2023-12-18T12:20:35.451000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SysLINK M2M Gateway",
"trust": 0.8,
"url": "http://www.systech.com/syslink-m2m-modular-gateway"
},
{
"title": "SystechSysLINKM2MModularGateway permission to obtain patch for vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74841"
},
{
"title": "Systech SysLINK SL-1000 M2M Modular Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61232"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/822980"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2331"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2331"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98139587/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"date": "2016-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91150"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"date": "2016-04-25T18:59:02.310000",
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-91150"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"date": "2016-05-31T15:08:16.440000",
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK M2M Modular Gateway contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…