VAR-201604-0295
Vulnerability from variot - Updated: 2023-12-18 12:20flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remotely authenticated user 5066 ( alias dnsmasq) An arbitrary command may be executed via a parameter. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. The vulnerability is constructed with root privileges and runs arbitrary commands with the '5066' parameter in the POST request of the flu.cgi file. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syslink sl-1000 modular gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "systech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "systech",
"version": "01a.8"
},
{
"model": "syslink sl-1000 m2m modular gateway \u003c01a.8",
"scope": null,
"trust": 0.6,
"vendor": "systech",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:systech:syslink_sl-1000_modular_gateway:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:systech:syslink_sl-1000_modular_gateway_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Faynberg , Jeremy Allen of Carve Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-2332",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02644",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-91151",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2332",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2332",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02644",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-549",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91151",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remotely authenticated user 5066 ( alias dnsmasq) An arbitrary command may be executed via a parameter. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. The vulnerability is constructed with root privileges and runs arbitrary commands with the \u00275066\u0027 parameter in the POST request of the flu.cgi file. A hard-coded password authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "VULHUB",
"id": "VHN-91151"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2016-2332",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU98139587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02644",
"trust": 0.6
},
{
"db": "BID",
"id": "87337",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91151",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"id": "VAR-201604-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
}
]
},
"last_update_date": "2023-12-18T12:20:35.374000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SysLINK M2M Gateway",
"trust": 0.8,
"url": "http://www.systech.com/syslink-m2m-modular-gateway"
},
{
"title": "Patch for SystechSysLINKM2MModularGateway Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74842"
},
{
"title": "Systech SysLINK SL-1000 M2M Modular Gateway Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61233"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/822980"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2332"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2332"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98139587/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"date": "2016-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91151"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"date": "2016-04-25T18:59:03.230000",
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"date": "2016-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-91151"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"date": "2016-05-04T19:18:21.127000",
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK M2M Modular Gateway contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…