Search criteria

2 vulnerabilities found for L-04D by LG Electronics

JVNDB-2016-000194

Vulnerability from jvndb - Published: 2016-10-03 15:17 - Updated:2018-01-17 11:53
Severity ?
4.3 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Summary
Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery
Details
L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router. L-04D contains a cross-site request forgery vulnerability in the the web management screen. Atsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000194.html",
  "dc:date": "2018-01-17T11:53+09:00",
  "dcterms:issued": "2016-10-03T15:17+09:00",
  "dcterms:modified": "2018-01-17T11:53+09:00",
  "description": "L-04D provided by NTT DOCOMO, INC. is a wireless WiFi router.  L-04D contains a cross-site request forgery vulnerability in the the web management screen.\r\n\r\nAtsuo Sakurai of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000194.html",
  "sec:cpe": {
    "#text": "cpe:/h:lg_electronics:l-04d",
    "@product": "L-04D",
    "@vendor": "LG Electronics\u3000",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "2.6",
      "@severity": "Low",
      "@type": "Base",
      "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000194",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN46351856/index.html",
      "@id": "JVN#46351856",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4854",
      "@id": "CVE-2016-4854",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4854",
      "@id": "CVE-2016-4854",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-352",
      "@title": "Cross-Site Request Forgery(CWE-352)"
    }
  ],
  "title": "Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery"
}

JVNDB-2014-000140

Vulnerability from jvndb - Published: 2014-12-02 14:27 - Updated:2014-12-08 16:07
Severity ?
() - -
Summary
LG Electronics mobile access routers lack access restrictions
Details
LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface. Taiga Asano reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
Show details on JVN DB website
To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000140.html",
  "dc:date": "2014-12-08T16:07+09:00",
  "dcterms:issued": "2014-12-02T14:27+09:00",
  "dcterms:modified": "2014-12-08T16:07+09:00",
  "description": "LG Electronics mobile access routers provided by NTT DOCOMO, INC. lack access restrictions in the web administration interface.\r\n\r\nTaiga Asano reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000140.html",
  "sec:cpe": [
    {
      "#text": "cpe:/h:lg_electronics:l-03e",
      "@product": "L-03E",
      "@vendor": "LG Electronics\u3000",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:lg_electronics:l-04d",
      "@product": "L-04D",
      "@vendor": "LG Electronics\u3000",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:lg_electronics:l-09c",
      "@product": "L-09C",
      "@vendor": "LG Electronics\u3000",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "3.3",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000140",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN71762315/index.html",
      "@id": "JVN#71762315",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7243",
      "@id": "CVE-2014-7243",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7243",
      "@id": "CVE-2014-7243",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "LG Electronics mobile access routers lack access restrictions"
}