Search criteria
3 vulnerabilities found for mrd-315-din by westermo
VAR-201708-1123
Vulnerability from variot - Updated: 2023-12-18 12:02A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. Multiple Westermo Routers are prone to the following security vulnerabilities: 1. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. Westermo MRD-305-DIN etc. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mrd-315-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-455-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-355-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-355",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-315",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-305-din",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 305 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 315 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 355 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 455 din",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12709"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav from Qualys Security",
"sources": [
{
"db": "BID",
"id": "100470"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12709",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 2.1,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12709",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23002",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CNVD-2017-23003",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "b092bd69-deb6-4923-9672-099597dfec25",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-103258",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.8,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2017-12709",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12709",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23003",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1140",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103258",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "VULHUB",
"id": "VHN-103258"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded credentials, which could allow for unauthorized local low-privileged access to the device. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. Multiple Westermo Routers are prone to the following security vulnerabilities:\n1. A hard-coded credentials vulnerability\n2. A cross-site request forgery vulnerability\n3. Westermo MRD-305-DIN etc. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "VULHUB",
"id": "VHN-103258"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-236-01",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2017-12709",
"trust": 3.6
},
{
"db": "BID",
"id": "100470",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23003",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6
},
{
"db": "IVD",
"id": "B092BD69-DEB6-4923-9672-099597DFEC25",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103258",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "VULHUB",
"id": "VHN-103258"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"id": "VAR-201708-1123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "VULHUB",
"id": "VHN-103258"
}
],
"trust": 2.243055575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
}
]
},
"last_update_date": "2023-12-18T12:02:37.719000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless routers",
"trust": 0.8,
"url": "http://www.westermo.us/web/web_en_idc_us.nsf/alldocuments/b84901de5cc4368dc12578930031f1bc"
},
{
"title": "Patches for several Westermo router hardcoded password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100885"
},
{
"title": "Multiple Westermo routers hardcode patches for unauthorized access vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100886"
},
{
"title": "Multiple Westermo Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74298"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103258"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-236-01"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/100470"
},
{
"trust": 0.9,
"url": "http://www.westermo.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12709"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12709"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "VULHUB",
"id": "VHN-103258"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"db": "VULHUB",
"id": "VHN-103258"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "IVD",
"id": "b092bd69-deb6-4923-9672-099597dfec25"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"date": "2017-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-103258"
},
{
"date": "2017-08-24T00:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"date": "2017-08-25T16:29:00.270000",
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23003"
},
{
"date": "2019-10-09T00:00:00",
"db": "VULHUB",
"id": "VHN-103258"
},
{
"date": "2019-04-15T18:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007382"
},
{
"date": "2019-10-09T23:23:10.777000",
"db": "NVD",
"id": "CVE-2017-12709"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Westermo Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007382"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1140"
}
],
"trust": 0.6
}
}
VAR-201708-1118
Vulnerability from variot - Updated: 2023-12-18 12:02A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. plural Westermo The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have spoofing vulnerabilities. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. Westermo MRD-305-DIN etc. A remote attacker could exploit this vulnerability to perform unauthorized operations. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mrd-315-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-455-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-355-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-355",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-315",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-305-din",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 305 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 315 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 355 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 455 din",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12703"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav from Qualys Security",
"sources": [
{
"db": "BID",
"id": "100470"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12703",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23002",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23004",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-103252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12703",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12703",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. plural Westermo The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have spoofing vulnerabilities. A hard-coded credentials vulnerability\n2. A cross-site request forgery vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. Westermo MRD-305-DIN etc. A remote attacker could exploit this vulnerability to perform unauthorized operations. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "VULHUB",
"id": "VHN-103252"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-236-01",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2017-12703",
"trust": 3.6
},
{
"db": "BID",
"id": "100470",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23004",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6
},
{
"db": "IVD",
"id": "471C06F6-CD0E-48EC-8EE9-AEA833E36D39",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103252",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"id": "VAR-201708-1118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
}
],
"trust": 2.243055575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
}
]
},
"last_update_date": "2023-12-18T12:02:37.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless routers",
"trust": 0.8,
"url": "http://www.westermo.us/web/web_en_idc_us.nsf/alldocuments/b84901de5cc4368dc12578930031f1bc"
},
{
"title": "Patches for several Westermo router hardcoded password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100885"
},
{
"title": "Patches for multiple Westermo router spoofing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100887"
},
{
"title": "Multiple Westermo Fixing measures for device cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-236-01"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/100470"
},
{
"trust": 0.9,
"url": "http://www.westermo.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12703"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"date": "2017-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-103252"
},
{
"date": "2017-08-24T00:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"date": "2017-08-25T16:29:00.237000",
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-103252"
},
{
"date": "2019-04-15T18:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"date": "2017-08-29T17:01:31.300000",
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Westermo Product cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.6
}
}
VAR-201708-0164
Vulnerability from variot - Updated: 2023-12-18 12:02A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The WestermoMRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. There are security vulnerabilities in several Westermo devices. An attacker could exploit this vulnerability to decode traffic from other sources. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. The following products and versions are affected: Westermo MRD-305-DIN 1.7.5.0 previous version, MRD-315 1.7.5.0 previous version, MRD-355 1.7.5.0 previous version, MRD-455 1.7.5.0 previous version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-0164",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mrd-315-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-455-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-355-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-355",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-315",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-305-din",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 305 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 315 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 355 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 455 din",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5816"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav from Qualys Security",
"sources": [
{
"db": "BID",
"id": "100470"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
],
"trust": 0.9
},
"cve": "CVE-2016-5816",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-5816",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-30639",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23002",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-94635",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5816",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5816",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-30639",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1142",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-94635",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "VULHUB",
"id": "VHN-94635"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The device utilizes hard-coded private cryptographic keys that may allow an attacker to decrypt traffic from any other source. plural Westermo The product contains a vulnerability related to the use of hard-coded credentials.Information may be obtained. The WestermoMRD-305-DIN, MRD-315 and MRD-355 are all router products from Westermo, Sweden. There are security vulnerabilities in several Westermo devices. An attacker could exploit this vulnerability to decode traffic from other sources. A hard-coded credentials vulnerability\n2. A cross-site request forgery vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. The following products and versions are affected: Westermo MRD-305-DIN 1.7.5.0 previous version, MRD-315 1.7.5.0 previous version, MRD-355 1.7.5.0 previous version, MRD-455 1.7.5.0 previous version",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "VULHUB",
"id": "VHN-94635"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-236-01",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2016-5816",
"trust": 3.6
},
{
"db": "BID",
"id": "100470",
"trust": 1.5
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-30639",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6
},
{
"db": "IVD",
"id": "3100F3C9-AB5E-47F9-82FC-013B68B6C3C8",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94635",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "VULHUB",
"id": "VHN-94635"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"id": "VAR-201708-0164",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "VULHUB",
"id": "VHN-94635"
}
],
"trust": 2.243055575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
}
]
},
"last_update_date": "2023-12-18T12:02:37.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless routers",
"trust": 0.8,
"url": "http://www.westermo.us/web/web_en_idc_us.nsf/alldocuments/b84901de5cc4368dc12578930031f1bc"
},
{
"title": "Multiple Westermo devices hardcode patches that use encryption key vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/104054"
},
{
"title": "Patches for several Westermo router hardcoded password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100885"
},
{
"title": "Multiple Westermo Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74300"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94635"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-236-01"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/100470"
},
{
"trust": 0.9,
"url": "http://www.westermo.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5816"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5816"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "VULHUB",
"id": "VHN-94635"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "VULHUB",
"id": "VHN-94635"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "IVD",
"id": "3100f3c9-ab5e-47f9-82fc-013b68b6c3c8"
},
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-94635"
},
{
"date": "2017-08-24T00:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"date": "2017-08-25T16:29:00.190000",
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-30639"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-94635"
},
{
"date": "2019-04-15T18:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008790"
},
{
"date": "2017-08-30T16:58:29.660000",
"db": "NVD",
"id": "CVE-2016-5816"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Westermo Vulnerabilities related to the use of hard-coded credentials in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008790"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1142"
}
],
"trust": 0.6
}
}