Search criteria
3 vulnerabilities found for saga1-l8b by sagaradio
VAR-201810-0462
Vulnerability from variot - Updated: 2024-02-13 22:43SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. SAGA1-L8B Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of communication between the transmitter and receiver. By sending a crafted re-pairing packet an attacker can force a receiver to pair with a new transmitter without user interaction. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0462",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 1.0,
"vendor": "sagaradio",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 0.8,
"vendor": "gain electronic",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": null,
"trust": 0.7,
"vendor": "saga",
"version": null
},
{
"model": "electronic saga1-l series \u003c=a0.10",
"scope": null,
"trust": 0.6,
"vendor": "gain",
"version": null
},
{
"model": "electronic saga1-l series",
"scope": "eq",
"trust": 0.3,
"vendor": "gain",
"version": "0"
},
{
"model": "electronic saga1-l series a0.10",
"scope": "ne",
"trust": 0.3,
"vendor": "gain",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "saga1 l8b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "a0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1317"
}
],
"trust": 0.7
},
"cve": "CVE-2018-17921",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-17921",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-22093",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17921",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.6,
"id": "CVE-2018-17921",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17921",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "ZDI",
"id": "CVE-2018-17921",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-22093",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1236",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1",
"trust": 0.2,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-17921",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction. SAGA1-L8B Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists within the processing of communication between the transmitter and receiver. By sending a crafted re-pairing packet an attacker can force a receiver to pair with a new transmitter without user interaction. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities:\n1. An authentication bypass vulnerability\n2. An local-authentication bypass vulnerability\n3. An access bypass vulnerability\nAn attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17921"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "VULMON",
"id": "CVE-2018-17921"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17921",
"trust": 4.3
},
{
"db": "ICS CERT",
"id": "ICSA-18-296-02",
"trust": 3.4
},
{
"db": "BID",
"id": "105729",
"trust": 2.0
},
{
"db": "CNVD",
"id": "CNVD-2018-22093",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6526",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1317",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FEEFE2-39AB-11E9-A31B-000C29342CB1",
"trust": 0.2
},
{
"db": "VULMON",
"id": "CVE-2018-17921",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"id": "VAR-201810-0462",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
}
]
},
"last_update_date": "2024-02-13T22:43:58.768000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAGA1-L6B \u0026 L8B",
"trust": 0.8,
"url": "http://www.sagaradio.com.tw/saga1-l6b.html"
},
{
"title": "SAGA has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"title": "GAINElectronicCo.LtdSAGA1-LSeries Access Control Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143423"
},
{
"title": "GAIN SAGA1-L8B Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86318"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-284",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/105729"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17921"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17921"
},
{
"trust": 0.3,
"url": "http://www.sagaradio.com.tw/about.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-29T00:00:00",
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"date": "2018-10-25T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"date": "2018-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"date": "2018-10-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"date": "2018-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"date": "2018-10-24T22:29:01.073000",
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-25T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1317"
},
{
"date": "2018-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22093"
},
{
"date": "2020-09-18T00:00:00",
"db": "VULMON",
"id": "CVE-2018-17921"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-03-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013875"
},
{
"date": "2020-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1236"
},
{
"date": "2020-09-18T17:16:51.070000",
"db": "NVD",
"id": "CVE-2018-17921"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GAIN Electronic Co. Ltd SAGA1-L Series Access control vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2feefe2-39ab-11e9-a31b-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22093"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1236"
}
],
"trust": 0.6
}
}
VAR-201810-0463
Vulnerability from variot - Updated: 2023-12-18 12:01SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. SAGA1-L8B There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device programming mechanism. The device is insufficiently protected from unauthorized firmware updates. An attacker can leverage this vulnerability to bypass authentication and install persistent malicious firmware on the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An local-authentication bypass vulnerability 3
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0463",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 1.0,
"vendor": "sagaradio",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 0.8,
"vendor": "gain electronic",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": null,
"trust": 0.7,
"vendor": "saga",
"version": null
},
{
"model": "electronic saga1-l series \u003c=a0.10",
"scope": null,
"trust": 0.6,
"vendor": "gain",
"version": null
},
{
"model": "electronic saga1-l series",
"scope": "eq",
"trust": 0.3,
"vendor": "gain",
"version": "0"
},
{
"model": "electronic saga1-l series a0.10",
"scope": "ne",
"trust": 0.3,
"vendor": "gain",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "saga1 l8b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "a0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17923"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Philippe Lin, Jonathan Andersson, Rainer Vosseler, Federico Maggi, Urano Akira, Stephen Hilt, Marco Balduzzi",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1318"
}
],
"trust": 0.7
},
"cve": "CVE-2018-17923",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.9,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-17923",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "CNVD-2018-22092",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.2,
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.3,
"impactScore": 6.0,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "High",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.9,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17923",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"author": "ZDI",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.2,
"id": "CVE-2018-17923",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 0.7,
"userInteraction": "NONE",
"vectorString": "AV:P/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17923",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "ZDI",
"id": "CVE-2018-17923",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2018-22092",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1208",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it. SAGA1-L8B There are authentication vulnerabilities in the firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the device programming mechanism. The device is insufficiently protected from unauthorized firmware updates. An attacker can leverage this vulnerability to bypass authentication and install persistent malicious firmware on the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities:\n1. An local-authentication bypass vulnerability\n3",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17923",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-296-02",
"trust": 3.3
},
{
"db": "BID",
"id": "105729",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-22092",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6542",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1318",
"trust": 0.7
},
{
"db": "IVD",
"id": "7D825C10-463F-11E9-B3F6-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"id": "VAR-201810-0463",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
}
]
},
"last_update_date": "2023-12-18T12:01:12.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAGA1-L6B \u0026 L8B",
"trust": 0.8,
"url": "http://www.sagaradio.com.tw/saga1-l6b.html"
},
{
"title": "SAGA has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"title": "GAINElectronicCo.LtdSAGA1-LSeries patch for incorrect authentication vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143425"
},
{
"title": "GAIN SAGA1-L Series Product Authorization Issue Vulnerability Fixing Measures",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86296"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105729"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17923"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17923"
},
{
"trust": 0.3,
"url": "http://www.sagaradio.com.tw/about.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-29T00:00:00",
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"date": "2018-10-25T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"date": "2018-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"date": "2018-10-24T22:29:01.150000",
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-25T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1318"
},
{
"date": "2018-12-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22092"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013642"
},
{
"date": "2019-10-09T23:37:04.113000",
"db": "NVD",
"id": "CVE-2018-17923"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GAIN Electronic Co. Ltd SAGA1-L Series Incorrect authentication vulnerability",
"sources": [
{
"db": "IVD",
"id": "7d825c10-463f-11e9-b3f6-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22092"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1208"
}
],
"trust": 0.6
}
}
VAR-201810-0490
Vulnerability from variot - Updated: 2023-12-18 12:01SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. SAGA1-L8B The firmware contains a vulnerability related to input validation.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities: 1. An authentication bypass vulnerability 2. An local-authentication bypass vulnerability 3. An access bypass vulnerability An attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201810-0490",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 1.0,
"vendor": "sagaradio",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": "lt",
"trust": 0.8,
"vendor": "gain electronic",
"version": "a0.10"
},
{
"model": "saga1-l8b",
"scope": null,
"trust": 0.7,
"vendor": "saga radio",
"version": null
},
{
"model": "electronic saga1-l series \u003c=a0.10",
"scope": null,
"trust": 0.6,
"vendor": "gain",
"version": null
},
{
"model": "electronic saga1-l series",
"scope": "eq",
"trust": 0.3,
"vendor": "gain",
"version": "0"
},
{
"model": "electronic saga1-l series a0.10",
"scope": "ne",
"trust": 0.3,
"vendor": "gain",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "saga1 l8b",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sagaradio:saga1-l8b_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "a0.10",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sagaradio:saga1-l8b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17903"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marco Balduzzi Philippe Z Lin Federico Maggi Jonathan Andersson Akira Urano Stephen Hilt Rainer Vosseler",
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1316"
}
],
"trust": 0.7
},
"cve": "CVE-2018-17903",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17903",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2018-17903",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-22094",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1",
"impactScore": 9.5,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:C/A:C",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-17903",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17903",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "ZDI",
"id": "CVE-2018-17903",
"trust": 0.7,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-22094",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201810-1206",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1",
"trust": 0.2,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery. SAGA1-L8B The firmware contains a vulnerability related to input validation.Tampering with information and disrupting service operations (DoS) There is a possibility of being put into a state. This vulnerability allows remote attackers to issue commands on vulnerable installations of Saga Radio equipment. Authentication is not required to exploit this vulnerability.The specific flaw exists with the communication between the transmitter and receiver pair. By using a fixed control code an attacker can obtain and replay commands to the receiver. An attacker can leverage this vulnerability to issue commands to the physical equipment controlled by the device. GAINSAGA1-LSeries is a SAGA1-L series of industrial remote control products from GAINElectronic. A security hole exists in the GAINSAGA1-LSeries product that uses firmware prior to A0.10. GAIN Electronic SAGA1-L Series is prone to the following security vulnerabilities:\n1. An authentication bypass vulnerability\n2. An local-authentication bypass vulnerability\n3. An access bypass vulnerability\nAn attacker can exploit these issues to bypass authentication mechanism, disclose sensitive information and perform unauthorized actions",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17903",
"trust": 4.2
},
{
"db": "ICS CERT",
"id": "ICSA-18-296-02",
"trust": 3.3
},
{
"db": "BID",
"id": "105729",
"trust": 1.9
},
{
"db": "CNVD",
"id": "CNVD-2018-22094",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-6186",
"trust": 0.7
},
{
"db": "ZDI",
"id": "ZDI-18-1316",
"trust": 0.7
},
{
"db": "IVD",
"id": "E2FF16F0-39AB-11E9-A896-000C29342CB1",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"id": "VAR-201810-0490",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
}
],
"trust": 1.675
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
}
]
},
"last_update_date": "2023-12-18T12:01:12.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SAGA1-L6B \u0026 L8B",
"trust": 0.8,
"url": "http://www.sagaradio.com.tw/saga1-l6b.html"
},
{
"title": "Saga Radio has issued an update to correct this vulnerability.",
"trust": 0.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"title": "Patch for GAINElectronicCo.LtdSAGA1-LSeries command forgery vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/143421"
},
{
"title": "GAIN SAGA1-L Series Product security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=86295"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-294",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-18-296-02"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/105729"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17903"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17903"
},
{
"trust": 0.3,
"url": "http://www.sagaradio.com.tw/about.html"
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"db": "BID",
"id": "105729"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-29T00:00:00",
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"date": "2018-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"date": "2018-10-24T22:29:00.980000",
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"date": "2018-10-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-24T00:00:00",
"db": "ZDI",
"id": "ZDI-18-1316"
},
{
"date": "2018-10-29T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-22094"
},
{
"date": "2018-10-23T00:00:00",
"db": "BID",
"id": "105729"
},
{
"date": "2019-02-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-013641"
},
{
"date": "2020-09-18T17:23:15.780000",
"db": "NVD",
"id": "CVE-2018-17903"
},
{
"date": "2020-10-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "GAIN Electronic Co. Ltd SAGA1-L Series Command Forgery Vulnerability",
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "CNVD",
"id": "CNVD-2018-22094"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input validation error",
"sources": [
{
"db": "IVD",
"id": "e2ff16f0-39ab-11e9-a896-000c29342cb1"
},
{
"db": "CNNVD",
"id": "CNNVD-201810-1206"
}
],
"trust": 0.8
}
}