Search criteria
2 vulnerabilities found for x-320m-i by controlbyweb
VAR-201903-1180
Vulnerability from variot - Updated: 2023-12-18 12:43A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x-320m-i",
"scope": "eq",
"trust": 1.1,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "lte",
"trust": 1.0,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "ne",
"trust": 0.3,
"vendor": "controlbyweb",
"version": "1.06"
}
],
"sources": [
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:controlbyweb:x-320m-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:controlbyweb:x-320m-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Elder and Tom Westenberg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106655"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18881",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18881",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-129485",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18881",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18881",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-742",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. \nX-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research \u0026 Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research \u0026 Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research \u0026 Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "VULHUB",
"id": "VHN-129485"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "106655",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-18881",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-017-03",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-129485",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"id": "VAR-201903-1180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:35.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "X-320M | Web-Enabled Weather Station",
"trust": 0.8,
"url": "https://www.controlbyweb.com/x320m/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/106655"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18881"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18881"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-017-03"
},
{
"trust": 0.3,
"url": "https://www.controlbyweb.com/x320m/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-03"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-129485"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"date": "2019-03-21T16:00:29.750000",
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-129485"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ControlByWeb X-320M-I Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
],
"trust": 0.6
}
}
VAR-201903-1181
Vulnerability from variot - Updated: 2023-12-18 12:43A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. ControlByWeb X-320M-I Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A cross-site scripting vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M due to the program not validating input properly. A remote attacker could exploit this vulnerability to execute code
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x-320m-i",
"scope": "eq",
"trust": 1.1,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "lte",
"trust": 1.0,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "ne",
"trust": 0.3,
"vendor": "controlbyweb",
"version": "1.06"
}
],
"sources": [
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:controlbyweb:x-320m-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:controlbyweb:x-320m-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18882"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Elder and Tom Westenberg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106655"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18882",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18882",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-129486",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-18882",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18882",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-743",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129486",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129486"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A stored cross-site scripting (XSS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can inject arbitrary script via setup.html in the web interface. ControlByWeb X-320M-I Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. \nX-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research \u0026 Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research \u0026 Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A cross-site scripting vulnerability exists in the Xytronix Research \u0026 Design ControlByWeb X-320M due to the program not validating input properly. A remote attacker could exploit this vulnerability to execute code",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "VULHUB",
"id": "VHN-129486"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18882",
"trust": 2.8
},
{
"db": "BID",
"id": "106655",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-017-03",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-743",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-129486",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129486"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"id": "VAR-201903-1181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129486"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:35.968000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "X-320M | Web-Enabled Weather Station",
"trust": 0.8,
"url": "https://www.controlbyweb.com/x320m/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129486"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/106655"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18882"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18882"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-017-03"
},
{
"trust": 0.3,
"url": "https://www.controlbyweb.com/x320m/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-03"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129486"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129486"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-129486"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"date": "2019-03-21T16:00:29.810000",
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-04-03T00:00:00",
"db": "VULHUB",
"id": "VHN-129486"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015190"
},
{
"date": "2019-04-03T12:48:44.087000",
"db": "NVD",
"id": "CVE-2018-18882"
},
{
"date": "2019-04-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ControlByWeb X-320M-I Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015190"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-743"
}
],
"trust": 0.6
}
}