Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
27 vulnerabilities by Corega Inc
CVE-2017-10853 (GCVE-0-2017-10853)
Vulnerability from cvelistv5 – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10853",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10852 (GCVE-0-2017-10852)
Vulnerability from cvelistv5 – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10852",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10854 (GCVE-0-2017-10854)
Vulnerability from cvelistv5 – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10854",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7810 (GCVE-0-2016-7810)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN92237169/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92237169",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7810",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7809 (GCVE-0-2016-7809)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23823838/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23823838",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7809",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7811 (GCVE-0-2016-7811)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23549283/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23549283",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7811",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7808 (GCVE-0-2016-7808)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://corega.jp/support/security/20161111_wlbarg… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN25060672/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94249 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLBARGMH |
Affected:
all versions
|
|
| Corega Inc | CG-WLBARGNL |
Affected:
all versions
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLBARGMH",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "CG-WLBARGNL",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLBARGMH",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "CG-WLBARGNL",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7808",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10853 (GCVE-0-2017-10853)
Vulnerability from nvd – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.735Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10853",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.735Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10852 (GCVE-0-2017-10852)
Vulnerability from nvd – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10852",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10852",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.624Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-10854 (GCVE-0-2017-10854)
Vulnerability from nvd – Published: 2018-03-09 16:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors.
Severity
No CVSS data available.
CWE
- Authentication bypass
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN15201064/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20180309_wgr1200.htm | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WGR1200 |
Affected:
firmware 2.20 and earlier
|
Date Public
2018-03-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.547Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WGR1200",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware 2.20 and earlier"
}
]
}
],
"datePublic": "2018-03-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-09T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#15201064",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10854",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WGR1200",
"version": {
"version_data": [
{
"version_value": "firmware 2.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#15201064",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN15201064/index.html"
},
{
"name": "http://corega.jp/support/security/20180309_wgr1200.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10854",
"datePublished": "2018-03-09T16:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.547Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7811 (GCVE-0-2016-7811)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23549283/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23549283",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7811",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7810 (GCVE-0-2016-7810)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN92237169/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92237169",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7810",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7809 (GCVE-0-2016-7809)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23823838/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23823838",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7809",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7808 (GCVE-0-2016-7808)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://corega.jp/support/security/20161111_wlbarg… | x_refsource_CONFIRM |
| https://jvn.jp/en/jp/JVN25060672/index.html | third-party-advisoryx_refsource_JVN |
| http://www.securityfocus.com/bid/94249 | vdb-entryx_refsource_BID |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLBARGMH |
Affected:
all versions
|
|
| Corega Inc | CG-WLBARGNL |
Affected:
all versions
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94249"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLBARGMH",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
},
{
"product": "CG-WLBARGNL",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "all versions"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94249"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7808",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLBARGMH",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
},
{
"product_name": "CG-WLBARGNL",
"version": {
"version_data": [
{
"version_value": "all versions"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"name": "JVN#25060672",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN25060672/index.html"
},
{
"name": "94249",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94249"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7808",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
JVNDB-2018-000024
Vulnerability from jvndb - Published: 2018-03-09 13:56 - Updated:2018-06-14 13:54
Severity
Summary
Multiple vulnerabilities in CG-WGR1200
Details
CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below.
* Buffer Overflow (CWE-119) - CVE-2017-10852
* Buffer Overflow (CWE-78) - CVE-2017-10853
* Authentication bypass (CWE-306) - CVE-2017-10854
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000024.html",
"dc:date": "2018-06-14T13:54+09:00",
"dcterms:issued": "2018-03-09T13:56+09:00",
"dcterms:modified": "2018-06-14T13:54+09:00",
"description": "CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below.\r\n\r\n* Buffer Overflow (CWE-119) - CVE-2017-10852\r\n* Buffer Overflow (CWE-78) - CVE-2017-10853\r\n* Authentication bypass (CWE-306) - CVE-2017-10854\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000024.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wgr_1200",
"@product": "CG-WGR1200",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "8.8",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000024",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN15201064/index.html",
"@id": "JVN#15201064",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10852",
"@id": "CVE-2017-10852",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10853",
"@id": "CVE-2017-10853",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10854",
"@id": "CVE-2017-10854",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10852",
"@id": "CVE-2017-10852",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10853",
"@id": "CVE-2017-10853",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10854",
"@id": "CVE-2017-10854",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/19.html",
"@id": "CWE-19",
"@title": "Data Handling(CWE-19)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in CG-WGR1200"
}
JVNDB-2017-000220
Vulnerability from jvndb - Published: 2017-09-08 14:14 - Updated:2018-02-28 12:21
Severity
Summary
Multiple vulnerabilities in CG-WLR300NM
Details
CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below.
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000220.html",
"dc:date": "2018-02-28T12:21+09:00",
"dcterms:issued": "2017-09-08T14:14+09:00",
"dcterms:modified": "2018-02-28T12:21+09:00",
"description": "CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. \r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000220.html",
"sec:cpe": {
"#text": "cpe:/o:corega:cg-wlr300nm_firmware",
"@product": "CG-WLR300NM firmware",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2017-000220",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN00719891/index.html",
"@id": "JVN#00719891",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10813",
"@id": "CVE-2017-10813",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10814",
"@id": "CVE-2017-10814",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10813",
"@id": "CVE-2017-10813",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10814",
"@id": "CVE-2017-10814",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple vulnerabilities in CG-WLR300NM"
}
JVNDB-2016-000219
Vulnerability from jvndb - Published: 2016-11-11 14:50 - Updated:2018-01-17 12:09
Severity
Summary
CG-WLR300NX fails to restrict access permissions
Details
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions.
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000219.html",
"dc:date": "2018-01-17T12:09+09:00",
"dcterms:issued": "2016-11-11T14:50+09:00",
"dcterms:modified": "2018-01-17T12:09+09:00",
"description": "CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions.\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000219.html",
"sec:cpe": {
"#text": "cpe:/o:corega:cg-wlr300nx_firmware",
"@product": "CG-WLR300NX firmware",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.4",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000219",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN23549283/index.html",
"@id": "JVN#23549283",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7811",
"@id": "CVE-2016-7811",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7811",
"@id": "CVE-2016-7811",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "CG-WLR300NX fails to restrict access permissions"
}
JVNDB-2016-000218
Vulnerability from jvndb - Published: 2016-11-11 14:49 - Updated:2018-01-17 12:18
Severity
Summary
CG-WLR300NX vulnerable to cross-site scripting
Details
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability (CWE-79).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000218.html",
"dc:date": "2018-01-17T12:18+09:00",
"dcterms:issued": "2016-11-11T14:49+09:00",
"dcterms:modified": "2018-01-17T12:18+09:00",
"description": "CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site scripting vulnerability (CWE-79).\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000218.html",
"sec:cpe": {
"#text": "cpe:/o:corega:cg-wlr300nx_firmware",
"@product": "CG-WLR300NX firmware",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "2.7",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000218",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN92237169/index.html",
"@id": "JVN#92237169",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7810",
"@id": "CVE-2016-7810",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7810",
"@id": "CVE-2016-7810",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "CG-WLR300NX vulnerable to cross-site scripting"
}
JVNDB-2016-000217
Vulnerability from jvndb - Published: 2016-11-11 14:49 - Updated:2018-01-17 12:18
Severity
Summary
CG-WLR300NX vulnerable to cross-site request forgery
Details
CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability (CWE-352).
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000217.html",
"dc:date": "2018-01-17T12:18+09:00",
"dcterms:issued": "2016-11-11T14:49+09:00",
"dcterms:modified": "2018-01-17T12:18+09:00",
"description": "CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX contains a cross-site request forgery vulnerability (CWE-352).\r\n\r\nSatoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000217.html",
"sec:cpe": {
"#text": "cpe:/o:corega:cg-wlr300nx_firmware",
"@product": "CG-WLR300NX firmware",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000217",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN23823838/index.html",
"@id": "JVN#23823838",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7809",
"@id": "CVE-2016-7809",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7809",
"@id": "CVE-2016-7809",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "CG-WLR300NX vulnerable to cross-site request forgery"
}
JVNDB-2016-000216
Vulnerability from jvndb - Published: 2016-11-11 14:45 - Updated:2017-11-27 16:42
Severity
Summary
Multiple Corega wireless LAN routers vulnerable to cross-site scripting
Details
Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79).
Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000216.html",
"dc:date": "2017-11-27T16:42+09:00",
"dcterms:issued": "2016-11-11T14:45+09:00",
"dcterms:modified": "2017-11-27T16:42+09:00",
"description": "Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79).\r\n\r\nYutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000216.html",
"sec:cpe": [
{
"#text": "cpe:/h:corega:cg-wlbargmh",
"@product": "CG-WLBARGMH",
"@vendor": "Corega Inc",
"@version": "2.2"
},
{
"#text": "cpe:/h:corega:cg-wlbargnl",
"@product": "CG-WLBARGNL",
"@vendor": "Corega Inc",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "6.1",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000216",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN25060672/index.html",
"@id": "JVN#25060672",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7808",
"@id": "CVE-2016-7808",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-7808",
"@id": "CVE-2016-7808",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Multiple Corega wireless LAN routers vulnerable to cross-site scripting"
}
JVNDB-2016-000109
Vulnerability from jvndb - Published: 2016-06-22 14:57 - Updated:2016-06-29 16:04
Severity
Summary
CG-WLR300GNV Series does not limit authentication attempts
Details
CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.
Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
"dc:date": "2016-06-29T16:04+09:00",
"dcterms:issued": "2016-06-22T14:57+09:00",
"dcterms:modified": "2016-06-29T16:04+09:00",
"description": "CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks.\r\n\r\nTakeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000109.html",
"sec:cpe": [
{
"#text": "cpe:/h:corega:cg-wlr300gnv",
"@product": "CG-WLR300GNV",
"@vendor": "Corega Inc",
"@version": "2.2"
},
{
"#text": "cpe:/h:corega:cg-wlr300gnv-w",
"@product": "CG-WLR300GNV-W",
"@vendor": "Corega Inc",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "3.3",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000109",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN75028871/index.html",
"@id": "JVN#75028871",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4824",
"@id": "CVE-2016-4824",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4824",
"@id": "CVE-2016-4824",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
}
],
"title": "CG-WLR300GNV Series does not limit authentication attempts"
}
JVNDB-2016-000108
Vulnerability from jvndb - Published: 2016-06-22 14:57 - Updated:2016-06-29 16:04
Severity
Summary
CG-WLBARAGM vulnerable to denial-of-service (DoS)
Details
CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service (DoS) vulnerability.
Yuji Ukai of FFRI, Inc reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000108.html",
"dc:date": "2016-06-29T16:04+09:00",
"dcterms:issued": "2016-06-22T14:57+09:00",
"dcterms:modified": "2016-06-29T16:04+09:00",
"description": "CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service (DoS) vulnerability.\r\n\r\nYuji Ukai of FFRI, Inc reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000108.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wlbaragm",
"@product": "CG-WLBARAGM",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000108",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN24409899/index.html",
"@id": "JVN#24409899",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4823",
"@id": "CVE-2016-4823",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4823",
"@id": "CVE-2016-4823",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "CG-WLBARAGM vulnerable to denial-of-service (DoS)"
}
JVNDB-2016-000107
Vulnerability from jvndb - Published: 2016-06-22 14:56 - Updated:2016-06-29 16:03
Severity
Summary
CG-WLBARGL vulnerable to command injection
Details
CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability.
Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000107.html",
"dc:date": "2016-06-29T16:03+09:00",
"dcterms:issued": "2016-06-22T14:56+09:00",
"dcterms:modified": "2016-06-29T16:03+09:00",
"description": "CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability.\r\n\r\nOhji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000107.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wlbargl",
"@product": "CG-WLBARGL",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000107",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN76653039/index.html",
"@id": "JVN#76653039",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4822",
"@id": "CVE-2016-4822",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4822",
"@id": "CVE-2016-4822",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "CG-WLBARGL vulnerable to command injection"
}
JVNDB-2016-000032
Vulnerability from jvndb - Published: 2016-03-02 14:52 - Updated:2016-03-16 13:46
Severity
Summary
Multiple Corega wireless LAN routers vulnerable to cross-site request forgery
Details
Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability (CWE-352).
Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000032.html",
"dc:date": "2016-03-16T13:46+09:00",
"dcterms:issued": "2016-03-02T14:52+09:00",
"dcterms:modified": "2016-03-16T13:46+09:00",
"description": "Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability (CWE-352).\r\n\r\nYutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000032.html",
"sec:cpe": [
{
"#text": "cpe:/h:corega:cg-wlbargmh",
"@product": "CG-WLBARGMH",
"@vendor": "Corega Inc",
"@version": "2.2"
},
{
"#text": "cpe:/h:corega:cg-wlbargnl",
"@product": "CG-WLBARGNL",
"@vendor": "Corega Inc",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"@version": "2.0"
},
{
"@score": "7.1",
"@severity": "High",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-000032",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN59349382/index.html",
"@id": "JVN#59349382",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1158",
"@id": "CVE-2016-1158",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1158",
"@id": "CVE-2016-1158",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-352",
"@title": "Cross-Site Request Forgery(CWE-352)"
}
],
"title": "Multiple Corega wireless LAN routers vulnerable to cross-site request forgery"
}
JVNDB-2015-000202
Vulnerability from jvndb - Published: 2015-12-25 14:45 - Updated:2016-01-07 15:32
Severity
Summary
CG-WLBARAGM may behave as an open proxy
Details
CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy.
Akihiro Nakajima of NTT Communications reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000202.html",
"dc:date": "2016-01-07T15:32+09:00",
"dcterms:issued": "2015-12-25T14:45+09:00",
"dcterms:modified": "2016-01-07T15:32+09:00",
"description": "CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy.\r\n\r\nAkihiro Nakajima of NTT Communications reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000202.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wlbaragm",
"@product": "CG-WLBARAGM",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000202",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN50775659/index.html",
"@id": "JVN#50775659",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7793",
"@id": "CVE-2015-7793",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7793",
"@id": "CVE-2015-7793",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "CG-WLBARAGM may behave as an open proxy"
}
JVNDB-2015-000203
Vulnerability from jvndb - Published: 2015-12-25 14:45 - Updated:2016-01-07 15:32
Severity
Summary
CG-WLNCM4G may behave as an open resolver
Details
CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver.
SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000203.html",
"dc:date": "2016-01-07T15:32+09:00",
"dcterms:issued": "2015-12-25T14:45+09:00",
"dcterms:modified": "2016-01-07T15:32+09:00",
"description": "CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver.\r\n\r\nSASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000203.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wlncm4g",
"@product": "CG-WLNCM4G",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
{
"@score": "5.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000203",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51250073/index.html",
"@id": "JVN#51250073",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7794",
"@id": "CVE-2015-7794",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7794",
"@id": "CVE-2015-7794",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "CG-WLNCM4G may behave as an open resolver"
}
JVNDB-2015-000201
Vulnerability from jvndb - Published: 2015-12-25 14:33 - Updated:2016-01-07 15:32
Severity
Summary
CG-WLBARGS does not properly perform authentication
Details
CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication.
Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000201.html",
"dc:date": "2016-01-07T15:32+09:00",
"dcterms:issued": "2015-12-25T14:33+09:00",
"dcterms:modified": "2016-01-07T15:32+09:00",
"description": "CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication.\r\n\r\nKousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000201.html",
"sec:cpe": {
"#text": "cpe:/h:corega:cg-wlbargs",
"@product": "CG-WLBARGS",
"@vendor": "Corega Inc",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
{
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2015-000201",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN51349622/index.html",
"@id": "JVN#51349622",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7792",
"@id": "CVE-2015-7792",
"@source": "CVE"
},
{
"#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7792",
"@id": "CVE-2015-7792",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
}
],
"title": "CG-WLBARGS does not properly perform authentication"
}