Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
28 vulnerabilities by corega
VAR-201603-0104
Vulnerability from variot - Updated: 2023-12-18 13:44Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability (CWE-352). Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, various administrative functions may be performed. CoregaCG-WLBARGMH and CG-WLBARGNL are wireless router products from Japan's Corega. An attacker could exploit the vulnerability to perform an administrator action with a malicious page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201603-0104",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbargmh",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargnl",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargmh",
"scope": null,
"trust": 0.8,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargnl",
"scope": null,
"trust": 0.8,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlncm4g",
"scope": null,
"trust": 0.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbaragm",
"scope": null,
"trust": 0.6,
"vendor": "corega",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargmh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargmh_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargnl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargnl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1158"
}
]
},
"cve": "CVE-2016-1158",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000032",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-01468",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.9,
"id": "VHN-89977",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:H/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000032",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-1158",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000032",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-01468",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201603-018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-89977",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions. Multiple wireless LAN routers provided by Corega Inc contain a cross-site request forgery vulnerability (CWE-352). Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Ueki Shuya reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged into the management screen, various administrative functions may be performed. CoregaCG-WLBARGMH and CG-WLBARGNL are wireless router products from Japan\u0027s Corega. An attacker could exploit the vulnerability to perform an administrator action with a malicious page",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000032",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2016-1158",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN59349382",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-01468",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-89977",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"id": "VAR-201603-0104",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
}
],
"trust": 1.322222225
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
}
]
},
"last_update_date": "2023-12-18T13:44:17.284000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the cross-site request forgery vulnerability",
"trust": 0.8,
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-89977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn59349382/index.html"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000032"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1158"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1158"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2016/jvndb-2016-000032.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"db": "VULHUB",
"id": "VHN-89977"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"date": "2016-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-89977"
},
{
"date": "2016-03-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"date": "2016-03-03T22:59:11.427000",
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"date": "2016-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-03-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-01468"
},
{
"date": "2016-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-89977"
},
{
"date": "2016-03-16T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000032"
},
{
"date": "2016-03-10T22:16:42.130000",
"db": "NVD",
"id": "CVE-2016-1158"
},
{
"date": "2016-03-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Corega wireless LAN routers vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000032"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201603-018"
}
],
"trust": 0.6
}
}
VAR-201606-0182
Vulnerability from variot - Updated: 2023-12-18 13:44The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. A permission acquisition vulnerability exists in CoregaCG-WLR300GNV and CG-WLR300GNV-W due to the failure of the program to limit the number of authentication requests. CG-WLR300GNV Series routers are prone to an information-disclosure vulnerability. An attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0182",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlr300gnv",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlr300gnv-w",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlr300gnv-w",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlr300gnv",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlr300gnv:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlr300gnv_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlr300gnv-w:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlr300gnv-w_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4824"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4824",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000109",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2016-04288",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-93643",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000109",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4824",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000109",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04288",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-506",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93643",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "VULHUB",
"id": "VHN-93643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack. CG-WLR300GNV and CG-WLR300GNV-W provided by Corega Inc are wireless LAN routers. The WPS functionality in CG-WLR300GNV Series does not limit PIN authentication attempts, making it susceptible to brute force attacks. Takeshi Okamoto of Kanagawa Institute of Technology and Takaaki Minegishi reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated attacker within wireless range of the device may perform a brute force attack to recover the PIN. Using the recovered PIN, the attacker may gain access to the network. A permission acquisition vulnerability exists in CoregaCG-WLR300GNV and CG-WLR300GNV-W due to the failure of the program to limit the number of authentication requests. CG-WLR300GNV Series routers are prone to an information-disclosure vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and aid in brute-force attacks; other attacks may also be possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "BID",
"id": "91351"
},
{
"db": "VULHUB",
"id": "VHN-93643"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4824",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN75028871",
"trust": 3.1
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04288",
"trust": 0.6
},
{
"db": "BID",
"id": "91351",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93643",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "VULHUB",
"id": "VHN-93643"
},
{
"db": "BID",
"id": "91351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"id": "VAR-201606-0182",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "VULHUB",
"id": "VHN-93643"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
}
]
},
"last_update_date": "2023-12-18T13:44:13.106000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About vulnerability that does not limit authentication attempts",
"trust": 0.8,
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-287",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn75028871/index.html"
},
{
"trust": 2.3,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000109"
},
{
"trust": 1.1,
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4824"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4824"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "VULHUB",
"id": "VHN-93643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"db": "VULHUB",
"id": "VHN-93643"
},
{
"db": "BID",
"id": "91351"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"date": "2016-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93643"
},
{
"date": "2016-06-22T00:00:00",
"db": "BID",
"id": "91351"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"date": "2016-06-25T21:59:06.517000",
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"date": "2016-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04288"
},
{
"date": "2016-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-93643"
},
{
"date": "2016-06-22T00:00:00",
"db": "BID",
"id": "91351"
},
{
"date": "2016-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000109"
},
{
"date": "2016-06-28T00:33:23.657000",
"db": "NVD",
"id": "CVE-2016-4824"
},
{
"date": "2016-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLR300GNV Series does not limit authentication attempts",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000109"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-506"
}
],
"trust": 0.6
}
}
VAR-201706-0085
Vulnerability from variot - Updated: 2023-12-18 13:34Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79). Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. CoregaCG-WLBARGMH and CG-WLBARGNL are wireless router products from Japan's Corega. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0085",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbaragm",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargnl",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargnl",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargmh",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "inc cg-wlbargnl",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "0"
},
{
"model": "inc cg-wlbargmh",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "BID",
"id": "94249"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbaragm_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargmh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargnl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargnl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7808"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki",
"sources": [
{
"db": "BID",
"id": "94249"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7808",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000216",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-11293",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-96628",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000216",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7808",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000216",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-11293",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-349",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96628",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "VULHUB",
"id": "VHN-96628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79). Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. CoregaCG-WLBARGMH and CG-WLBARGNL are wireless router products from Japan\u0027s Corega. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "BID",
"id": "94249"
},
{
"db": "VULHUB",
"id": "VHN-96628"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7808",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN25060672",
"trust": 2.8
},
{
"db": "BID",
"id": "94249",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-11293",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-96628",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "VULHUB",
"id": "VHN-96628"
},
{
"db": "BID",
"id": "94249"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"id": "VAR-201706-0085",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "VULHUB",
"id": "VHN-96628"
}
],
"trust": 1.2962962999999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
}
]
},
"last_update_date": "2023-12-18T13:34:11.389000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About Cross-site Scripting Vulnerability",
"trust": 0.8,
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96628"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "https://jvn.jp/en/jp/jvn25060672/index.html"
},
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/94249"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7808"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7808"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "VULHUB",
"id": "VHN-96628"
},
{
"db": "BID",
"id": "94249"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"db": "VULHUB",
"id": "VHN-96628"
},
{
"db": "BID",
"id": "94249"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96628"
},
{
"date": "2016-11-11T00:00:00",
"db": "BID",
"id": "94249"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"date": "2017-06-09T16:29:00.547000",
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"date": "2016-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-11-18T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-11293"
},
{
"date": "2017-06-15T00:00:00",
"db": "VULHUB",
"id": "VHN-96628"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94249"
},
{
"date": "2017-11-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000216"
},
{
"date": "2017-06-15T19:38:17.437000",
"db": "NVD",
"id": "CVE-2016-7808"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Corega wireless LAN routers vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000216"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-349"
}
],
"trust": 0.6
}
}
VAR-201709-0208
Vulnerability from variot - Updated: 2023-12-18 13:34Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the administrative console of the device may execute an arbitrary OS command - CVE-2017-10813 * A user who can access the administrative console of the device may execute arbitrary code - CVE-2017-10814
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0208",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wlr 300 nm",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "1.90"
},
{
"model": "cg-wlr300nm",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "version 1.90"
},
{
"model": "cg-wlr300nm",
"scope": "lte",
"trust": 0.6,
"vendor": "corega",
"version": "\u003c=1.90"
},
{
"model": "wlr 300 nm",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "1.90"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:wlr_300_nm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.90",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:wlr_300_nm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10814"
}
]
},
"cve": "CVE-2017-10814",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000220",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-33061",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-101174",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000220",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2017-10814",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33061",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-785",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101174",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the administrative console of the device may execute an arbitrary OS command - CVE-2017-10813 * A user who can access the administrative console of the device may execute arbitrary code - CVE-2017-10814",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10814",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN00719891",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2017-33061",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101174",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"id": "VAR-201709-0208",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
}
]
},
"last_update_date": "2023-12-18T13:34:08.478000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About vulnerabilities in CG-WLR300NM",
"trust": 0.8,
"url": "http://www.corega.jp/support/security/20170908_wlr300nm.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
},
{
"problemtype": "CWE-78",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn00719891/index.html"
},
{
"trust": 2.3,
"url": "http://www.corega.jp/support/security/20170908_wlr300nm.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10814"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10814"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn00719891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"db": "VULHUB",
"id": "VHN-101174"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-101174"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"date": "2017-09-15T17:29:00.243000",
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33061"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101174"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"date": "2017-09-20T19:20:53.120000",
"db": "NVD",
"id": "CVE-2017-10814"
},
{
"date": "2017-09-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in CG-WLR300NM",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-785"
}
],
"trust": 0.6
}
}
VAR-201709-0207
Vulnerability from variot - Updated: 2023-12-18 13:34CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the administrative console of the device may execute an arbitrary OS command - CVE-2017-10813 * A user who can access the administrative console of the device may execute arbitrary code - CVE-2017-10814. There is a security hole in the CoregaCG-WLR300NM with firmware 1.90 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201709-0207",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wlr 300 nm",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "1.90"
},
{
"model": "cg-wlr300nm",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "version 1.90"
},
{
"model": "cg-wlr300nm",
"scope": "lte",
"trust": 0.6,
"vendor": "corega",
"version": "\u003c=1.90"
},
{
"model": "wlr 300 nm",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "1.90"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:wlr_300_nm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.90",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:wlr_300_nm:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10813"
}
]
},
"cve": "CVE-2017-10813",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2017-000220",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 1.6,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "CNVD-2017-33066",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.7,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.1,
"id": "VHN-101173",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2017-000220",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 1.6,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2017-000220",
"trust": 1.6,
"value": "Medium"
},
{
"author": "NVD",
"id": "CVE-2017-10813",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2017-33066",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201709-786",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101173",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary OS commands via unspecified vectors. CG-WLR300NM provided by Corega Inc. is a wireless LAN router. CG-WLR300NM contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the administrative console of the device may execute an arbitrary OS command - CVE-2017-10813 * A user who can access the administrative console of the device may execute arbitrary code - CVE-2017-10814. There is a security hole in the CoregaCG-WLR300NM with firmware 1.90 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN00719891",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-10813",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-33066",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101173",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"id": "VAR-201709-0207",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
}
],
"trust": 1.5333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
}
]
},
"last_update_date": "2023-12-18T13:34:08.450000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About vulnerabilities in CG-WLR300NM",
"trust": 0.8,
"url": "http://www.corega.jp/support/security/20170908_wlr300nm.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn00719891/index.html"
},
{
"trust": 2.3,
"url": "http://www.corega.jp/support/security/20170908_wlr300nm.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10813"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10814"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10813"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10814"
},
{
"trust": 0.6,
"url": "http://jvn.jp/en/jp/jvn00719891/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"db": "VULHUB",
"id": "VHN-101173"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"date": "2017-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-101173"
},
{
"date": "2017-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"date": "2017-09-15T17:29:00.197000",
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-11-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-33066"
},
{
"date": "2017-09-20T00:00:00",
"db": "VULHUB",
"id": "VHN-101173"
},
{
"date": "2018-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-000220"
},
{
"date": "2017-09-20T19:22:34.863000",
"db": "NVD",
"id": "CVE-2017-10813"
},
{
"date": "2017-09-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in CG-WLR300NM",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-000220"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201709-786"
}
],
"trust": 0.6
}
}
VAR-201512-0517
Vulnerability from variot - Updated: 2023-12-18 13:24Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Corega CG-WLNCM4G devices has a denial of service vulnerability. CG-WLNCM4G is prone to a denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Corega CG-WLBARGL is a wireless LAN router produced by Japan's Corega Corporation. A security vulnerability exists in the Corega CG-WLBARAGM device due to the program providing an open DNS resolver
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlncm4g",
"scope": null,
"trust": 2.0,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlncm4g",
"scope": "eq",
"trust": 1.0,
"vendor": "corega",
"version": "*"
},
{
"model": "inc cg-wlncm4g",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "BID",
"id": "79716"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlncm4g_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7794"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SASABE Tetsuro of The University of Tokyo",
"sources": [
{
"db": "BID",
"id": "79716"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7794",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000203",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08531",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85755",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000203",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7794",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000203",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08531",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-704",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85755",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "VULHUB",
"id": "VHN-85755"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries. CG-WLNCM4G provided by Corega Inc is a network camera. CG-WLNCM4G contains an issue where it may behave as an open resolver. SASABE Tetsuro of The University of Tokyo reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged for use in a DNS amplification attack and unknowingly become a part of a DDoS attack. Corega CG-WLNCM4G devices has a denial of service vulnerability. CG-WLNCM4G is prone to a denial-of-service vulnerability. \nAn attacker can exploit this issue to cause a denial-of-service condition. Corega CG-WLBARGL is a wireless LAN router produced by Japan\u0027s Corega Corporation. A security vulnerability exists in the Corega CG-WLBARAGM device due to the program providing an open DNS resolver",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "BID",
"id": "79716"
},
{
"db": "VULHUB",
"id": "VHN-85755"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7794",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN51250073",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08531",
"trust": 0.6
},
{
"db": "BID",
"id": "79716",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85755",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "VULHUB",
"id": "VHN-85755"
},
{
"db": "BID",
"id": "79716"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"id": "VAR-201512-0517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "VULHUB",
"id": "VHN-85755"
}
],
"trust": 1.4
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
}
]
},
"last_update_date": "2023-12-18T13:24:40.121000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the issue that may behave as an open resolver",
"trust": 0.8,
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
},
{
"title": "Corega CG-WLNCM4G devices denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69281"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85755"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn51250073/index.html"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000203"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7794"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7794"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000203.html"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "VULHUB",
"id": "VHN-85755"
},
{
"db": "BID",
"id": "79716"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"db": "VULHUB",
"id": "VHN-85755"
},
{
"db": "BID",
"id": "79716"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85755"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79716"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"date": "2015-12-30T05:59:13.940000",
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08531"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85755"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79716"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000203"
},
{
"date": "2015-12-30T18:29:02.107000",
"db": "NVD",
"id": "CVE-2015-7794"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLNCM4G may behave as an open resolver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-704"
}
],
"trust": 0.6
}
}
VAR-201606-0181
Vulnerability from variot - Updated: 2023-12-18 12:30Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service (DoS) vulnerability. Yuji Ukai of FFRI, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated remote attacker may cause the product to reboot. A denial of service vulnerability exists in CoregaCG-WLBARAGM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0181",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbaragm",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbaragm",
"scope": "eq",
"trust": 1.0,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargmh",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargmh:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbaragm_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4823"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Yuji Ukai of FFRI, Inc",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
],
"trust": 0.6
},
"cve": "CVE-2016-4823",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000108",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-04294",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-93642",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000108",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4823",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000108",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-507",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-93642",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "VULHUB",
"id": "VHN-93642"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains a denial-of-service (DoS) vulnerability. Yuji Ukai of FFRI, Inc reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An unauthenticated remote attacker may cause the product to reboot. A denial of service vulnerability exists in CoregaCG-WLBARAGM",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "BID",
"id": "91350"
},
{
"db": "VULHUB",
"id": "VHN-93642"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4823",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN24409899",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04294",
"trust": 0.6
},
{
"db": "BID",
"id": "91350",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-93642",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "VULHUB",
"id": "VHN-93642"
},
{
"db": "BID",
"id": "91350"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"id": "VAR-201606-0181",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "VULHUB",
"id": "VHN-93642"
}
],
"trust": 1.31666665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
}
]
},
"last_update_date": "2023-12-18T12:30:01.325000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About denial-of-service vulnerability",
"trust": 0.8,
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn24409899/index.html"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000108"
},
{
"trust": 1.1,
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4823"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4823"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "VULHUB",
"id": "VHN-93642"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "VULHUB",
"id": "VHN-93642"
},
{
"db": "BID",
"id": "91350"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"date": "2016-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93642"
},
{
"date": "2016-06-22T00:00:00",
"db": "BID",
"id": "91350"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"date": "2016-06-25T21:59:05.517000",
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"date": "2016-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"date": "2016-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-93642"
},
{
"date": "2016-07-06T15:03:00",
"db": "BID",
"id": "91350"
},
{
"date": "2016-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000108"
},
{
"date": "2016-06-28T00:32:51.903000",
"db": "NVD",
"id": "CVE-2016-4823"
},
{
"date": "2016-06-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARAGM Denial of Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04294"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-507"
}
],
"trust": 0.6
}
}
VAR-201803-0123
Vulnerability from variot - Updated: 2023-12-18 12:29Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wgr 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "2.20"
},
{
"model": "cg-wgr1200",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "firmware 2.20"
},
{
"model": "inc cg-wgr1200",
"scope": "lte",
"trust": 0.6,
"vendor": "corega",
"version": "\u003c=2.20"
},
{
"model": "cg-wgr 1200",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "2.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10854"
}
]
},
"cve": "CVE-2017-10854",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-04765",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-101218",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000024",
"trust": 2.4,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2017-10854",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04765",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-321",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-101218",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to bypass authentication and change the login password via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device\u0027s settings - CVE-2017-10854",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-10854",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN15201064",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-04765",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101218",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"id": "VAR-201803-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
}
]
},
"last_update_date": "2023-12-18T12:29:06.492000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple vulnerabilities in CG-WGR1200",
"trust": 0.8,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-19",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn15201064/index.html"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10854"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn15201064/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"db": "VULHUB",
"id": "VHN-101218"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101218"
},
{
"date": "2018-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-09T16:29:00.347000",
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04765"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-101218"
},
{
"date": "2018-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-27T13:31:41.493000",
"db": "NVD",
"id": "CVE-2017-10854"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in CG-WGR1200",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-321"
}
],
"trust": 0.6
}
}
VAR-201803-0121
Vulnerability from variot - Updated: 2023-12-18 12:29Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0121",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wgr 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "2.20"
},
{
"model": "cg-wgr1200",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "firmware 2.20"
},
{
"model": "inc cg-wgr1200",
"scope": "lte",
"trust": 0.6,
"vendor": "corega",
"version": "\u003c=2.20"
},
{
"model": "cg-wgr 1200",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "2.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10852"
}
]
},
"cve": "CVE-2017-10852",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-04762",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-101216",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000024",
"trust": 2.4,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2017-10852",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04762",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101216",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary code via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device\u0027s settings - CVE-2017-10854",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN15201064",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-10852",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-04762",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101216",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"id": "VAR-201803-0121",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
}
]
},
"last_update_date": "2023-12-18T12:29:06.464000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple vulnerabilities in CG-WGR1200",
"trust": 0.8,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-19",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn15201064/index.html"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10854"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn15201064/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"db": "VULHUB",
"id": "VHN-101216"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101216"
},
{
"date": "2018-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-09T16:29:00.220000",
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04762"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-101216"
},
{
"date": "2018-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-27T13:31:23.257000",
"db": "NVD",
"id": "CVE-2017-10852"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in CG-WGR1200",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-323"
}
],
"trust": 0.6
}
}
VAR-201803-0122
Vulnerability from variot - Updated: 2023-12-18 12:29Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device's settings - CVE-2017-10854
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-0122",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wgr 1200",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "2.20"
},
{
"model": "cg-wgr1200",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "firmware 2.20"
},
{
"model": "inc cg-wgr1200",
"scope": "lte",
"trust": 0.6,
"vendor": "corega",
"version": "\u003c=2.20"
},
{
"model": "cg-wgr 1200",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "2.20"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wgr_1200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wgr_1200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10853"
}
]
},
"cve": "CVE-2017-10853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 2.4,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-04764",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-101217",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2018-000024",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 2.4,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "IPA",
"id": "JVNDB-2018-000024",
"trust": 2.4,
"value": "High"
},
{
"author": "NVD",
"id": "CVE-2017-10853",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-04764",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201803-322",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-101217",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. CG-WGR1200 provided by Corega Inc is a wireless LAN router. CG-WGR1200 contains multiple vulnerabilities listed below. * Buffer Overflow (CWE-119) - CVE-2017-10852 * Buffer Overflow (CWE-78) - CVE-2017-10853 * Authentication bypass (CWE-306) - CVE-2017-10854 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected device may execute arbitrary code - CVE-2017-10852 * A user with access to the affected device may execute an arbitrary command - CVE-2017-10853 * A user with access to the affected device may change the login password. As a result, the user may access the management screen of the device and perform an arbitrary operation such as altering the device\u0027s settings - CVE-2017-10854",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN15201064",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2017-10853",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-04764",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-101217",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"id": "VAR-201803-0122",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
}
]
},
"last_update_date": "2023-12-18T12:29:06.435000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Multiple vulnerabilities in CG-WGR1200",
"trust": 0.8,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
},
{
"problemtype": "CWE-19",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-101217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn15201064/index.html"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20180309_wgr1200.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10854"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10852"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10853"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-10854"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn15201064/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"db": "VULHUB",
"id": "VHN-101217"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"date": "2018-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-101217"
},
{
"date": "2018-03-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-09T16:29:00.283000",
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-03-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-04764"
},
{
"date": "2018-03-27T00:00:00",
"db": "VULHUB",
"id": "VHN-101217"
},
{
"date": "2018-06-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000024"
},
{
"date": "2018-03-27T13:31:52.117000",
"db": "NVD",
"id": "CVE-2017-10853"
},
{
"date": "2018-03-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities in CG-WGR1200",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-000024"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201803-322"
}
],
"trust": 0.6
}
}
VAR-201512-0516
Vulnerability from variot - Updated: 2023-12-18 12:20Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Akihiro Nakajima of NTT Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged as a proxy server to conduct cyber attacks. CoregaCG-WLBARAGM has a denial of service vulnerability. A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site that is hosting the vulnerable script
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbaragm",
"scope": null,
"trust": 2.0,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbaragm",
"scope": "eq",
"trust": 1.0,
"vendor": "corega",
"version": "*"
},
{
"model": "inc cg-wlbaragm",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "BID",
"id": "79702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbaragm_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7793"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Akihiro Nakajima of NTT Communications",
"sources": [
{
"db": "BID",
"id": "79702"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7793",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000202",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08530",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-85754",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 5.8,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000202",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7793",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000202",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08530",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-703",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85754",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "VULHUB",
"id": "VHN-85754"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Akihiro Nakajima of NTT Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged as a proxy server to conduct cyber attacks. CoregaCG-WLBARAGM has a denial of service vulnerability. \nA remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site that is hosting the vulnerable script",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "BID",
"id": "79702"
},
{
"db": "VULHUB",
"id": "VHN-85754"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7793",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN50775659",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703",
"trust": 0.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-08530",
"trust": 0.6
},
{
"db": "BID",
"id": "79702",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85754",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "VULHUB",
"id": "VHN-85754"
},
{
"db": "BID",
"id": "79702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"id": "VAR-201512-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "VULHUB",
"id": "VHN-85754"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
}
]
},
"last_update_date": "2023-12-18T12:20:40.264000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the issue that may behave as an open proxy",
"trust": 0.8,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"title": "Corega CG-WLBARAGM devices denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69285"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-17",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85754"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn50775659/index.html"
},
{
"trust": 2.0,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000202"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7793"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7793"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000201.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "VULHUB",
"id": "VHN-85754"
},
{
"db": "BID",
"id": "79702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"db": "VULHUB",
"id": "VHN-85754"
},
{
"db": "BID",
"id": "79702"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85754"
},
{
"date": "2015-12-12T00:00:00",
"db": "BID",
"id": "79702"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"date": "2015-12-30T05:59:12.690000",
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08530"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85754"
},
{
"date": "2015-12-12T00:00:00",
"db": "BID",
"id": "79702"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000202"
},
{
"date": "2015-12-30T18:29:33.660000",
"db": "NVD",
"id": "CVE-2015-7793"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLBARAGM may behave as an open proxy",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000202"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-703"
}
],
"trust": 0.6
}
}
VAR-201512-0515
Vulnerability from variot - Updated: 2023-12-18 12:20Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. A cross-site scripting vulnerability exists in WL-330NUL. Allows an attacker to exploit this vulnerability to inject arbitrary web scripts or HTML code. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbargs",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargs",
"scope": "eq",
"trust": 1.0,
"vendor": "corega",
"version": "*"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kousuke Kawahira of DWANGO Co.,Ltd.",
"sources": [
{
"db": "BID",
"id": "79683"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-000201",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08529",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-85753",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2015-000201",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7792",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-000201",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2015-08529",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-601",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85753",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. A cross-site scripting vulnerability exists in WL-330NUL. Allows an attacker to exploit this vulnerability to inject arbitrary web scripts or HTML code. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "VULHUB",
"id": "VHN-85753"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7792",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN51349622",
"trust": 2.5
},
{
"db": "BID",
"id": "79683",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601",
"trust": 0.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-08529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85753",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"id": "VAR-201512-0515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
}
]
},
"last_update_date": "2023-12-18T12:20:40.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the authentication flaw",
"trust": 0.8,
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"title": "Patch for WL-330NUL Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69289"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn51349622/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/79683"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7792"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7792"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000195.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85753"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79683"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"date": "2015-12-30T05:59:11.767000",
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"date": "2015-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85753"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79683"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"date": "2016-11-28T19:44:33.660000",
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLBARGS does not properly perform authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.6
}
}
VAR-201606-0180
Vulnerability from variot - Updated: 2023-12-18 12:05Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary command may be executed by an authenticated attacker. CG-WLBARGL is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. A security vulnerability exists in the Corega CG-WLBARGL device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201606-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbargnl",
"scope": "eq",
"trust": 1.6,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargl",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlbargnl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargnl_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "AND"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ohji Kashiwazaki of Global Security Experts Inc.",
"sources": [
{
"db": "BID",
"id": "91348"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
],
"trust": 0.9
},
"cve": "CVE-2016-4822",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.2,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000107",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "CNVD-2016-04295",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.1,
"id": "VHN-93641",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000107",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-4822",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000107",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-04295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201606-508",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-93641",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "VULHUB",
"id": "VHN-93641"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary command may be executed by an authenticated attacker. CG-WLBARGL is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. A security vulnerability exists in the Corega CG-WLBARGL device",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "BID",
"id": "91348"
},
{
"db": "VULHUB",
"id": "VHN-93641"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-4822",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVN76653039",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-04295",
"trust": 0.6
},
{
"db": "BID",
"id": "91348",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-93641",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "VULHUB",
"id": "VHN-93641"
},
{
"db": "BID",
"id": "91348"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"id": "VAR-201606-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "VULHUB",
"id": "VHN-93641"
}
],
"trust": 1.3527778
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
}
]
},
"last_update_date": "2023-12-18T12:05:54.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About command injection vulnerability",
"trust": 0.8,
"url": "http://corega.jp/support/security/20160622_wlbargl.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-93641"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://jvn.jp/en/jp/jvn76653039/index.html"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2016-000107"
},
{
"trust": 1.1,
"url": "http://corega.jp/support/security/20160622_wlbargl.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4822"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4822"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "VULHUB",
"id": "VHN-93641"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "VULHUB",
"id": "VHN-93641"
},
{
"db": "BID",
"id": "91348"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"date": "2016-06-25T00:00:00",
"db": "VULHUB",
"id": "VHN-93641"
},
{
"date": "2016-06-22T00:00:00",
"db": "BID",
"id": "91348"
},
{
"date": "2016-06-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"date": "2016-06-25T21:59:04.547000",
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"date": "2016-06-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-06-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"date": "2016-06-28T00:00:00",
"db": "VULHUB",
"id": "VHN-93641"
},
{
"date": "2016-06-22T00:00:00",
"db": "BID",
"id": "91348"
},
{
"date": "2016-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000107"
},
{
"date": "2016-06-28T00:28:55.670000",
"db": "NVD",
"id": "CVE-2016-4822"
},
{
"date": "2016-11-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARGL Command Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-04295"
},
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201606-508"
}
],
"trust": 0.6
}
}
VAR-201706-0086
Vulnerability from variot - Updated: 2023-12-18 12:04Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. Corega CG-WLR300NX is prone to following security vulnerabilities: 1. A security bypass vulnerability 2. A cross-site request forgery vulnerability An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. Corega CG-WLR300NX 1.20 and prior are vulnerable. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0086",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "1.20"
},
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "ver. 1.20"
},
{
"model": "cg-wlr300nx",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.10"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.00"
},
{
"model": "inc cg-wlr300nx",
"scope": "ne",
"trust": 0.3,
"vendor": "corega",
"version": "1.30"
}
],
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlr300nx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlr300nx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7809"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7809",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000217",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-96629",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.1,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000217",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7809",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000217",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-362",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96629",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. Corega CG-WLR300NX is prone to following security vulnerabilities:\n1. A security bypass vulnerability\n2. A cross-site request forgery vulnerability\nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. \nCorega CG-WLR300NX 1.20 and prior are vulnerable. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "VULHUB",
"id": "VHN-96629"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN23823838",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7809",
"trust": 2.8
},
{
"db": "BID",
"id": "94248",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN23549283",
"trust": 0.3
},
{
"db": "JVN",
"id": "JVN92237169",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-96629",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96629"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"id": "VAR-201706-0086",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96629"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:04:02.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About Multiple Vulnerabilities of CG-WLR300NX",
"trust": 0.8,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"title": "Corega CG-WLR300NX Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65721"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96629"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn23823838/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94248"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7809"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7809"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23549283/index.htmls"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23823838/index.html "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn92237169/index.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96629"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96629"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96629"
},
{
"date": "2016-11-10T00:00:00",
"db": "BID",
"id": "94248"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"date": "2017-06-09T16:29:00.580000",
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"date": "2016-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96629"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94248"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000217"
},
{
"date": "2017-06-16T15:47:18.707000",
"db": "NVD",
"id": "CVE-2016-7809"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLR300NX vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000217"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-362"
}
],
"trust": 0.6
}
}
VAR-201706-0088
Vulnerability from variot - Updated: 2023-12-18 12:04Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. Corega CG-WLR300NX is prone to following security vulnerabilities: 1. A security bypass vulnerability 2. A cross-site scripting vulnerability 3. A cross-site request forgery vulnerability An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. Corega CG-WLR300NX 1.20 and prior are vulnerable. A security vulnerability exists in the Corega CG-WLR300NX with firmware version 1.20 and earlier
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "1.20"
},
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "ver. 1.20"
},
{
"model": "cg-wlr300nx",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.10"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.00"
},
{
"model": "inc cg-wlr300nx",
"scope": "ne",
"trust": 0.3,
"vendor": "corega",
"version": "1.30"
}
],
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlr300nx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlr300nx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7811"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7811",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2016-000219",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-96631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2016-000219",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7811",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2016-000219",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-350",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-96631",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96631"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. CG-WLR300NX fails to restrict access permissions. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. Corega CG-WLR300NX is prone to following security vulnerabilities:\n1. A security bypass vulnerability\n2. A cross-site scripting vulnerability\n3. A cross-site request forgery vulnerability\nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. \nCorega CG-WLR300NX 1.20 and prior are vulnerable. A security vulnerability exists in the Corega CG-WLR300NX with firmware version 1.20 and earlier",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "VULHUB",
"id": "VHN-96631"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-7811",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVN23549283",
"trust": 2.8
},
{
"db": "BID",
"id": "94248",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN23823838",
"trust": 0.3
},
{
"db": "JVN",
"id": "JVN92237169",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-96631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96631"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"id": "VAR-201706-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96631"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:04:01.981000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About Multiple Vulnerabilities of CG-WLR300NX",
"trust": 0.8,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"title": "Corega CG-WLR300NX Repair measures for security bypass vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65713"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-284",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96631"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn23549283/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94248"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7811"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7811"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23549283/index.htmls"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23823838/index.html "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn92237169/index.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96631"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96631"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96631"
},
{
"date": "2016-11-10T00:00:00",
"db": "BID",
"id": "94248"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"date": "2017-06-09T16:29:00.657000",
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"date": "2016-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96631"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94248"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000219"
},
{
"date": "2017-06-16T13:11:17.933000",
"db": "NVD",
"id": "CVE-2016-7811"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLR300NX fails to restrict access permissions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000219"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-350"
}
],
"trust": 0.6
}
}
VAR-201706-0087
Vulnerability from variot - Updated: 2023-12-18 12:04Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. Corega CG-WLR300NX is prone to following security vulnerabilities: 1. A security bypass vulnerability 2. A cross-site request forgery vulnerability An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. Corega CG-WLR300NX 1.20 and prior are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201706-0087",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 1.0,
"vendor": "corega",
"version": "1.20"
},
{
"model": "cg-wlr300nx",
"scope": "lte",
"trust": 0.8,
"vendor": "corega",
"version": "ver. 1.20"
},
{
"model": "cg-wlr300nx",
"scope": "eq",
"trust": 0.6,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.20"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.10"
},
{
"model": "inc cg-wlr300nx",
"scope": "eq",
"trust": 0.3,
"vendor": "corega",
"version": "1.00"
},
{
"model": "inc cg-wlr300nx",
"scope": "ne",
"trust": 0.3,
"vendor": "corega",
"version": "1.30"
}
],
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlr300nx_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.20",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:corega:cg-wlr300nx:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc.",
"sources": [
{
"db": "BID",
"id": "94248"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
],
"trust": 0.9
},
"cve": "CVE-2016-7810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.7,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2016-000218",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-96630",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2016-000218",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "High",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-7810",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2016-000218",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201611-351",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-96630",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. Corega CG-WLR300NX is prone to following security vulnerabilities:\n1. A security bypass vulnerability\n2. A cross-site request forgery vulnerability\nAn attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. \nCorega CG-WLR300NX 1.20 and prior are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "VULHUB",
"id": "VHN-96630"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN92237169",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2016-7810",
"trust": 2.8
},
{
"db": "BID",
"id": "94248",
"trust": 2.0
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351",
"trust": 0.7
},
{
"db": "JVN",
"id": "JVN23823838",
"trust": 0.3
},
{
"db": "JVN",
"id": "JVN23549283",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-96630",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96630"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"id": "VAR-201706-0087",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-96630"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:04:01.950000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About Multiple Vulnerabilities of CG-WLR300NX",
"trust": 0.8,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"title": "Corega CG-WLR300NX Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=65714"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96630"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://jvn.jp/en/jp/jvn92237169/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/94248"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7810"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-7810"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"trust": 0.3,
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23549283/index.htmls"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn23823838/index.html "
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn92237169/index.html "
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-96630"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-96630"
},
{
"db": "BID",
"id": "94248"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-09T00:00:00",
"db": "VULHUB",
"id": "VHN-96630"
},
{
"date": "2016-11-10T00:00:00",
"db": "BID",
"id": "94248"
},
{
"date": "2016-11-11T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"date": "2017-06-09T16:29:00.610000",
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"date": "2016-11-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-06-16T00:00:00",
"db": "VULHUB",
"id": "VHN-96630"
},
{
"date": "2016-11-24T01:09:00",
"db": "BID",
"id": "94248"
},
{
"date": "2018-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-000218"
},
{
"date": "2017-06-16T15:46:53.440000",
"db": "NVD",
"id": "CVE-2016-7810"
},
{
"date": "2017-06-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLR300NX vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-000218"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201611-351"
}
],
"trust": 0.6
}
}
CVE-2016-4824 (GCVE-0-2016-4824)
Vulnerability from nvd – Published: 2016-06-25 21:00 – Updated: 2024-08-06 00:39
VLAI
Summary
The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN75028871/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20160622_wlr300… | x_refsource_CONFIRM |
Date Public
2016-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000109",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000109",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000109",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"name": "http://corega.jp/support/security/20160622_wlr300gnv.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4824",
"datePublished": "2016-06-25T21:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4823 (GCVE-0-2016-4823)
Vulnerability from nvd – Published: 2016-06-25 21:00 – Updated: 2024-08-06 00:39
VLAI
Summary
Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108 | third-party-advisoryx_refsource_JVNDB |
| http://corega.jp/support/security/20160622_wlbaragm.htm | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN24409899/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2016-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000108",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"name": "http://corega.jp/support/security/20160622_wlbaragm.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4823",
"datePublished": "2016-06-25T21:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1158 (GCVE-0-2016-1158)
Vulnerability from nvd – Published: 2016-03-03 22:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN59349382/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20160229_wlbarg… | x_refsource_CONFIRM |
Date Public
2016-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000032",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-03-03T22:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000032",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000032",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"name": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1158",
"datePublished": "2016-03-03T22:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7794 (GCVE-0-2015-7794)
Vulnerability from nvd – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:58
VLAI
Summary
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN51250073/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20151224_wlncm4g.htm | x_refsource_CONFIRM |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000203",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2015-000203",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000203",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"name": "http://corega.jp/support/security/20151224_wlncm4g.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7794",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7793 (GCVE-0-2015-7793)
Vulnerability from nvd – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:59
VLAI
Summary
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://corega.jp/support/security/20151224_wlbaragm.htm | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN50775659/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202 | third-party-advisoryx_refsource_JVNDB |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corega.jp/support/security/20151224_wlbaragm.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7793",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:59:00.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7792 (GCVE-0-2015-7792)
Vulnerability from nvd – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:59
VLAI
Summary
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/79683 | vdb-entryx_refsource_BID |
| http://corega.jp/support/security/20151224_wlbargs.htm | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN51349622/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79683"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "79683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79683"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79683"
},
{
"name": "http://corega.jp/support/security/20151224_wlbargs.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7792",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:59:00.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4823 (GCVE-0-2016-4823)
Vulnerability from cvelistv5 – Published: 2016-06-25 21:00 – Updated: 2024-08-06 00:39
VLAI
Summary
Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108 | third-party-advisoryx_refsource_JVNDB |
| http://corega.jp/support/security/20160622_wlbaragm.htm | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN24409899/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2016-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000108",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4823",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARAGM devices allow remote attackers to cause a denial of service (reboot) via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000108",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000108"
},
{
"name": "http://corega.jp/support/security/20160622_wlbaragm.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160622_wlbaragm.htm"
},
{
"name": "JVN#24409899",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN24409899/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4823",
"datePublished": "2016-06-25T21:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4824 (GCVE-0-2016-4824)
Vulnerability from cvelistv5 – Published: 2016-06-25 21:00 – Updated: 2024-08-06 00:39
VLAI
Summary
The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN75028871/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20160622_wlr300… | x_refsource_CONFIRM |
Date Public
2016-06-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:39:26.266Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000109",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-06-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-06-25T21:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000109",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-4824",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV and CG-WLR300GNV-W devices does not restrict the number of PIN authentication attempts, which makes it easier for remote attackers to obtain network access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000109",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000109"
},
{
"name": "JVN#75028871",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN75028871/index.html"
},
{
"name": "http://corega.jp/support/security/20160622_wlr300gnv.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160622_wlr300gnv.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-4824",
"datePublished": "2016-06-25T21:00:00.000Z",
"dateReserved": "2016-05-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T00:39:26.266Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1158 (GCVE-0-2016-1158)
Vulnerability from cvelistv5 – Published: 2016-03-03 22:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN59349382/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20160229_wlbarg… | x_refsource_CONFIRM |
Date Public
2016-03-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000032",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-03-03T22:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000032",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1158",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH and CG-WLBARGNL devices allows remote attackers to hijack the authentication of administrators for requests that perform administrative functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000032",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000032"
},
{
"name": "JVN#59349382",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN59349382/index.html"
},
{
"name": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20160229_wlbargmh_wlbargnl.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1158",
"datePublished": "2016-03-03T22:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7792 (GCVE-0-2015-7792)
Vulnerability from cvelistv5 – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:59
VLAI
Summary
Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/79683 | vdb-entryx_refsource_BID |
| http://corega.jp/support/security/20151224_wlbargs.htm | x_refsource_CONFIRM |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN51349622/index.html | third-party-advisoryx_refsource_JVN |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "79683",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79683"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-25T19:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "79683",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79683"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7792",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "79683",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79683"
},
{
"name": "http://corega.jp/support/security/20151224_wlbargs.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"name": "JVNDB-2015-000201",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000201"
},
{
"name": "JVN#51349622",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51349622/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7792",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:59:00.481Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7794 (GCVE-0-2015-7794)
Vulnerability from cvelistv5 – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:58
VLAI
Summary
Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN51250073/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20151224_wlncm4g.htm | x_refsource_CONFIRM |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2015-000203",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2015-000203",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLNCM4G devices provide an open DNS resolver, which allows remote attackers to cause a denial of service (traffic amplification) via crafted queries."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2015-000203",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000203"
},
{
"name": "JVN#51250073",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN51250073/index.html"
},
{
"name": "http://corega.jp/support/security/20151224_wlncm4g.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlncm4g.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7794",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:58:59.961Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7793 (GCVE-0-2015-7793)
Vulnerability from cvelistv5 – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:59
VLAI
Summary
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://corega.jp/support/security/20151224_wlbaragm.htm | x_refsource_CONFIRM |
| http://jvn.jp/en/jp/JVN50775659/index.html | third-party-advisoryx_refsource_JVN |
| http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202 | third-party-advisoryx_refsource_JVNDB |
Date Public
2015-12-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:59:00.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://corega.jp/support/security/20151224_wlbaragm.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20151224_wlbaragm.htm"
},
{
"name": "JVN#50775659",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN50775659/index.html"
},
{
"name": "JVNDB-2015-000202",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000202"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7793",
"datePublished": "2015-12-30T02:00:00.000Z",
"dateReserved": "2015-10-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:59:00.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}