Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    9 vulnerabilities by netcommwireless

    VAR-201410-0378

    Vulnerability from variot - Updated: 2023-12-18 14:06

    Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -> Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201410-0378",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nb604n",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": null
          },
          {
            "model": "nb604n",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": "gan5.cz56t-b-nc.au-r4b010.en"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "nb604n",
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "nb604n",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "gan5.cz56t-b-nc.au-r4b010.en"
          },
          {
            "model": "wireless limited. netcommwireless nb604n gan5.cz56t-b-nc.au-r4b010.en",
            "scope": null,
            "trust": 0.6,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "nb604n",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netcommwireless",
            "version": "gan5.cz56t-b-nc.au-r4b010.en"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:nb604n_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "gan5.cz56t-b-nc.au-r4b010.en",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:nb604n:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Katie Duczmal",
        "sources": [
          {
            "db": "BID",
            "id": "70253"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2014-4871",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 3.5,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "PARTIAL",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 2.3,
                "exploitability": "PROOF-OF-CONCEPT",
                "exploitabilityScore": 6.8,
                "id": "CVE-2014-4871",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "UNAVAILABLE",
                "reportConfidence": "NOT DEFINED",
                "severity": "LOW",
                "targetDistribution": "MEDIUM",
                "trust": 0.8,
                "userInterationRequired": null,
                "vector_string": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "Single",
                "author": "IPA",
                "availabilityImpact": "None",
                "baseScore": 3.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "JVNDB-2014-004570",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Low",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 3.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 6.8,
                "id": "CNVD-2014-06598",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "LOW",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-72812",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2014-4871",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2014-4871",
                "trust": 0.8,
                "value": "LOW"
              },
              {
                "author": "IPA",
                "id": "JVNDB-2014-004570",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2014-06598",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201410-133",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-72812",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -\u003e Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nNetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "BID",
            "id": "70253"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          }
        ],
        "trust": 3.24
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2014-4871",
            "trust": 4.2
          },
          {
            "db": "CERT/CC",
            "id": "VU#941108",
            "trust": 3.9
          },
          {
            "db": "BID",
            "id": "70253",
            "trust": 2.0
          },
          {
            "db": "JVN",
            "id": "JVNVU93498805",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "db": "BID",
            "id": "70253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "id": "VAR-201410-0378",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          }
        ]
      },
      "last_update_date": "2023-12-18T14:06:07.351000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Support - ADSL2+ Wireless N300 Modem Router - NB604N",
            "trust": 0.8,
            "url": "http://support.netcommwireless.com/product/adsl/nb604n"
          },
          {
            "title": "\\302\\240\\302\\240\\302\\240\\302\\240\\302\\240NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 patch for HTML injection vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/50765"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.1,
            "url": "http://www.kb.cert.org/vuls/id/941108"
          },
          {
            "trust": 1.1,
            "url": "http://www.securityfocus.com/bid/70253"
          },
          {
            "trust": 0.8,
            "url": "http://cwe.mitre.org/data/definitions/79.html"
          },
          {
            "trust": 0.8,
            "url": "http://support.netcommwireless.com/product/adsl/nb604n"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4871"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu93498805/index.html"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4871"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "db": "BID",
            "id": "70253"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "date": "2014-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "date": "2014-10-07T00:00:00",
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "date": "2014-10-06T00:00:00",
            "db": "BID",
            "id": "70253"
          },
          {
            "date": "2014-10-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "date": "2014-10-07T10:55:04.433000",
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "date": "2014-10-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2014-10-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#941108"
          },
          {
            "date": "2014-10-11T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "date": "2015-10-06T00:00:00",
            "db": "VULHUB",
            "id": "VHN-72812"
          },
          {
            "date": "2014-10-06T00:00:00",
            "db": "BID",
            "id": "70253"
          },
          {
            "date": "2014-10-09T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2014-004570"
          },
          {
            "date": "2015-10-06T02:38:29.580000",
            "db": "NVD",
            "id": "CVE-2014-4871"
          },
          {
            "date": "2014-10-14T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 HTML Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2014-06598"
          },
          {
            "db": "BID",
            "id": "70253"
          }
        ],
        "trust": 0.9
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201410-133"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0372

    Vulnerability from variot - Updated: 2023-12-18 13:13

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple information disclosure Vulnerabilities. 2. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0372",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nwl-25",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netcomm",
            "version": "\u003c=2.0.29.11"
          },
          {
            "model": "nwl-25",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:nwl-25_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.0.29.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:nwl-25:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya K. Sood",
        "sources": [
          {
            "db": "BID",
            "id": "105053"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14783",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 6.8,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-14783",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-10271",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 6.8,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 8.6,
                "id": "VHN-124977",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 8.8,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 2.8,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 8.8,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14783",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14783",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-10271",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-284",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-124977",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. A cross-site request forgery condition can occur, allowing an attacker to change passwords of the device remotely. NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) Contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Multiple information disclosure Vulnerabilities. \n2. \n3. An cross-site scripting vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14783",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-221-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105053",
            "trust": 2.6
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "id": "VAR-201808-0372",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          }
        ],
        "trust": 1.3948052
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:13:45.864000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.netcommwireless.com/"
          },
          {
            "title": "Patch for NetCommNWL-25 Cross-Site Request Forgery Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/158873"
          },
          {
            "title": "NetComm Wireless G LTE Light Industrial M2M Router(NWL-25) Cross-site request forgery vulnerability Repair measures",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83910"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-352",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105053"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14783"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14783"
          },
          {
            "trust": 0.3,
            "url": "https://www.netcommwireless.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "date": "2018-08-10T19:29:00.600000",
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10271"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124977"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          },
          {
            "date": "2019-10-09T23:35:11.857000",
            "db": "NVD",
            "id": "CVE-2018-14783"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router Vulnerable to cross-site request forgery",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008974"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "cross-site request forgery",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-284"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0371

    Vulnerability from variot - Updated: 2023-12-18 13:13

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. An information disclosure vulnerability exists in NetCommNWL-25 using firmware version 2.0.29.11 and earlier, which could allow an attacker to gain access to a configuration file without authentication. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0371",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nwl-25",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netcomm",
            "version": "\u003c=2.0.29.11"
          },
          {
            "model": "nwl-25",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:nwl-25_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.0.29.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:nwl-25:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya K. Sood",
        "sources": [
          {
            "db": "BID",
            "id": "105053"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14782",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-14782",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-10270",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-124976",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14782",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14782",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-10270",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-285",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-124976",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device allows access to configuration files and profiles without authenticating the user. An information disclosure vulnerability exists in NetCommNWL-25 using firmware version 2.0.29.11 and earlier, which could allow an attacker to gain access to a configuration file without authentication. Multiple information disclosure Vulnerabilities. \n2. An cross-site request forgery vulnerability. \n3. An cross-site scripting vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14782",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-221-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105053",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "id": "VAR-201808-0371",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          }
        ],
        "trust": 1.3948052
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:13:45.825000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.netcommwireless.com/"
          },
          {
            "title": "Patch for NetCommNWL-25 Information Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/158875"
          },
          {
            "title": "NetComm Wireless G LTE Light Industrial M2M Router(NWL-25) Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83911"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-287",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105053"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14782"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14782"
          },
          {
            "trust": 0.3,
            "url": "https://www.netcommwireless.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "date": "2018-08-10T19:29:00.490000",
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10270"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124976"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          },
          {
            "date": "2019-10-09T23:35:11.733000",
            "db": "NVD",
            "id": "CVE-2018-14782"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router Authentication vulnerability",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008975"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "authorization issue",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-285"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0374

    Vulnerability from variot - Updated: 2023-12-18 13:13

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. A device directory leak vulnerability exists in NetCommNWL-25 using firmware 2.0.29.11 and earlier, which an attacker could use to obtain a directory of devices. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0374",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nwl-25",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netcomm",
            "version": "\u003c=2.0.29.11"
          },
          {
            "model": "nwl-25",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:nwl-25_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.0.29.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:nwl-25:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya K. Sood",
        "sources": [
          {
            "db": "BID",
            "id": "105053"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14785",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 5.0,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2018-14785",
                "impactScore": null,
                "integrityImpact": "None",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2019-10269",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-124979",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 7.5,
                "baseSeverity": "High",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2018-14785",
                "impactScore": null,
                "integrityImpact": "None",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14785",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-10269",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-282",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-124979",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication. A device directory leak vulnerability exists in NetCommNWL-25 using firmware 2.0.29.11 and earlier, which an attacker could use to obtain a directory of devices. Multiple information disclosure Vulnerabilities. \n2. An cross-site request forgery vulnerability. \n3. An cross-site scripting vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14785",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-221-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105053",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "id": "VAR-201808-0374",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          }
        ],
        "trust": 1.3948052
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:13:45.791000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.netcommwireless.com/"
          },
          {
            "title": "Patch for NetCommNWL-25 Device Directory Disclosure Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/158877"
          },
          {
            "title": "NetComm Wireless G LTE Light Industrial M2M Router(NWL-25) Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83908"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-200",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105053"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14785"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14785"
          },
          {
            "trust": 0.3,
            "url": "https://www.netcommwireless.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "date": "2018-08-10T19:29:00.867000",
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10269"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124979"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          },
          {
            "date": "2019-10-09T23:35:12.107000",
            "db": "NVD",
            "id": "CVE-2018-14785"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router Vulnerable to information disclosure",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008972"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "information disclosure",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-282"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201808-0373

    Vulnerability from variot - Updated: 2023-12-18 13:13

    NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. Multiple information disclosure Vulnerabilities. 2. An cross-site request forgery vulnerability. 3. An cross-site scripting vulnerability. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201808-0373",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "nwl-25",
            "scope": "lte",
            "trust": 1.0,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "lte",
            "trust": 0.6,
            "vendor": "netcomm",
            "version": "\u003c=2.0.29.11"
          },
          {
            "model": "nwl-25",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "netcommwireless",
            "version": "2.0.29.11"
          },
          {
            "model": "wireless 4g lte light industrial m2m router",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "netcomm",
            "version": "2.0.29.11"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:nwl-25_firmware:*:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "versionEndIncluding": "2.0.29.11",
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:nwl-25:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Aditya K. Sood",
        "sources": [
          {
            "db": "BID",
            "id": "105053"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2018-14784",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "MEDIUM",
                "trust": 1.0,
                "userInteractionRequired": true,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Medium",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 4.3,
                "confidentialityImpact": "None",
                "exploitabilityScore": null,
                "id": "CVE-2018-14784",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "Medium",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2019-10268",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "VHN-124978",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.1,
                "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "NONE",
                "baseScore": 6.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 2.8,
                "impactScore": 2.7,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "trust": 1.0,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "None",
                "baseScore": 6.1,
                "baseSeverity": "Medium",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2018-14784",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Changed",
                "trust": 0.8,
                "userInteraction": "Required",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2018-14784",
                "trust": 1.8,
                "value": "MEDIUM"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2019-10268",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201808-283",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "VULHUB",
                "id": "VHN-124978",
                "trust": 0.1,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router (NWL-25) with firmware 2.0.29.11 and prior. The device is vulnerable to several cross-site scripting attacks, allowing a remote attacker to run arbitrary code on the device. Multiple information disclosure Vulnerabilities. \n2. An cross-site request forgery vulnerability. \n3. An cross-site scripting vulnerability. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials and gain access to sensitive information. Failed exploit attempts will likely result in denial of service conditions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          }
        ],
        "trust": 2.52
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2018-14784",
            "trust": 3.4
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-18-221-02",
            "trust": 2.8
          },
          {
            "db": "BID",
            "id": "105053",
            "trust": 2.0
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "id": "VAR-201808-0373",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          }
        ],
        "trust": 1.3948052
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          }
        ]
      },
      "last_update_date": "2023-12-18T13:13:45.756000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "https://www.netcommwireless.com/"
          },
          {
            "title": "Patch for NetCommNWL-25 Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/158879"
          },
          {
            "title": "NetComm Wireless G LTE Light Industrial M2M Router(NWL-25) Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=83909"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.8,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-18-221-02"
          },
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/105053"
          },
          {
            "trust": 1.4,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14784"
          },
          {
            "trust": 0.8,
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14784"
          },
          {
            "trust": 0.3,
            "url": "https://www.netcommwireless.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "db": "BID",
            "id": "105053"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "date": "2018-08-10T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "date": "2018-08-10T19:29:00.727000",
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "date": "2018-08-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2019-04-17T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2019-10268"
          },
          {
            "date": "2019-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-124978"
          },
          {
            "date": "2018-08-09T00:00:00",
            "db": "BID",
            "id": "105053"
          },
          {
            "date": "2018-11-05T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          },
          {
            "date": "2019-10-09T23:35:11.983000",
            "db": "NVD",
            "id": "CVE-2018-14784"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetComm Wireless G LTE Light Industrial M2M Router Vulnerable to cross-site scripting",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2018-008973"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201808-283"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0400

    Vulnerability from variot - Updated: 2023-12-18 12:57

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. There is a security vulnerability in the ping.cgi file in the NetCommWireless HSPA 3G10WVE wireless router using firmware versions earlier than 3G10WVE-L101-S306ETS-C01_R05. Title:

    NetCommWireless HSPA 3G10WVE Wireless Router \x96 Multiple vulnerabilities

    Credit:

    Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com

    CVE:

    CVE-2015-6023, CVE-2016-6024

    Date:

    03-05-2016 (dd/mm/yyyy)

    Vendor:

    NetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet.

    Products and services: Wireless 3G/4G broadband devices Custom engineered technologies Broadband communication devices

    Customers: Telecommunications carriers Internet Service Providers System Integrators Channel partners Enterprise customers

    Product:

    HSPA 3G10WVE is a wireless router

    It integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel & get instant access to 3G internet connection. Etisalat HSPA 3G10WVE wireless router incorporates a WLAN 802.11b/g access point, two Ethernet 10/100Mbps ports for voice & fax. Featuring voice port which means that one can stay connected using the internet & phone. If one need a flexible internet connection for his business or at home; this is the perfect solution.

    Customer Product link: http://www.etisalat.ae/nrd/en/generic/3.5g_router.jsp

    Abstract:

    Multiple vulnerabilities in the HSPA 3G10WVE wireless router enable an anonymous unauthorized attacker to 1) bypass authentication and gain unauthorized access of router's network troubleshooting page (ping.cgi) and 2) exploit a command injection vulnerability on ping.cgi, which could result in a complete system/network compromise.

    Report-Timeline:

    03-09-2015: Vendor notification 08-09-2015: Vendor Response/Feedback 02-05-2016: Vendor Fix/Patch 03-05-2016: Public Disclosure

    Affected Software Version:

    3G10WVE-L101-S306ETS-C01_R03

    Exploitation-Technique:

    Remote

    Severity Rating (CVSS):

    10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

    Details:

    Below listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network.

    1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023 2) Command injection vulnerability - CVE-2016-6024

    Vulnerable module/page/application: ping.cgi

    Vulnerable parameter: DIA_IPADDRESS

    Proof Of Concept:

    PoC URL: http(s):///ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd

    PoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk

    Patched/Fixed Firmware and notes:

    ftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin

    NOTE: Verified only by Vendor

    Credits:

    Bhadresh Patel Senior Security Analyst HelpAG (www.helpag.com)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0400",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hspa 3g10wve",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netcommwireless",
            "version": "3g10wve-l101-s306ets-c01_r03"
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "3g10wve-l101-s306ets-c01_r05"
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": null,
            "trust": 0.6,
            "vendor": "help",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bhadresh Patel",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "136901"
          }
        ],
        "trust": 0.1
      },
      "cve": "CVE-2015-6024",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Complete",
                "baseScore": 10.0,
                "confidentialityImpact": "Complete",
                "exploitabilityScore": null,
                "id": "CVE-2015-6024",
                "impactScore": null,
                "integrityImpact": "Complete",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2016-02893",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "VHN-83985",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "impactScore": 5.9,
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "High",
                "baseScore": 9.8,
                "baseSeverity": "Critical",
                "confidentialityImpact": "High",
                "exploitabilityScore": null,
                "id": "CVE-2015-6024",
                "impactScore": null,
                "integrityImpact": "High",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-6024",
                "trust": 1.8,
                "value": "CRITICAL"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02893",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-126",
                "trust": 0.6,
                "value": "CRITICAL"
              },
              {
                "author": "VULHUB",
                "id": "VHN-83985",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-6024",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the DIA_IPADDRESS parameter. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. There is a security vulnerability in the ping.cgi file in the NetCommWireless HSPA 3G10WVE wireless router using firmware versions earlier than 3G10WVE-L101-S306ETS-C01_R05. Title:\n====\n\nNetCommWireless HSPA 3G10WVE Wireless Router \\x96 Multiple vulnerabilities\n\nCredit:\n======\n\nName: Bhadresh Patel\nCompany/affiliation: HelpAG\nWebsite: www.helpag.com\n\nCVE:\n=====\n\nCVE-2015-6023, CVE-2016-6024\n\nDate:\n====\n\n03-05-2016 (dd/mm/yyyy)\n\nVendor:\n======\n\nNetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet. \n\nProducts and services:\nWireless 3G/4G broadband devices\nCustom engineered technologies\nBroadband communication devices\n\nCustomers:\nTelecommunications carriers\nInternet Service Providers\nSystem Integrators\nChannel partners\nEnterprise customers\n\nProduct:\n=======\n\nHSPA 3G10WVE is a wireless router\n\nIt integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel \u0026 get instant access to 3G internet connection. Etisalat HSPA 3G10WVE wireless router incorporates a WLAN 802.11b/g access point, two Ethernet 10/100Mbps ports for voice \u0026 fax. Featuring voice port which means that one can stay connected using the internet \u0026 phone. If one need a flexible internet connection for his business or at home; this is the perfect solution. \n\nCustomer Product link: http://www.etisalat.ae/nrd/en/generic/3.5g_router.jsp\n\n\nAbstract:\n=======\n\nMultiple vulnerabilities in the HSPA 3G10WVE wireless router enable an anonymous unauthorized attacker to 1) bypass authentication and gain unauthorized access of router\u0027s network troubleshooting page (ping.cgi) and 2) exploit a command injection vulnerability on ping.cgi, which could result in a complete system/network compromise. \n\nReport-Timeline:\n============\n03-09-2015: Vendor notification\n08-09-2015: Vendor Response/Feedback\n02-05-2016: Vendor Fix/Patch\n03-05-2016: Public Disclosure\n\nAffected Software Version:\n=============\n\n3G10WVE-L101-S306ETS-C01_R03\n\n\nExploitation-Technique:\n===================\n\nRemote\n\n\nSeverity Rating (CVSS):\n===================\n\n10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n\nDetails:\n=======\n\nBelow listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network. \n\n1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023\n2) Command injection vulnerability - CVE-2016-6024\n\nVulnerable module/page/application: ping.cgi\n\nVulnerable parameter: DIA_IPADDRESS\n\nProof Of Concept:\n================\n\nPoC URL: http(s)://\u003cvictim_IP\u003e/ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd\n\nPoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk\n\nPatched/Fixed Firmware and notes:\n==========================\n\nftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin\n\nNOTE: Verified only by Vendor\n\n\n\nCredits:\n=======\n\nBhadresh Patel\nSenior Security Analyst\nHelpAG (www.helpag.com)\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          }
        ],
        "trust": 2.43
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-83985",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39762",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6024",
            "trust": 3.3
          },
          {
            "db": "PACKETSTORM",
            "id": "136901",
            "trust": 3.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "39762",
            "trust": 1.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "id": "VAR-201702-0400",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          }
        ],
        "trust": 1.7
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:57:29.851000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.netcommwireless.com/"
          },
          {
            "title": "HELPNetCommWirelessHSPA3G10WVE Command Injection Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/75436"
          },
          {
            "title": "NetCommWireless HSPA 3G10WVE Fixes for command injection vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61449"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-77",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://packetstormsecurity.com/files/136901/netcommwireless-hspa-3g10wve-authentication-bypass-code-execution.html"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/39762/"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2016/may/13"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2016/may/18"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6024"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6024"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/538297/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/538263/100/0/threaded"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/77.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6023"
          },
          {
            "trust": 0.1,
            "url": "https://www.helpag.com)"
          },
          {
            "trust": 0.1,
            "url": "https://www.youtube.com/watch?v=fs43mrg7rdk"
          },
          {
            "trust": 0.1,
            "url": "https://www.helpag.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.etisalat.ae/nrd/en/generic/3.5g_router.jsp"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "date": "2016-05-03T23:16:49",
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "date": "2017-02-09T15:59:00.347000",
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "date": "2016-05-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02893"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83985"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6024"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          },
          {
            "date": "2018-10-09T19:57:47.033000",
            "db": "NVD",
            "id": "CVE-2015-6024"
          },
          {
            "date": "2017-02-13T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetCommWireless HSPA 3G10WVE Wireless Router Of firmware  ping.cgi Vulnerable to arbitrary command execution",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007392"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "lack of information",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-126"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201702-0312

    Vulnerability from variot - Updated: 2023-12-18 12:57

    ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. This may lead to further attacks. NetCommWireless Wireless Router 3G10WVE-L101-S306ETS-C01_R03 is vulnerable; other versions may also be affected. Title: ====

    NetCommWireless HSPA 3G10WVE Wireless Router \x96 Multiple vulnerabilities

    Credit:

    Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com

    CVE:

    CVE-2015-6023, CVE-2016-6024

    Date:

    03-05-2016 (dd/mm/yyyy)

    Vendor:

    NetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet.

    Products and services: Wireless 3G/4G broadband devices Custom engineered technologies Broadband communication devices

    Customers: Telecommunications carriers Internet Service Providers System Integrators Channel partners Enterprise customers

    Product:

    HSPA 3G10WVE is a wireless router

    It integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel & get instant access to 3G internet connection. Featuring voice port which means that one can stay connected using the internet & phone. If one need a flexible internet connection for his business or at home; this is the perfect solution.

    Report-Timeline:

    03-09-2015: Vendor notification 08-09-2015: Vendor Response/Feedback 02-05-2016: Vendor Fix/Patch 03-05-2016: Public Disclosure

    Affected Software Version:

    3G10WVE-L101-S306ETS-C01_R03

    Exploitation-Technique:

    Remote

    Severity Rating (CVSS):

    10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

    Details:

    Below listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network.

    1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023 2) Command injection vulnerability - CVE-2016-6024

    Vulnerable module/page/application: ping.cgi

    Vulnerable parameter: DIA_IPADDRESS

    Proof Of Concept:

    PoC URL: http(s):///ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd

    PoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk

    Patched/Fixed Firmware and notes:

    ftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin

    NOTE: Verified only by Vendor

    Credits:

    Bhadresh Patel Senior Security Analyst HelpAG (www.helpag.com)

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0312",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "hspa 3g10wve",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "netcommwireless",
            "version": "3g10wve-l101-s306ets-c01_r03"
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": null,
            "trust": 0.8,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": "lt",
            "trust": 0.8,
            "vendor": "netcomm",
            "version": "3g10wve-l101-s306ets-c01_r05"
          },
          {
            "model": "netcommwireless hspa 3g10wve",
            "scope": null,
            "trust": 0.6,
            "vendor": "help",
            "version": null
          },
          {
            "model": "wireless hspa 3g10wve-l101-s306ets",
            "scope": null,
            "trust": 0.3,
            "vendor": "netcomm",
            "version": null
          },
          {
            "model": "wireless hspa 3g10wve-l101-s306ets",
            "scope": "ne",
            "trust": 0.3,
            "vendor": "netcomm",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "BID",
            "id": "96383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "children": [
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": true
                      }
                    ],
                    "operator": "OR"
                  },
                  {
                    "children": [],
                    "cpe_match": [
                      {
                        "cpe23Uri": "cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*",
                        "cpe_name": [],
                        "vulnerable": false
                      }
                    ],
                    "operator": "OR"
                  }
                ],
                "cpe_match": [],
                "operator": "AND"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Bhadresh Patel.",
        "sources": [
          {
            "db": "BID",
            "id": "96383"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-6023",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "acInsufInfo": false,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "obtainAllPrivilege": false,
                "obtainOtherPrivilege": false,
                "obtainUserPrivilege": false,
                "severity": "HIGH",
                "trust": 1.0,
                "userInteractionRequired": false,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "Low",
                "accessVector": "Network",
                "authentication": "None",
                "author": "NVD",
                "availabilityImpact": "Partial",
                "baseScore": 7.5,
                "confidentialityImpact": "Partial",
                "exploitabilityScore": null,
                "id": "CVE-2015-6023",
                "impactScore": null,
                "integrityImpact": "Partial",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "severity": "High",
                "trust": 0.9,
                "userInteractionRequired": null,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "SINGLE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 9.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 8.0,
                "id": "CNVD-2016-02892",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-83984",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "NVD",
                "availabilityImpact": "LOW",
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 3.9,
                "impactScore": 3.4,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.0,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              },
              {
                "attackComplexity": "Low",
                "attackVector": "Network",
                "author": "NVD",
                "availabilityImpact": "Low",
                "baseScore": 7.3,
                "baseSeverity": "High",
                "confidentialityImpact": "Low",
                "exploitabilityScore": null,
                "id": "CVE-2015-6023",
                "impactScore": null,
                "integrityImpact": "Low",
                "privilegesRequired": "None",
                "scope": "Unchanged",
                "trust": 0.8,
                "userInteraction": "None",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-6023",
                "trust": 1.8,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2016-02892",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201605-127",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-83984",
                "trust": 0.1,
                "value": "HIGH"
              },
              {
                "author": "VULMON",
                "id": "CVE-2015-6023",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. This may lead to further attacks. \nNetCommWireless  Wireless Router 3G10WVE-L101-S306ETS-C01_R03 is vulnerable; other versions may also be affected. Title:\n====\n\nNetCommWireless HSPA 3G10WVE Wireless Router \\x96 Multiple vulnerabilities\n\nCredit:\n======\n\nName: Bhadresh Patel\nCompany/affiliation: HelpAG\nWebsite: www.helpag.com\n\nCVE:\n=====\n\nCVE-2015-6023, CVE-2016-6024\n\nDate:\n====\n\n03-05-2016 (dd/mm/yyyy)\n\nVendor:\n======\n\nNetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet. \n\nProducts and services:\nWireless 3G/4G broadband devices\nCustom engineered technologies\nBroadband communication devices\n\nCustomers:\nTelecommunications carriers\nInternet Service Providers\nSystem Integrators\nChannel partners\nEnterprise customers\n\nProduct:\n=======\n\nHSPA 3G10WVE is a wireless router\n\nIt integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel \u0026 get instant access to 3G internet connection. Featuring voice port which means that one can stay connected using the internet \u0026 phone. If one need a flexible internet connection for his business or at home; this is the perfect solution. \n\nReport-Timeline:\n============\n03-09-2015: Vendor notification\n08-09-2015: Vendor Response/Feedback\n02-05-2016: Vendor Fix/Patch\n03-05-2016: Public Disclosure\n\nAffected Software Version:\n=============\n\n3G10WVE-L101-S306ETS-C01_R03\n\n\nExploitation-Technique:\n===================\n\nRemote\n\n\nSeverity Rating (CVSS):\n===================\n\n10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n\nDetails:\n=======\n\nBelow listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network. \n\n1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023\n2) Command injection vulnerability - CVE-2016-6024\n\nVulnerable module/page/application: ping.cgi\n\nVulnerable parameter: DIA_IPADDRESS\n\nProof Of Concept:\n================\n\nPoC URL: http(s)://\u003cvictim_IP\u003e/ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd\n\nPoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk\n\nPatched/Fixed Firmware and notes:\n==========================\n\nftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin\n\nNOTE: Verified only by Vendor\n\n\n\nCredits:\n=======\n\nBhadresh Patel\nSenior Security Analyst\nHelpAG (www.helpag.com)\n",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "BID",
            "id": "96383"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          }
        ],
        "trust": 2.7
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.scap.org.cn/vuln/vhn-83984",
            "trust": 0.1,
            "type": "unknown"
          },
          {
            "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39762",
            "trust": 0.1,
            "type": "exploit"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-6023",
            "trust": 3.6
          },
          {
            "db": "PACKETSTORM",
            "id": "136901",
            "trust": 3.3
          },
          {
            "db": "EXPLOIT-DB",
            "id": "39762",
            "trust": 1.8
          },
          {
            "db": "BID",
            "id": "96383",
            "trust": 1.5
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127",
            "trust": 0.7
          },
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892",
            "trust": 0.6
          },
          {
            "db": "SEEBUG",
            "id": "SSVID-91441",
            "trust": 0.1
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984",
            "trust": 0.1
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "db": "BID",
            "id": "96383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "id": "VAR-201702-0312",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          }
        ],
        "trust": 1.53333335
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          }
        ]
      },
      "last_update_date": "2023-12-18T12:57:29.812000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Top Page",
            "trust": 0.8,
            "url": "http://www.netcommwireless.com/"
          },
          {
            "title": "HELPNetCommWirelessHSPA3G10WVE Security Bypass Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchinfo/show/75437"
          },
          {
            "title": "NetCommWireless HSPA 3G10WVE Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=61450"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-284",
            "trust": 1.9
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.2,
            "url": "http://packetstormsecurity.com/files/136901/netcommwireless-hspa-3g10wve-authentication-bypass-code-execution.html"
          },
          {
            "trust": 2.1,
            "url": "http://seclists.org/fulldisclosure/2016/may/18"
          },
          {
            "trust": 1.9,
            "url": "https://www.exploit-db.com/exploits/39762/"
          },
          {
            "trust": 1.8,
            "url": "http://seclists.org/fulldisclosure/2016/may/13"
          },
          {
            "trust": 1.3,
            "url": "http://www.securityfocus.com/bid/96383"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
          },
          {
            "trust": 1.2,
            "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
          },
          {
            "trust": 0.9,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6023"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6023"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/538297/100/0/threaded"
          },
          {
            "trust": 0.6,
            "url": "http://www.securityfocus.com/archive/1/archive/1/538263/100/0/threaded"
          },
          {
            "trust": 0.3,
            "url": "http://www.netcommwireless.com/"
          },
          {
            "trust": 0.1,
            "url": "https://cwe.mitre.org/data/definitions/284.html"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov"
          },
          {
            "trust": 0.1,
            "url": "https://www.helpag.com)"
          },
          {
            "trust": 0.1,
            "url": "https://www.youtube.com/watch?v=fs43mrg7rdk"
          },
          {
            "trust": 0.1,
            "url": "https://www.helpag.com"
          },
          {
            "trust": 0.1,
            "url": "http://www.etisalat.ae/nrd/en/generic/3.5g_router.jsp"
          },
          {
            "trust": 0.1,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6024"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "db": "BID",
            "id": "96383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "db": "BID",
            "id": "96383"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "date": "2017-02-09T00:00:00",
            "db": "BID",
            "id": "96383"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "date": "2016-05-03T23:16:49",
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "date": "2017-02-09T15:59:00.300000",
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "date": "2016-05-05T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2016-05-10T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2016-02892"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULHUB",
            "id": "VHN-83984"
          },
          {
            "date": "2018-10-09T00:00:00",
            "db": "VULMON",
            "id": "CVE-2015-6023"
          },
          {
            "date": "2017-03-07T04:04:00",
            "db": "BID",
            "id": "96383"
          },
          {
            "date": "2017-03-30T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          },
          {
            "date": "2018-10-09T19:57:46.313000",
            "db": "NVD",
            "id": "CVE-2015-6023"
          },
          {
            "date": "2017-02-10T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "PACKETSTORM",
            "id": "136901"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ],
        "trust": 0.7
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "NetCommWireless HSPA 3G10WVE Wireless Router Of firmware  ping.cgi Vulnerable to access restrictions",
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-007391"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201605-127"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2014-4871 (GCVE-0-2014-4871)

    Vulnerability from nvd – Published: 2014-10-07 10:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/70253 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/941108 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70253",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70253"
              },
              {
                "name": "VU#941108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/941108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T18:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "70253",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70253"
            },
            {
              "name": "VU#941108",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/941108"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-4871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70253",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70253"
                },
                {
                  "name": "VU#941108",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/941108"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-4871",
        "datePublished": "2014-10-07T10:00:00.000Z",
        "dateReserved": "2014-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4871 (GCVE-0-2014-4871)

    Vulnerability from cvelistv5 – Published: 2014-10-07 10:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/70253 vdb-entryx_refsource_BID
    http://www.kb.cert.org/vuls/id/941108 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2014-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.913Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "70253",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/70253"
              },
              {
                "name": "VU#941108",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/941108"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T18:57:00.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "70253",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/70253"
            },
            {
              "name": "VU#941108",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/941108"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2014-4871",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "70253",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/70253"
                },
                {
                  "name": "VU#941108",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/941108"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2014-4871",
        "datePublished": "2014-10-07T10:00:00.000Z",
        "dateReserved": "2014-07-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.913Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }