Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
11 vulnerabilities by planex
VAR-202209-0467
Vulnerability from variot - Updated: 2023-12-18 13:59Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product's specific serial connection. Planex Communications Co., Ltd. CS-QR20 firmware and cs-qr10 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-0467",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-qr20",
"scope": "eq",
"trust": 1.0,
"vendor": "planex",
"version": "*"
},
{
"model": "cs-qr10",
"scope": "eq",
"trust": 1.0,
"vendor": "planex",
"version": "*"
},
{
"model": "cs-qr10",
"scope": null,
"trust": 0.8,
"vendor": "\u30d7\u30e9\u30cd\u30c3\u30af\u30b9\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u30ba\u682a\u5f0f\u4f1a\u793e",
"version": null
},
{
"model": "cs-qr20",
"scope": null,
"trust": 0.8,
"vendor": "\u30d7\u30e9\u30cd\u30c3\u30af\u30b9\u30b3\u30df\u30e5\u30cb\u30b1\u30fc\u30b7\u30e7\u30f3\u30ba\u682a\u5f0f\u4f1a\u793e",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-qr20_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-qr10_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-qr10:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38399"
}
]
},
"cve": "CVE-2022-38399",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2022-38399",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-38399",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-493",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Missing protection mechanism for alternate hardware interface in SmaCam CS-QR10 all versions and SmaCam Night Vision CS-QR20 all versions allows an attacker to execute an arbitrary OS command by having the product connect to the product\u0027s specific serial connection. Planex Communications Co., Ltd. CS-QR20 firmware and cs-qr10 An authentication vulnerability exists in firmware.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "VULMON",
"id": "CVE-2022-38399"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-38399",
"trust": 3.3
},
{
"db": "JVN",
"id": "JVNVU90766406",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016812",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-202209-493",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-38399",
"trust": 0.1
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38399"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"id": "VAR-202209-0467",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.625
},
"last_update_date": "2023-12-18T13:59:32.148000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.0
},
{
"problemtype": "Inappropriate authentication (CWE-287) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://www.planex.co.jp/products/cs-qr10/index.shtml"
},
{
"trust": 2.5,
"url": "https://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"trust": 2.5,
"url": "https://jvn.jp/en/vu/jvnvu90766406/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu90766406/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-38399"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-38399/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2022-38399"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULMON",
"id": "CVE-2022-38399"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38399"
},
{
"date": "2023-10-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"date": "2022-09-08T08:15:08.247000",
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"date": "2022-09-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-08T00:00:00",
"db": "VULMON",
"id": "CVE-2022-38399"
},
{
"date": "2023-10-06T08:10:00",
"db": "JVNDB",
"id": "JVNDB-2022-016812"
},
{
"date": "2023-08-08T14:21:49.707000",
"db": "NVD",
"id": "CVE-2022-38399"
},
{
"date": "2022-09-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Planex Communications Co., Ltd. \u00a0CS-QR20\u00a0 firmware and \u00a0cs-qr10\u00a0 Authentication vulnerability in firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-016812"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-493"
}
],
"trust": 0.6
}
}
VAR-201103-0172
Vulnerability from variot - Updated: 2023-12-18 13:57Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. Loggerhead is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. Loggerhead versions prior to 1.18.1 are vulnerable. The following print servers are affected: Encore ENPS-2012 TP-Link TL-PS110U TP Link TL-PS110P Planex Mini-300PU Planex Mini100s ZO Tech PA101 Fast Parallel Port Print Server ZO Tech PU201 Fast USB Print Server ZO Tech PA301 Parallel Port Print Server ZO Tech PS531 USB and Parallel Print Server Longshine Multiple Print Server ZOT-PS-47/9.8.0015 Longshine Multiple Print Server ZOT-PS-35/6.2.0001 Longshine Multiple Print Server ZOT-PS-39/6.3.000. This fixes a vulnerability, which can be exploited by malicious users to conduct script insertion attacks.
For more information: SA43822
SOLUTION: Apply updated packages via the yum utility ("yum update loggerhead"). ----------------------------------------------------------------------
Meet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March).
http://secunia.com/company/events/mms_2011/
TITLE: Loggerhead Filename Script Insertion Vulnerability
SECUNIA ADVISORY ID: SA43822
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43822/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43822
RELEASE DATE: 2011-03-25
DISCUSS ADVISORY: http://secunia.com/advisories/43822/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43822/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43822
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: daveb has reported a vulnerability in loggerhead, which can be exploited by malicious users to conduct script insertion attacks.
Input related to the filename is not properly sanitised in loggerhead/templatefunctions.py before being used to display a filename in a revision view.
The vulnerability has been reported in version 1.18.
SOLUTION: Update to version 1.18.1.
PROVIDED AND/OR DISCOVERED BY: Reported by daveb in a bug report.
ORIGINAL ADVISORY: https://launchpad.net/loggerhead/1.18/1.18.1 https://bugs.launchpad.net/loggerhead/+bug/740142
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201103-0172",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.6.1"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.17"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.6"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 1.6,
"vendor": "michael hudson doyle",
"version": "1.10"
},
{
"model": "loggerhead",
"scope": "lte",
"trust": 1.0,
"vendor": "michael hudson doyle",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "lt",
"trust": 0.8,
"vendor": "michael hudson doyle",
"version": "1.18.1"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 0.6,
"vendor": "michael hudson doyle",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "eq",
"trust": 0.3,
"vendor": "loggerhead",
"version": "1.18"
},
{
"model": "loggerhead",
"scope": "ne",
"trust": 0.3,
"vendor": "loggerhead",
"version": "1.18.1"
},
{
"model": "tech zot-ps-47",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "9.8.0016"
},
{
"model": "tech zot-ps-39",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "6.3.0007"
},
{
"model": "tech zot-ps-34",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "8.3.0019"
},
{
"model": "tech zot-ps-30",
"scope": "eq",
"trust": 0.3,
"vendor": "zo",
"version": "8.3.0016"
},
{
"model": "tl-ps110u",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "0"
},
{
"model": "tl-ps110p",
"scope": "eq",
"trust": 0.3,
"vendor": "tp link",
"version": "0"
},
{
"model": "mini100s",
"scope": "eq",
"trust": 0.3,
"vendor": "planex",
"version": "0"
},
{
"model": "mini-300pu",
"scope": "eq",
"trust": 0.3,
"vendor": "planex",
"version": "0"
},
{
"model": "nps-2012 print server",
"scope": "eq",
"trust": 0.3,
"vendor": "encore",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.18",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:michael_hudson-doyle:loggerhead:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0728"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "daveb",
"sources": [
{
"db": "BID",
"id": "47032"
}
],
"trust": 0.3
},
"cve": "CVE-2011-0728",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2011-0728",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-0728",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201103-335",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in templatefunctions.py in Loggerhead before 1.18.1 allows remote authenticated users to inject arbitrary web script or HTML via a filename, which is not properly handled in a revision view. Loggerhead is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials, control how the site is rendered to the user, or launch other attacks. \nLoggerhead versions prior to 1.18.1 are vulnerable. \nThe following print servers are affected:\nEncore ENPS-2012\nTP-Link TL-PS110U\nTP Link TL-PS110P\nPlanex Mini-300PU\nPlanex Mini100s\nZO Tech PA101 Fast Parallel Port Print Server\nZO Tech PU201 Fast USB Print Server\nZO Tech PA301 Parallel Port Print Server\nZO Tech PS531 USB and Parallel Print Server\nLongshine Multiple Print Server ZOT-PS-47/9.8.0015\nLongshine Multiple Print Server ZOT-PS-35/6.2.0001\nLongshine Multiple Print Server ZOT-PS-39/6.3.000. This fixes a\nvulnerability, which can be exploited by malicious users to conduct\nscript insertion attacks. \n\nFor more information:\nSA43822\n\nSOLUTION:\nApply updated packages via the yum utility (\"yum update loggerhead\"). ----------------------------------------------------------------------\n\n\nMeet Secunia @ Microsoft Management Summit (MMS) in Las Vegas, USA (21-25 March). \n\nhttp://secunia.com/company/events/mms_2011/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nLoggerhead Filename Script Insertion Vulnerability\n\nSECUNIA ADVISORY ID:\nSA43822\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43822/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822\n\nRELEASE DATE:\n2011-03-25\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43822/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43822/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\ndaveb has reported a vulnerability in loggerhead, which can be\nexploited by malicious users to conduct script insertion attacks. \n\nInput related to the filename is not properly sanitised in\nloggerhead/templatefunctions.py before being used to display a\nfilename in a revision view. \n\nThe vulnerability has been reported in version 1.18. \n\nSOLUTION:\nUpdate to version 1.18.1. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by daveb in a bug report. \n\nORIGINAL ADVISORY:\nhttps://launchpad.net/loggerhead/1.18/1.18.1\nhttps://bugs.launchpad.net/loggerhead/+bug/740142\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2011-0728",
"trust": 3.0
},
{
"db": "BID",
"id": "47032",
"trust": 1.9
},
{
"db": "SECUNIA",
"id": "43822",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "71279",
"trust": 1.6
},
{
"db": "SECUNIA",
"id": "44017",
"trust": 1.1
},
{
"db": "VUPEN",
"id": "ADV-2011-0849",
"trust": 1.0
},
{
"db": "VUPEN",
"id": "ADV-2011-0848",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224",
"trust": 0.8
},
{
"db": "XF",
"id": "66305",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335",
"trust": 0.6
},
{
"db": "BID",
"id": "47143",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "100083",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "99744",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"id": "VAR-201103-0172",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.41666666
},
"last_update_date": "2023-12-18T13:57:59.759000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Bug #740142",
"trust": 0.8,
"url": "https://bugs.launchpad.net/loggerhead/+bug/740142"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://launchpad.net/loggerhead/1.18/1.18.1"
},
{
"trust": 2.0,
"url": "https://bugs.launchpad.net/loggerhead/+bug/740142"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/43822"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/71279"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/47032"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057479.html"
},
{
"trust": 1.1,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057502.html"
},
{
"trust": 1.0,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-april/057413.html"
},
{
"trust": 1.0,
"url": "http://secunia.com/advisories/44017"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2011/0848"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2011/0849"
},
{
"trust": 1.0,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66305"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0728"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0728"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/66305"
},
{
"trust": 0.3,
"url": "https://launchpad.net/loggerhead"
},
{
"trust": 0.3,
"url": "http://www.encore-usa.com"
},
{
"trust": 0.3,
"url": "http://www.longshine.de"
},
{
"trust": 0.3,
"url": "http://www.planex.net"
},
{
"trust": 0.3,
"url": "http://www.tp-link.com"
},
{
"trust": 0.3,
"url": "http://www.zot.com.tw/"
},
{
"trust": 0.2,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.2,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.2,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.2,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44017/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=44017"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/44017/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/resources/factsheets/2011_vendor/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43822/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/company/events/mms_2011/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43822"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/43822/"
}
],
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"db": "PACKETSTORM",
"id": "100083"
},
{
"db": "PACKETSTORM",
"id": "99744"
},
{
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-03-24T00:00:00",
"db": "BID",
"id": "47032"
},
{
"date": "2011-04-04T00:00:00",
"db": "BID",
"id": "47143"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"date": "2011-04-05T09:58:32",
"db": "PACKETSTORM",
"id": "100083"
},
{
"date": "2011-03-26T09:15:16",
"db": "PACKETSTORM",
"id": "99744"
},
{
"date": "2011-03-29T18:55:01.723000",
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"date": "2011-03-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-13T22:15:00",
"db": "BID",
"id": "47032"
},
{
"date": "2011-04-04T00:00:00",
"db": "BID",
"id": "47143"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-004224"
},
{
"date": "2017-08-17T01:33:42.727000",
"db": "NVD",
"id": "CVE-2011-0728"
},
{
"date": "2011-03-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201103-335"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Loggerhead of templatefunctions.py Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-004224"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "47032"
},
{
"db": "BID",
"id": "47143"
}
],
"trust": 0.6
}
}
VAR-201808-0127
Vulnerability from variot - Updated: 2023-12-18 13:23An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password ("admin:password") is used in the Android application that allows attackers to use a hidden API URL "/goform/SystemCommand" to execute any command with root permission. PLANEX CS-QR20 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. There is a security vulnerability in PLANEX CS-QR20 version 1.30, which stems from the fact that the application has a hardcoded account/password (admin:password). An attacker can exploit this vulnerability to execute arbitrary commands with root privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0127",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-qr20",
"scope": "eq",
"trust": 3.0,
"vendor": "planex",
"version": "1.30"
},
{
"model": "smacam night vision",
"scope": "eq",
"trust": 1.6,
"vendor": "planex",
"version": null
},
{
"model": "smacam night vision",
"scope": "eq",
"trust": 0.8,
"vendor": "planex",
"version": "(android)"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-qr20_firmware:1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:planex:smacam_night_vision:-:*:*:*:*:android:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12577"
}
]
},
"cve": "CVE-2017-12577",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12577",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-15839",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-103113",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12577",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12577",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-15839",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-173",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-103113",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2017-12577",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission. PLANEX CS-QR20 Contains a vulnerability in the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. There is a security vulnerability in PLANEX CS-QR20 version 1.30, which stems from the fact that the application has a hardcoded account/password (admin:password). An attacker can exploit this vulnerability to execute arbitrary commands with root privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "VULMON",
"id": "CVE-2017-12577"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12577",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-15839",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149063",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-103113",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2017-12577",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"id": "VAR-201808-0127",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
}
]
},
"last_update_date": "2023-12-18T13:23:59.143000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30b9\u30de\u30ab\u30e1 \u30ca\u30a4\u30c8\u30d3\u30b8\u30e7\u30f3 CS-QR20",
"trust": 0.8,
"url": "http://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"title": "PLANEXCS-QR20 patch for hardcoded vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138187"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://seclists.org/fulldisclosure/2018/aug/28"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12577"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12577"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"db": "VULHUB",
"id": "VHN-103113"
},
{
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"date": "2018-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-103113"
},
{
"date": "2018-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"date": "2018-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"date": "2018-08-24T19:29:01.017000",
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15839"
},
{
"date": "2018-11-05T00:00:00",
"db": "VULHUB",
"id": "VHN-103113"
},
{
"date": "2018-11-05T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12577"
},
{
"date": "2018-11-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014247"
},
{
"date": "2018-11-05T19:31:13.330000",
"db": "NVD",
"id": "CVE-2017-12577"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PLANEX CS-QR20 Vulnerabilities related to the use of hard-coded credentials",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014247"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-173"
}
],
"trust": 0.6
}
}
VAR-201808-0124
Vulnerability from variot - Updated: 2023-12-18 12:56An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential "supervisor:dangerous" was injected into web authentication database "/.htpasswd" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can't be modified or deleted. PLANEX CS-W50HD Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0124",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-w50hd",
"scope": "lt",
"trust": 1.8,
"vendor": "planex",
"version": "030720"
},
{
"model": "cs-w50hd",
"scope": "eq",
"trust": 0.6,
"vendor": "planex",
"version": "030608"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "030720",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12574"
}
]
},
"cve": "CVE-2017-12574",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12574",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-15841",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12574",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12574",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2018-15841",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-176",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULMON",
"id": "CVE-2017-12574",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. A hardcoded credential \"supervisor:dangerous\" was injected into web authentication database \"/.htpasswd\" during booting process, which allows attackers to gain unauthorized access and control the device completely; the account can\u0027t be modified or deleted. PLANEX CS-W50HD Device firmware contains a vulnerability related to the use of hard-coded credentials.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.)",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "VULMON",
"id": "CVE-2017-12574"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12574",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-15841",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-176",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-12574",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"id": "VAR-201808-0124",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
}
]
},
"last_update_date": "2023-12-18T12:56:51.033000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CS-W50HD",
"trust": 0.8,
"url": "https://www.planex.co.jp/support/download/cs-w50hd/"
},
{
"title": "Patch for PLANEXCS-W50HD default username and password vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138183"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.2,
"url": "http://seclists.org/fulldisclosure/2018/aug/25"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12574"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12574"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/798.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"date": "2018-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"date": "2018-08-24T19:29:00.657000",
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15841"
},
{
"date": "2018-11-21T00:00:00",
"db": "VULMON",
"id": "CVE-2017-12574"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014285"
},
{
"date": "2018-11-21T16:23:30.243000",
"db": "NVD",
"id": "CVE-2017-12574"
},
{
"date": "2018-08-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PLANEX CS-W50HD Vulnerabilities related to the use of hard-coded credentials in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014285"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-176"
}
],
"trust": 0.6
}
}
VAR-201808-0123
Vulnerability from variot - Updated: 2023-12-18 12:50An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page "/cgi-bin/nasset.cgi". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. PLANEX CS-W50HD A command injection vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.).
Status
Fixed in firmware ver 030720
TREND MICRO EMAIL NOTICE The information contained in this email and any attachments is confidential and may be subject to copyright or other intellectual property protection. If you are not the intended recipient, you are not authorized to use or disclose this information, and we request that you notify us by reply mail or telephone and delete the original message from your mail system. |
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0123",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-w50hd",
"scope": "lt",
"trust": 1.8,
"vendor": "planex",
"version": "030720"
},
{
"model": "cs-w50hd",
"scope": "eq",
"trust": 0.6,
"vendor": "planex",
"version": "030608"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-w50hd_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "030720",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-w50hd:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12573"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kenney Lu",
"sources": [
{
"db": "PACKETSTORM",
"id": "149055"
}
],
"trust": 0.1
},
"cve": "CVE-2017-12573",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12573",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-15842",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12573",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12573",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-15842",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-177",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on PLANEX CS-W50HD devices with firmware before 030720. The device has a command-injection vulnerability in the web management UI on NAS settings page \"/cgi-bin/nasset.cgi\". An attacker can send a crafted HTTP POST request to execute arbitrary code. Authentication is required before executing the attack. PLANEX CS-W50HD A command injection vulnerability exists in the device firmware.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). \n\n# Status\nFixed in firmware ver 030720\n\n\n\u003ctable class=\"TM_EMAIL_NOTICE\"\u003e\u003ctr\u003e\u003ctd\u003e\u003cpre\u003e\nTREND MICRO EMAIL NOTICE\nThe information contained in this email and any attachments is confidential \nand may be subject to copyright or other intellectual property protection. \nIf you are not the intended recipient, you are not authorized to use or \ndisclose this information, and we request that you notify us by reply mail or\ntelephone and delete the original message from your mail system. \n\u003c/pre\u003e\u003c/td\u003e\u003c/tr\u003e\u003c/table\u003e\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "PACKETSTORM",
"id": "149055"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12573",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-15842",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149055",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "PACKETSTORM",
"id": "149055"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"id": "VAR-201808-0123",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
}
],
"trust": 1.2666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
}
]
},
"last_update_date": "2023-12-18T12:50:36.761000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "CS-W50HD",
"trust": 0.8,
"url": "https://www.planex.co.jp/support/download/cs-w50hd/"
},
{
"title": "PLANEXCS-W50HD command injection vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138181"
},
{
"title": "PLANEX CS-W50HD Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=99964"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://seclists.org/fulldisclosure/2018/aug/29"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12573"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12573"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "PACKETSTORM",
"id": "149055"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"db": "PACKETSTORM",
"id": "149055"
},
{
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"date": "2018-08-23T17:38:31",
"db": "PACKETSTORM",
"id": "149055"
},
{
"date": "2018-08-24T19:29:00.533000",
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15842"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014284"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-12573"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PLANEX CS-W50HD Command injection vulnerability in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014284"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-177"
}
],
"trust": 0.6
}
}
VAR-201808-0126
Vulnerability from variot - Updated: 2023-12-18 12:18An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. PLANEX CS-QR20 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. A security vulnerability exists in PLANEX CS-QR20 version 1.30
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201808-0126",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cs-qr20",
"scope": "eq",
"trust": 3.0,
"vendor": "planex",
"version": "1.30"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:planex:cs-qr20_firmware:1.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:cs-qr20:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12576"
}
]
},
"cve": "CVE-2017-12576",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2017-12576",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-15840",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-103112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.2,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.2,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12576",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "High",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12576",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-15840",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-174",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-103112",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on the PLANEX CS-QR20 1.30. A hidden and undocumented management page allows an attacker to execute arbitrary code on the device when the user is authenticated. The management page was used for debugging purposes, once you login and access the page directly (/admin/system_command.asp), you can execute any command. PLANEX CS-QR20 Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PLANEX is a Japanese online brand company (brands PCI and PLANEX). Provide products from enterprise customers to home customers (such as: network cards, routers, switches, L3 network management switches, accessories, Bluetooth products, print servers, Apple peripheral products, network storage devices, etc.). PLANEX CS-QR20 is a network camera product with night vision function produced by PLANEX Corporation of Japan. A security vulnerability exists in PLANEX CS-QR20 version 1.30",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-12576",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-15840",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "149062",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-103112",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"id": "VAR-201808-0126",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
}
]
},
"last_update_date": "2023-12-18T12:18:39.089000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30b9\u30de\u30ab\u30e1 \u30ca\u30a4\u30c8\u30d3\u30b8\u30e7\u30f3 CS-QR20",
"trust": 0.8,
"url": "http://www.planex.co.jp/products/cs-qr20/index.shtml"
},
{
"title": "PLANEXCS-QR20 patch for arbitrary code execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/138185"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-668",
"trust": 1.1
},
{
"problemtype": "CWE-264",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://seclists.org/fulldisclosure/2018/aug/27"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12576"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12576"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"db": "VULHUB",
"id": "VHN-103112"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"date": "2018-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-103112"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"date": "2018-08-24T19:29:00.907000",
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"date": "2017-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15840"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-103112"
},
{
"date": "2018-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-014283"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2017-12576"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PLANEX CS-QR20 Vulnerabilities related to authorization, permissions, and access control",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-014283"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-174"
}
],
"trust": 0.6
}
}
VAR-201310-0388
Vulnerability from variot - Updated: 2023-12-18 12:09The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router's administrative web interface. Planex and Alpha Networks devices may also be affected. In addition, attacks on this vulnerability 2013 Year 10 Observed on the moon.By a third party xmlset_roodkcableoj28840ybtide User-Agent HTTP Authentication may be avoided and settings may be changed via the header. D-Link DIR-100 is a small broadband router with integrated firewall function.
DIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604 +, TM-G5240 and several Planex routers BRL-04UR and BRL-04CW, the firmware used is v1.13 There is a backdoor vulnerability. Multiple vendors are prone to a remote authentication-bypass vulnerability. This may aid in further attacks. The following are vulnerable: D-Link DIR-120 D-Link DI-624S D-Link DI-524UP D-Link DI-604S D-Link DI-604UP D-Link DI-604 D-Link DIR-100 D-Link TM-G5240 PLANEX COMMUNICATIONS BRL-04UR PLANEX COMMUNICATIONS BRL-04R PLANEX COMMUNICATIONS BRL-04CW. D-Link DIR-100 and so on are all router devices of D-Link company. Planex BRL-04R etc. are the router equipment of Japan Planex Company. The following products are affected: D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+; TM-G5240; Planex BRL-04R, BRL-04UR, BRL-04CW
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0388",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vdsl asl-56552",
"scope": "eq",
"trust": 1.6,
"vendor": "alphanetworks",
"version": null
},
{
"model": "di-524up",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-604+",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-604s",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "di-604up",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "tm-g5240",
"scope": null,
"trust": 1.4,
"vendor": "d link",
"version": null
},
{
"model": "brl-04r",
"scope": "eq",
"trust": 1.0,
"vendor": "planex",
"version": null
},
{
"model": "di-604s",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-120",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "di-624s",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "brl-04cw",
"scope": "eq",
"trust": 1.0,
"vendor": "planex",
"version": null
},
{
"model": "brl-04ur",
"scope": "eq",
"trust": 1.0,
"vendor": "planex",
"version": null
},
{
"model": "di-524up",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "vdsl asl-55052",
"scope": "eq",
"trust": 1.0,
"vendor": "alphanetworks",
"version": null
},
{
"model": "tm-g5240",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "dir-100",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "di-604\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": "di-604up",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "vdsl 11n wireless router",
"scope": null,
"trust": 0.8,
"vendor": "alpha",
"version": null
},
{
"model": "vdsl wired router",
"scope": null,
"trust": 0.8,
"vendor": "alpha",
"version": null
},
{
"model": "di-624s",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-100",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "dir-120",
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": "brl-04cw",
"scope": null,
"trust": 0.8,
"vendor": "planex",
"version": null
},
{
"model": "brl-04r",
"scope": null,
"trust": 0.8,
"vendor": "planex",
"version": null
},
{
"model": "brl-04ur",
"scope": null,
"trust": 0.8,
"vendor": "planex",
"version": null
},
{
"model": "di-524",
"scope": null,
"trust": 0.6,
"vendor": "d link",
"version": null
},
{
"model": "dir-100",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "1.13"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#248083"
},
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:di-604s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:tm-g5240:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:di-524up:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:di-604up:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:di-624s:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:di-604\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-120:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:dlink:dir-100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alphanetworks:vdsl_asl-55052:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:alphanetworks:vdsl_asl-56552:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:planex:brl-04r:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:planex:brl-04cw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:planex:brl-04ur:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6026"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Craig Heffner and /dev/ttyS0",
"sources": [
{
"db": "BID",
"id": "62990"
}
],
"trust": 0.3
},
"cve": "CVE-2013-6026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-6026",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-13777",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-66028",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-6026",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2013-13777",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-477",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-66028",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "VULHUB",
"id": "VHN-66028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013. Various D-Link routers allow administrative web actions if the HTTP request contains a specific User-Agent string. This backdoor allows an attacker to bypass password authentication and access the router\u0027s administrative web interface. Planex and Alpha Networks devices may also be affected. In addition, attacks on this vulnerability 2013 Year 10 Observed on the moon.By a third party xmlset_roodkcableoj28840ybtide User-Agent HTTP Authentication may be avoided and settings may be changed via the header. D-Link DIR-100 is a small broadband router with integrated firewall function. \r\n\r\n\r\nDIR-100, DI-524, DI-524UP, DI-604S, DI-604UP, DI-604 +, TM-G5240 and several Planex routers BRL-04UR and BRL-04CW, the firmware used is v1.13 There is a backdoor vulnerability. Multiple vendors are prone to a remote authentication-bypass vulnerability. This may aid in further attacks. \nThe following are vulnerable:\nD-Link DIR-120\nD-Link DI-624S\nD-Link DI-524UP\nD-Link DI-604S\nD-Link DI-604UP\nD-Link DI-604\nD-Link DIR-100\nD-Link TM-G5240\nPLANEX COMMUNICATIONS BRL-04UR\nPLANEX COMMUNICATIONS BRL-04R\nPLANEX COMMUNICATIONS BRL-04CW. D-Link DIR-100 and so on are all router devices of D-Link company. Planex BRL-04R etc. are the router equipment of Japan Planex Company. The following products are affected: D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+; TM-G5240; Planex BRL-04R, BRL-04UR, BRL-04CW",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CERT/CC",
"id": "VU#248083"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "BID",
"id": "62990"
},
{
"db": "VULHUB",
"id": "VHN-66028"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-6026",
"trust": 3.4
},
{
"db": "CERT/CC",
"id": "VU#248083",
"trust": 3.3
},
{
"db": "BID",
"id": "62990",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13777",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-62565",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-66028",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#248083"
},
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "VULHUB",
"id": "VHN-66028"
},
{
"db": "BID",
"id": "62990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"id": "VAR-201310-0388",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "VULHUB",
"id": "VHN-66028"
}
],
"trust": 1.3563492333333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13777"
}
]
},
"last_update_date": "2023-12-18T12:09:01.555000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Update on Router Security issue",
"trust": 0.8,
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"title": "D-Link and Planex/ router Web Repair measures for interface security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=234982"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-66028"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/248083"
},
{
"trust": 1.7,
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"trust": 0.8,
"url": "http://www.theregister.co.uk/2013/10/13/dlink_routers_have_admin_backdoor/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/uk/en/support/security "
},
{
"trust": 0.8,
"url": "http://blog.erratasec.com/2013/10/that-dlink-bug-masscan.html"
},
{
"trust": 0.8,
"url": "http://pastebin.com/vbig42vd"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6026"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6026"
},
{
"trust": 0.6,
"url": "http://www.solidot.org/story?sid=36791"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#248083"
},
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "VULHUB",
"id": "VHN-66028"
},
{
"db": "BID",
"id": "62990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#248083"
},
{
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"db": "VULHUB",
"id": "VHN-66028"
},
{
"db": "BID",
"id": "62990"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-17T00:00:00",
"db": "CERT/CC",
"id": "VU#248083"
},
{
"date": "2013-10-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"date": "2013-10-19T00:00:00",
"db": "VULHUB",
"id": "VHN-66028"
},
{
"date": "2013-10-12T00:00:00",
"db": "BID",
"id": "62990"
},
{
"date": "2013-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"date": "2013-10-19T10:36:08.963000",
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"date": "2013-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-07-29T00:00:00",
"db": "CERT/CC",
"id": "VU#248083"
},
{
"date": "2020-03-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13777"
},
{
"date": "2013-10-21T00:00:00",
"db": "VULHUB",
"id": "VHN-66028"
},
{
"date": "2013-12-10T00:56:00",
"db": "BID",
"id": "62990"
},
{
"date": "2013-10-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004823"
},
{
"date": "2023-04-26T18:55:30.893000",
"db": "NVD",
"id": "CVE-2013-6026"
},
{
"date": "2023-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link routers authenticate administrative access using specific User-Agent string",
"sources": [
{
"db": "CERT/CC",
"id": "VU#248083"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-477"
}
],
"trust": 0.6
}
}
CVE-2017-12577 (GCVE-0-2017-12577)
Vulnerability from cvelistv5 – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/28 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12577",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6026 (GCVE-0-2013-6026)
Vulnerability from cvelistv5 – Published: 2013-10-19 10:00 – Updated: 2024-09-16 23:50- n/a
| URL | Tags |
|---|---|
| http://www.devttys0.com/2013/10/reverse-engineeri… | x_refsource_MISC |
| http://www.dlink.com/uk/en/support/security | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/248083 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/248083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-19T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/248083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/",
"refsource": "MISC",
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"name": "http://www.dlink.com/uk/en/support/security",
"refsource": "CONFIRM",
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6026",
"datePublished": "2013-10-19T10:00:00.000Z",
"dateReserved": "2013-10-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:50:32.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12577 (GCVE-0-2017-12577)
Vulnerability from nvd – Published: 2018-08-24 19:00 – Updated: 2024-08-05 18:43- n/a
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2018/Aug/28 | mailing-listx_refsource_FULLDISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:43:56.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-08-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-24T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12577",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered on the PLANEX CS-QR20 1.30. A hardcoded account / password (\"admin:password\") is used in the Android application that allows attackers to use a hidden API URL \"/goform/SystemCommand\" to execute any command with root permission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20180821 CVE-2017-12577: an hardcode credential in PLANEX CS-QR20",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2018/Aug/28"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12577",
"datePublished": "2018-08-24T19:00:00.000Z",
"dateReserved": "2017-08-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T18:43:56.016Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-6026 (GCVE-0-2013-6026)
Vulnerability from nvd – Published: 2013-10-19 10:00 – Updated: 2024-09-16 23:50- n/a
| URL | Tags |
|---|---|
| http://www.devttys0.com/2013/10/reverse-engineeri… | x_refsource_MISC |
| http://www.dlink.com/uk/en/support/security | x_refsource_CONFIRM |
| http://www.kb.cert.org/vuls/id/248083 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T17:29:42.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/248083"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-19T10:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/248083"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2013-6026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, DI-604S, DI-604UP, DI-604+, and TM-G5240 routers; Planex BRL-04R, BRL-04UR, and BRL-04CW routers; and Alpha Networks routers allows remote attackers to bypass authentication and modify settings via an xmlset_roodkcableoj28840ybtide User-Agent HTTP header, as exploited in the wild in October 2013."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/",
"refsource": "MISC",
"url": "http://www.devttys0.com/2013/10/reverse-engineering-a-d-link-backdoor/"
},
{
"name": "http://www.dlink.com/uk/en/support/security",
"refsource": "CONFIRM",
"url": "http://www.dlink.com/uk/en/support/security"
},
{
"name": "VU#248083",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/248083"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2013-6026",
"datePublished": "2013-10-19T10:00:00.000Z",
"dateReserved": "2013-10-04T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:50:32.878Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}