cvelistv5 - cve-2017-2184

cve-2017-2184

Vulnerability from cvelistv5

Published

2017-07-07 13:00

Modified

2024-08-05 13:48

Severity ?

Summary

Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN24348065/index.html	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/99282	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://www.au.com/information/notice_mobile/update/update-20170612-01/	Vendor Advisory

Impacted products

▼	Vendor	Product
	KDDI CORPORATION	HOME SPOT CUBE2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:03.654Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
          },
          {
            "name": "99282",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/99282"
          },
          {
            "name": "JVN#24348065",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "HOME SPOT CUBE2",
          "vendor": "KDDI CORPORATION",
          "versions": [
            {
              "status": "affected",
              "version": "firmware V101 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-06-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer Overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T09:57:01",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
        },
        {
          "name": "99282",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/99282"
        },
        {
          "name": "JVN#24348065",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2184",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "HOME SPOT CUBE2",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware V101 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "KDDI CORPORATION"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
              "refsource": "CONFIRM",
              "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
            },
            {
              "name": "99282",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/99282"
            },
            {
              "name": "JVN#24348065",
              "refsource": "JVN",
              "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2184",
    "datePublished": "2017-07-07T13:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:03.654Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2184\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-07-07T13:29:00.350\",\"lastModified\":\"2017-07-14T15:51:36.250\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.\"},{\"lang\":\"es\",\"value\":\"Un desbordamiento de b\u00fafer en HOME SPOT CUBE2 con versiones de firmware V101 y anteriores permite que un atacante ejecute c\u00f3digo arbitrario mediante WebUI.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kddi:home_spot_cube_2_firmware:v100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8CD41B8B-D43A-466D-B994-B6B7AE8554DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:kddi:home_spot_cube_2_firmware:v101:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2957E610-4807-4EA0-9242-B4F693E222F1\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"330A6D16-3BBA-4D46-B7C1-17C08C8373D5\"}]}]}],\"references\":[{\"url\":\"http://jvn.jp/en/jp/JVN24348065/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/99282\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.au.com/information/notice_mobile/update/update-20170612-01/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-843p-9jpx-597w

Vulnerability from github

Published

2022-05-17 02:29

Modified

2022-05-17 02:29

Severity ?

8.8 (High) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2184"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-07-07T13:29:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.",
  "id": "GHSA-843p-9jpx-597w",
  "modified": "2022-05-17T02:29:25Z",
  "published": "2022-05-17T02:29:25Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2184"
    },
    {
      "type": "WEB",
      "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/99282"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-2184

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.

Aliases

CVE-2017-2184

Aliases

CVE-2017-2184

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2184",
    "description": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.",
    "id": "GSD-2017-2184"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2184"
      ],
      "details": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI.",
      "id": "GSD-2017-2184",
      "modified": "2023-12-13T01:21:05.675718Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2184",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "HOME SPOT CUBE2",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware V101 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "KDDI CORPORATION"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Buffer Overflow"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
            "refsource": "CONFIRM",
            "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
          },
          {
            "name": "99282",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/99282"
          },
          {
            "name": "JVN#24348065",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2184"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.au.com/information/notice_mobile/update/update-20170612-01/",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
            },
            {
              "name": "JVN#24348065",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://jvn.jp/en/jp/JVN24348065/index.html"
            },
            {
              "name": "99282",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/99282"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-07-14T15:51Z",
      "publishedDate": "2017-07-07T13:29Z"
    }
  }
}

Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed by an attacker who can access the management screen of the product. The WebUI is one of the graphical user interfaces. Multiple remote command injection vulnerabilities 2. A buffer-overflow vulnerability 3. Other attacks may also be possible

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201707-0412",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "home spot cube 2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "kddi",
        "version": "v100"
      },
      {
        "model": "home spot cube 2",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "kddi",
        "version": "v101"
      },
      {
        "model": "home spot cube2",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "kddi",
        "version": "v101"
      },
      {
        "model": "home spot cube2",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "kddi",
        "version": "\u003c=v101"
      },
      {
        "model": "home spot cube",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "kddi",
        "version": "101"
      },
      {
        "model": "home spot cube",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "kddi",
        "version": "102"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v100:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:v101:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.",
    "sources": [
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2017-2184",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000136",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-14890",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-110387",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000136",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2017-2184",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000136",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-14890",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201706-1111",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110387",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to execute arbitrary code via WebUI. HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.Arbitrary code may be executed by an attacker who can access the management screen of the product. The WebUI is one of the graphical user interfaces. Multiple remote command injection vulnerabilities\n2. A buffer-overflow vulnerability\n3. Other attacks  may also be possible",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "JVN",
        "id": "JVN24348065",
        "trust": 3.4
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "99282",
        "trust": 2.0
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "id": "VAR-201707-0412",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      }
    ],
    "trust": 1.45
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:19:42.957000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "About Firmware update for HOME SPOT CUBE2",
        "trust": 0.8,
        "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
      },
      {
        "title": "KDDIHOMESPOTCUBE2WebUI Buffer Overflow Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/98207"
      },
      {
        "title": "KDDI HOME SPOT CUBE Buffer error vulnerability fix",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=71310"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.8,
        "url": "http://jvn.jp/en/jp/jvn24348065/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/99282"
      },
      {
        "trust": 1.7,
        "url": "https://www.au.com/information/notice_mobile/update/update-20170612-01/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2184"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2184"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn24348065/"
      },
      {
        "trust": 0.3,
        "url": "http://www.kddi.com/english/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "db": "BID",
        "id": "99282"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "date": "2017-07-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99282"
      },
      {
        "date": "2017-06-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "date": "2017-07-07T13:29:00.350000",
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "date": "2017-06-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-07-17T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-14890"
      },
      {
        "date": "2017-07-14T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110387"
      },
      {
        "date": "2017-06-22T00:00:00",
        "db": "BID",
        "id": "99282"
      },
      {
        "date": "2018-02-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      },
      {
        "date": "2017-07-14T15:51:36.250000",
        "db": "NVD",
        "id": "CVE-2017-2184"
      },
      {
        "date": "2017-07-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000136"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201706-1111"
      }
    ],
    "trust": 0.6
  }
}

cve-2017-2184

Vulnerability from jvndb

Published

2017-06-21 13:44

Modified

2018-02-14 11:59

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI

Details

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN24348065/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2184
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2184
	Buffer Errors(CWE-119)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	KDDI	HOME SPOT CUBE2 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000136.html",
  "dc:date": "2018-02-14T11:59+09:00",
  "dcterms:issued": "2017-06-21T13:44+09:00",
  "dcterms:modified": "2018-02-14T11:59+09:00",
  "description": "HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains buffer overflow in WebUI.\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000136.html",
  "sec:cpe": {
    "#text": "cpe:/o:kddi:home_spot_cube_2_firmware",
    "@product": "HOME SPOT CUBE2 firmware",
    "@vendor": "KDDI",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000136",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN24348065/index.html",
      "@id": "JVN#24348065",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2184",
      "@id": "CVE-2017-2184",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2184",
      "@id": "CVE-2017-2184",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-119",
      "@title": "Buffer Errors(CWE-119)"
    }
  ],
  "title": "HOME SPOT CUBE2 vulnerable to buffer overflow in WebUI"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2017-2184

Vulnerability from cvelistv5

ghsa-843p-9jpx-597w

Vulnerability from github

gsd-2017-2184

Vulnerability from gsd

var-201707-0412

Vulnerability from variot

cve-2017-2184

Vulnerability from jvndb

Tags

Sightings

Nomenclature