cvelistv5 - cve-2018-16192

CVE-2018-16192 (GCVE-0-2018-16192)

Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17

Summary

Severity ?

No CVSS data available.

CWE

Information Disclosure

Assigner

jpcert

References

URL

	Vendor	Product	Version
	NEC Corporation	Aterm WF1200CR and Aterm WG1200CR	Affected: (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)

JVNDB-2018-000131

Vulnerability from jvndb - Published: 2018-12-14 14:53 - Updated:2019-08-27 11:33

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Details

Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

Type

URL

	JVN	http://jvn.jp/en/jp/JVN87535892/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16192
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16193
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16194
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16195
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16192
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16193
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16194
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-16195
	Information Exposure(CWE-200)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	OS Command Injection(CWE-78)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	NEC Corporation	Aterm WF1200CR firmware
	NEC Corporation	Aterm WG1200CR firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000131.html",
  "dc:date": "2019-08-27T11:33+09:00",
  "dcterms:issued": "2018-12-14T14:53+09:00",
  "dcterms:modified": "2019-08-27T11:33+09:00",
  "description": "Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. \r\n* Information disclosure (CWE-200) - CVE-2018-16192\r\n* Stored cross-site scripting (CWE-79) - CVE-2018-16193\r\n* OS command injection (CWE-78) - CVE-2018-16194\r\n* OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195\r\n\r\nSatoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000131.html",
  "sec:cpe": [
    {
      "#text": "cpe:/o:nec:aterm_wf1200cr_firmware",
      "@product": "Aterm WF1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:nec:aterm_wg1200cr_firmware",
      "@product": "Aterm WG1200CR firmware",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "5.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2018-000131",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN87535892/index.html",
      "@id": "JVN#87535892",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16192",
      "@id": "CVE-2018-16192",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16193",
      "@id": "CVE-2018-16193",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16194",
      "@id": "CVE-2018-16194",
      "@source": "CVE"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16195",
      "@id": "CVE-2018-16195",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16192",
      "@id": "CVE-2018-16192",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16193",
      "@id": "CVE-2018-16193",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16194",
      "@id": "CVE-2018-16194",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-16195",
      "@id": "CVE-2018-16195",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-200",
      "@title": "Information Exposure(CWE-200)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-78",
      "@title": "OS Command Injection(CWE-78)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR"
}

GSD-2018-16192

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-16192

Aliases

CVE-2018-16192

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-16192",
    "description": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.",
    "id": "GSD-2018-16192"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-16192"
      ],
      "details": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.",
      "id": "GSD-2018-16192",
      "modified": "2023-12-13T01:22:25.892158Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2018-16192",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Aterm WF1200CR and Aterm WG1200CR",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "(Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier)"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "NEC Corporation"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#87535892",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
          },
          {
            "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
            "refsource": "MISC",
            "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2018-16192"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#87535892",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
            },
            {
              "name": "https://jpn.nec.com/security-info/secinfo/nv18-021.html",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2019-01-17T19:45Z",
      "publishedDate": "2019-01-09T23:29Z"
    }
  }
}

VAR-201901-0836

Vulnerability from variot - Updated: 2023-12-18 12:43

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201901-0836",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "aterm wf1200cr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.1.1"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "nec",
        "version": "1.0.1"
      },
      {
        "model": "aterm wf1200cr",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec",
        "version": "firmware ver1.1.1"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec",
        "version": "firmware ver1.0.1"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "302 240nec",
        "version": "\u003c=1.1.1"
      },
      {
        "model": "nec aterm wf1200cr",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "302 240nec",
        "version": "\u003c=1.0.1"
      },
      {
        "model": "aterm wf1200cr",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "1.1.1"
      },
      {
        "model": "aterm wg1200cr",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "nec",
        "version": "1.0.1"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.1.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      }
    ]
  },
  "cve": "CVE-2018-16192",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "LOW",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.8,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 3.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 2.3,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Low",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:S/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "Single",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 5.2,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 3.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2018-25743",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "High",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 6.8,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2018-000131",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "High",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "IPA",
            "id": "JVNDB-2018-000131",
            "trust": 2.4,
            "value": "Medium"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-16192",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2018-000131",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2018-25743",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201812-707",
            "trust": 0.6,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user\u0027s web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16194 * By having the device to load an invalid parameter using UPnP function, an attacker with access to the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-16192",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN87535892",
        "trust": 2.4
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131",
        "trust": 1.4
      },
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707",
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "id": "VAR-201901-0836",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      }
    ],
    "trust": 1.3016605650000002
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:43:42.149000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Information from NEC Corporation",
        "trust": 0.8,
        "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
      },
      {
        "title": "Patch for NECAtermWF1200CR and AtermWG1200CR Information Disclosure Vulnerabilities",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/147501"
      },
      {
        "title": "NEC Aterm WF1200CR  and Aterm WG1200CR Repair measures for information disclosure vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87930"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.8
      },
      {
        "problemtype": "CWE-78",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "https://jvn.jp/en/jp/jvn87535892/index.html"
      },
      {
        "trust": 1.6,
        "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16192"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16193"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16194"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16195"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16192"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16193"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16194"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16195"
      },
      {
        "trust": 0.6,
        "url": "https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000131.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "date": "2018-12-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "date": "2019-01-09T23:29:04.357000",
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "date": "2018-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-12-19T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "date": "2019-08-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-000131"
      },
      {
        "date": "2019-01-17T19:45:07.063000",
        "db": "NVD",
        "id": "CVE-2018-16192"
      },
      {
        "date": "2018-12-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NEC Aterm WF1200CR and Aterm WG1200CR Information Disclosure Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2018-25743"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201812-707"
      }
    ],
    "trust": 0.6
  }
}

CNVD-2018-25743

Vulnerability from cnvd - Published: 2018-12-19

Title

NEC Aterm WF1200CR和Aterm WG1200CR信息泄露漏洞

Description

NEC Aterm WF1200CR和Aterm WG1200CR都是日本电气（NEC）公司的路由器产品。使用1.1.1及之前版本固件的NEC Aterm WF1200CR和使用1.0.1及之前版本固件的Aterm WG1200CR中存在信息泄露漏洞，攻击者可利用该漏洞获取设备上的注册信息。

Severity

低

Patch Name

NEC Aterm WF1200CR和Aterm WG1200CR信息泄露漏洞的补丁

Patch Description

NEC Aterm WF1200CR和Aterm WG1200CR都是日本电气（NEC）公司的路由器产品。使用1.1.1及之前版本固件的NEC Aterm WF1200CR和使用1.0.1及之前版本固件的Aterm WG1200CR中存在信息泄露漏洞，攻击者可利用该漏洞获取设备上的注册信息。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://jpn.nec.com/security-info/secinfo/nv18-021.html

Reference

https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000131.html

Impacted products

Name
['NEC Aterm WG1200CR <=1.1.1（固件）', 'NEC NEC Aterm WF1200CR <=1.0.1（固件）']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-16192"
    }
  },
  "description": "NEC Aterm WF1200CR\u548cAterm WG1200CR\u90fd\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\n\n\u4f7f\u75281.1.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684NEC Aterm WF1200CR\u548c\u4f7f\u75281.0.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Aterm WG1200CR\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbe\u5907\u4e0a\u7684\u6ce8\u518c\u4fe1\u606f\u3002",
  "discovererName": "Satoru Nagaoka",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://jpn.nec.com/security-info/secinfo/nv18-021.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-25743",
  "openTime": "2018-12-19",
  "patchDescription": "NEC Aterm WF1200CR\u548cAterm WG1200CR\u90fd\u662f\u65e5\u672c\u7535\u6c14\uff08NEC\uff09\u516c\u53f8\u7684\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u75281.1.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684NEC Aterm WF1200CR\u548c\u4f7f\u75281.0.1\u53ca\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684Aterm WG1200CR\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u8bbe\u5907\u4e0a\u7684\u6ce8\u518c\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "NEC Aterm WF1200CR\u548cAterm WG1200CR\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "NEC Aterm WG1200CR \u003c=1.1.1\uff08\u56fa\u4ef6\uff09",
      "NEC NEC Aterm WF1200CR \u003c=1.0.1\uff08\u56fa\u4ef6\uff09"
    ]
  },
  "referenceLink": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000131.html",
  "serverity": "\u4f4e",
  "submitTime": "2018-12-17",
  "title": "NEC Aterm WF1200CR\u548cAterm WG1200CR\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

FKIE_CVE-2018-16192

Vulnerability from fkie_nvd - Published: 2019-01-09 23:29 - Updated: 2024-11-21 03:52

Severity ?

6.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
vultures@jpcert.or.jp	https://jpn.nec.com/security-info/secinfo/nv18-021.html	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN87535892/index.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jpn.nec.com/security-info/secinfo/nv18-021.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN87535892/index.html	Third Party Advisory

Impacted products

Vendor	Product	Version
nec	aterm_wf1200cr_firmware	*
nec	aterm_wf1200cr	-
nec	aterm_wg1200cr_firmware	*
nec	aterm_wg1200cr	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_wf1200cr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "076240BB-05FD-49BF-B009-AEA6EEF83578",
              "versionEndIncluding": "1.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_wf1200cr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A91D9EB-5962-498E-9B14-C5712DDDF7C2",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:nec:aterm_wg1200cr_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C4E131-9306-4F48-A658-CA823B6E65ED",
              "versionEndIncluding": "1.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:nec:aterm_wg1200cr:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "936D9DD3-11E5-4862-B157-85B13EA06C38",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Aterm WF1200CR y Aterm WG1200CR (Aterm WF1200CR con firmware en versiones 1.1.1 y anteriores y Aterm WG1200CR con firmware en versiones 1.0.1 y anteriores) permiten que un atacante en el mismo segmento de red obtenga informaci\u00f3n registrada en el dispositivo mediante vectores sin especificar."
    }
  ],
  "id": "CVE-2018-16192",
  "lastModified": "2024-11-21T03:52:15.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-09T23:29:04.357",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-RV22-5GFW-CCXW

Vulnerability from github – Published: 2022-05-14 01:39 – Updated: 2022-05-14 01:39

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-16192"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-01-09T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.",
  "id": "GHSA-rv22-5gfw-ccxw",
  "modified": "2022-05-14T01:39:52Z",
  "published": "2022-05-14T01:39:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16192"
    },
    {
      "type": "WEB",
      "url": "https://jpn.nec.com/security-info/secinfo/nv18-021.html"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN87535892/index.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-16192 (GCVE-0-2018-16192)

JVNDB-2018-000131

GSD-2018-16192

VAR-201901-0836

CNVD-2018-25743

FKIE_CVE-2018-16192

GHSA-RV22-5GFW-CCXW

Tags

Sightings

Nomenclature