VAR-201507-0144
Vulnerability from variot - Updated: 2023-12-18 12:57SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201507-0144",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "inngate ig 3.10 m",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate ig 3100",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate sg 4",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate ig 3.01 e",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate ssg 4",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate ig 3.10 e",
"scope": "eq",
"trust": 1.6,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate e-series",
"scope": "eq",
"trust": 0.9,
"vendor": "antlabs",
"version": "3.01"
},
{
"model": "inngate e-series",
"scope": "eq",
"trust": 0.9,
"vendor": "antlabs",
"version": "3.10"
},
{
"model": "inngate m-series",
"scope": "eq",
"trust": 0.9,
"vendor": "antlabs",
"version": "3.10"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "ig 3100",
"scope": "eq",
"trust": 0.8,
"vendor": "antlabs",
"version": "model 3100"
},
{
"model": "ig 3100",
"scope": "eq",
"trust": 0.8,
"vendor": "antlabs",
"version": "model 3101"
},
{
"model": "inngate 3.00 e-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate 3.01 e-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate 3.01 g-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate 3.02 e-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate 3.10 e-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "inngate 3.10 g-series",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "sg 4",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "ssg 4",
"scope": null,
"trust": 0.8,
"vendor": "antlabs",
"version": null
},
{
"model": "ssg",
"scope": "eq",
"trust": 0.3,
"vendor": "antlabs",
"version": "4"
},
{
"model": "sg",
"scope": "eq",
"trust": 0.3,
"vendor": "antlabs",
"version": "4"
},
{
"model": "ig3100",
"scope": "eq",
"trust": 0.3,
"vendor": "antlabs",
"version": "0"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#485324"
},
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "BID",
"id": "75560"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3100:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.01_e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_ssg_4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_ig_3.10_e:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:antlabs:inngate_sg_4:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2849"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Devesh Logendran",
"sources": [
{
"db": "BID",
"id": "75560"
}
],
"trust": 0.3
},
"cve": "CVE-2015-2849",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-2849",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-04404",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-2849",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-04404",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-160",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CERT/CC",
"id": "VU#485324"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "BID",
"id": "75560"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#485324",
"trust": 4.1
},
{
"db": "NVD",
"id": "CVE-2015-2849",
"trust": 3.3
},
{
"db": "BID",
"id": "75560",
"trust": 0.9
},
{
"db": "JVN",
"id": "JVNVU92209185",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2015-04404",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160",
"trust": 0.6
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#485324"
},
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "BID",
"id": "75560"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"id": "VAR-201507-0144",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04404"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04404"
}
]
},
"last_update_date": "2023-12-18T12:57:46.371000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)",
"trust": 0.8,
"url": "http://www.antlabs.com/advisory-sql-injection-reflected-cross-site-scripting-vulnerabilities/"
},
{
"title": "Patch for ANTlabs InnGate Firmware SQL Injection Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/60652"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-89",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "http://www.kb.cert.org/vuls/id/485324"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2849"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu92209185"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2849"
},
{
"trust": 0.3,
"url": "http://www.antlabs.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#485324"
},
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "BID",
"id": "75560"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#485324"
},
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "BID",
"id": "75560"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#485324"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75560"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"date": "2015-07-07T14:59:00.090000",
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"date": "2015-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-06T00:00:00",
"db": "CERT/CC",
"id": "VU#485324"
},
{
"date": "2015-07-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"date": "2015-07-06T00:00:00",
"db": "BID",
"id": "75560"
},
{
"date": "2015-07-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003474"
},
{
"date": "2015-07-08T21:46:52.280000",
"db": "NVD",
"id": "CVE-2015-2849"
},
{
"date": "2015-07-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ANTlabs InnGate Firmware SQL Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04404"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SQL injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-160"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…