VAR-201708-1118
Vulnerability from variot - Updated: 2023-12-18 12:02A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. plural Westermo The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have spoofing vulnerabilities. A hard-coded credentials vulnerability 2. A cross-site request forgery vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. Westermo MRD-305-DIN etc. A remote attacker could exploit this vulnerability to perform unauthorized operations. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201708-1118",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mrd-315-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-455-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-355-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 1.6,
"vendor": "westermo",
"version": null
},
{
"model": "mrd-305-din",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lt",
"trust": 1.2,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "lte",
"trust": 0.8,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-355",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-315",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-305-din",
"scope": "eq",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.5.0"
},
{
"model": "mrd-455",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-355",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-315",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": "mrd-305-din",
"scope": "ne",
"trust": 0.3,
"vendor": "westermo",
"version": "1.7.7.0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 305 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 315 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 355 din",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "mrd 455 din",
"version": null
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-305-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-305-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-315-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-315-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-355-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-355-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:westermo:mrd-455-din_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westermo:mrd-455-din:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12703"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mandar Jadhav from Qualys Security",
"sources": [
{
"db": "BID",
"id": "100470"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.9
},
"cve": "CVE-2017-12703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2017-12703",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 9.4,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23002",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-23004",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-103252",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2017-12703",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2017-12703",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2017-23004",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201708-1141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-103252",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo MRD-305-DIN versions older than 1.7.5.0, and MRD-315, MRD-355, MRD-455 versions older than 1.7.5.0. The application does not verify whether a request was intentionally provided by the user, making it possible for an attacker to trick a user into making a malicious request to the server. plural Westermo The product contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. A number of Westermo routers have a hard-coded password vulnerability, and the device uses a hard-coded private key that allows an attacker to decrypt traffic from any other source. The RD-305-DIN, MRD-315, MRD-355, and MRD-455 are all Westermo router devices. A number of Westermo routers have spoofing vulnerabilities. A hard-coded credentials vulnerability\n2. A cross-site request forgery vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to perform unauthorized actions and gain access to the affected application and to read and modify intercepted traffic. Westermo MRD-305-DIN etc. A remote attacker could exploit this vulnerability to perform unauthorized operations. The following products and versions are affected: Westermo MRD-305-DIN prior to 1.7.5.0, MRD-315 prior to 1.7.5.0, MRD-355 prior to 1.7.5.0, MRD-455 prior to 1.7.5.0",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "VULHUB",
"id": "VHN-103252"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "ICS CERT",
"id": "ICSA-17-236-01",
"trust": 4.0
},
{
"db": "NVD",
"id": "CVE-2017-12703",
"trust": 3.6
},
{
"db": "BID",
"id": "100470",
"trust": 3.2
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2017-23004",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2017-23002",
"trust": 0.6
},
{
"db": "IVD",
"id": "471C06F6-CD0E-48EC-8EE9-AEA833E36D39",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-103252",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"id": "VAR-201708-1118",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
}
],
"trust": 2.243055575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 1.2
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
}
]
},
"last_update_date": "2023-12-18T12:02:37.634000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Wireless routers",
"trust": 0.8,
"url": "http://www.westermo.us/web/web_en_idc_us.nsf/alldocuments/b84901de5cc4368dc12578930031f1bc"
},
{
"title": "Patches for several Westermo router hardcoded password vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100885"
},
{
"title": "Patches for multiple Westermo router spoofing vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/100887"
},
{
"title": "Multiple Westermo Fixing measures for device cross-site request forgery vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=74299"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-236-01"
},
{
"trust": 2.9,
"url": "http://www.securityfocus.com/bid/100470"
},
{
"trust": 0.9,
"url": "http://www.westermo.com/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-12703"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-12703"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"db": "VULHUB",
"id": "VHN-103252"
},
{
"db": "BID",
"id": "100470"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "IVD",
"id": "471c06f6-cd0e-48ec-8ee9-aea833e36d39"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"date": "2017-08-25T00:00:00",
"db": "VULHUB",
"id": "VHN-103252"
},
{
"date": "2017-08-24T00:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"date": "2017-08-25T16:29:00.237000",
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"date": "2017-08-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23002"
},
{
"date": "2017-08-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-23004"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-103252"
},
{
"date": "2019-04-15T18:00:00",
"db": "BID",
"id": "100470"
},
{
"date": "2017-09-15T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-007294"
},
{
"date": "2017-08-29T17:01:31.300000",
"db": "NVD",
"id": "CVE-2017-12703"
},
{
"date": "2019-04-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Westermo Product cross-site request forgery vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-007294"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201708-1141"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…