VAR-201710-0074
Vulnerability from variot - Updated: 2023-12-18 12:44An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. JanTek JTC-200 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The JanTekJTC-200 is a TCP/IP converter (serial server) from JanTek Technology. An unauthorized access vulnerability exists in JanTekJTC-200. JanTek JTC-200 is prone to a cross-site request-forgery vulnerability and an authentication-bypass vulnerability. An attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to gain access to the BusyBox Linux shell. Vendor: JanTek Equipment: JTC-200 Vulnerabilities: Cross-site Request Forgery, Improper Authentication
Advisory URL: https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/
ICS-CERT Advisory https://ics-cert.us-cert.gov/advisories/ICSA-17-283-02
CVE-ID CVE-2016-5789 CVE-2016-5791
Detailed Proof of Concept: https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/
AFFECTED PRODUCTS
The following versions of JTC-200, a TCP/IP converter, are affected: JTC-200 all versions.
BACKGROUND
Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Europe and Asia Company Headquarters Location: Taiwan
IMPACT
Successful exploitation of these vulnerabilities allow for remote code execution on the device with elevated privileges.
VULNERABILITY OVERVIEW
CROSS-SITE REQUEST FORGERY (CSRF) CWE-352 An attacker could perform actions with the same permissions as a victim user, provided the victim has an active session and is induced to trigger the malicious request. A CVSS v3 base score of 8.0 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). A CVSS v3 base score of 9.8 has been assigned; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Trying IP... Connected to IP. Escape character is '^]'. BusyBox v0.60.4 (2008.02.21-16:59+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands.
BusyBox v0.60.4 (2008.02.21-16:59+0000) multi-call binary Usage: busybox [function] [arguments]... or: [function] [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use, and BusyBox will act like whatever it was invoked as. Currently defined functions: [, busybox, cat, cp, df, hostname, ifconfig, init, kill, killall, ls, mkdir, mknod, mount, msh, mv, ping, ps, pwd, rm, sh, test, touch, vi
ls
bin dev etc nfs proc swap usb var
cd etc
ls
ConfigPage WRConfig.ini config inetd.conf inittab ppp protocols rc resolv.conf services
cat inetd.conf
telnet stream tcpnowait root /bin/telnetd
Technical Details
https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/
+++++ Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201710-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "jtc-200",
"scope": null,
"trust": 1.2,
"vendor": "jantek",
"version": null
},
{
"model": "jtc-200",
"scope": "eq",
"trust": 1.0,
"vendor": "jantek",
"version": "*"
},
{
"model": "jtc-200",
"scope": "eq",
"trust": 0.8,
"vendor": "jantek",
"version": null
},
{
"model": "jtc-200",
"scope": "eq",
"trust": 0.3,
"vendor": "jantek",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "jtc 200",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "BID",
"id": "101224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:jantek:jtc-200_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:jantek:jtc-200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5791"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshan",
"sources": [
{
"db": "BID",
"id": "101224"
}
],
"trust": 0.3
},
"cve": "CVE-2016-5791",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2016-5791",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-32099",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-94610",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-5791",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-5791",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2017-32099",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201710-529",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4",
"trust": 0.2,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-94610",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-5791",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authentication could provide an undocumented BusyBox Linux shell accessible over the TELNET service without any authentication. JanTek JTC-200 Contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The JanTekJTC-200 is a TCP/IP converter (serial server) from JanTek Technology. An unauthorized access vulnerability exists in JanTekJTC-200. JanTek JTC-200 is prone to a cross-site request-forgery vulnerability and an authentication-bypass vulnerability. \nAn attacker can exploit these issues to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks. An attacker could exploit this vulnerability to gain access to the BusyBox Linux shell. Vendor: JanTek\nEquipment: JTC-200\nVulnerabilities: Cross-site Request Forgery, Improper Authentication\n\nAdvisory URL:\nhttps://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/\n\nICS-CERT Advisory\nhttps://ics-cert.us-cert.gov/advisories/ICSA-17-283-02\n\nCVE-ID\nCVE-2016-5789\nCVE-2016-5791\n\nDetailed Proof of Concept:\nhttps://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/\n\n------------------------\nAFFECTED PRODUCTS\n------------------------\n\nThe following versions of JTC-200, a TCP/IP converter, are affected:\nJTC-200 all versions. \n\n------------------------\nBACKGROUND\n------------------------\nCritical Infrastructure Sectors: Critical Manufacturing\nCountries/Areas Deployed: Europe and Asia\nCompany Headquarters Location: Taiwan\n\n\n------------------------\nIMPACT\n------------------------\nSuccessful exploitation of these vulnerabilities allow for remote code\nexecution on the device with elevated privileges. \n\n------------------------\nVULNERABILITY OVERVIEW\n------------------------\n\nCROSS-SITE REQUEST FORGERY (CSRF) CWE-352\nAn attacker could perform actions with the same permissions as a victim\nuser, provided the victim has an active session and is induced to trigger\nthe malicious request. A CVSS v3 base score\nof 8.0 has been assigned; the CVSS vector string is\n(AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). A CVSS v3 base score\nof 9.8 has been assigned; the CVSS vector string is\n(AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). \n\n---------\nTrying IP... \nConnected to IP. \nEscape character is \u0027^]\u0027. \nBusyBox v0.60.4 (2008.02.21-16:59+0000) Built-in shell (msh)\nEnter \u0027help\u0027 for a list of built-in commands. \n#\nBusyBox v0.60.4 (2008.02.21-16:59+0000) multi-call binary\nUsage: busybox [function] [arguments]... \nor: [function] [arguments]... \nBusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use, and BusyBox will act like whatever it was invoked as. \nCurrently defined functions:\n[, busybox, cat, cp, df, hostname, ifconfig, init, kill, killall, ls, mkdir, mknod, mount, msh, mv, ping, ps, pwd, rm, sh, test, touch, vi\n#\n# ls\nbin dev etc nfs proc swap usb var\n# cd etc\n# ls\nConfigPage WRConfig.ini config inetd.conf inittab ppp protocols rc resolv.conf services\n# cat inetd.conf\ntelnet stream tcpnowait root /bin/telnetd\n#\n---------\n\n------------------------\nTechnical Details\n------------------------\nhttps://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/\n\n+++++\nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "BID",
"id": "101224"
},
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"db": "PACKETSTORM",
"id": "144816"
}
],
"trust": 2.88
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-5791",
"trust": 3.8
},
{
"db": "ICS CERT",
"id": "ICSA-17-283-02",
"trust": 3.6
},
{
"db": "CNVD",
"id": "CNVD-2017-32099",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848",
"trust": 0.8
},
{
"db": "BID",
"id": "101224",
"trust": 0.4
},
{
"db": "IVD",
"id": "5A33FB15-6543-4DF8-914E-2F593D80CAC4",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "144816",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-94610",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-5791",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"db": "BID",
"id": "101224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "PACKETSTORM",
"id": "144816"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"id": "VAR-201710-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "VULHUB",
"id": "VHN-94610"
}
],
"trust": 1.5111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
}
]
},
"last_update_date": "2023-12-18T12:44:22.420000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.jantek.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-283-02"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5791"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-5791"
},
{
"trust": 0.3,
"url": "http://www.jantek.com.tw"
},
{
"trust": 0.3,
"url": "http://www.jantek.com.tw/en/product/73"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://packetstormsecurity.com/files/144816/jantek-jtc-200-rs232-net-connector-csrf-missing-authentication.html"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/101224"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2017/10/28/ics-jantek-jtc-200-rs232-net-converter-advisory-published/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-5789"
},
{
"trust": 0.1,
"url": "https://ipositivesecurity.com/2016/07/05/rs232-net-converter-model-jtc-200-multiple-vulnerabilities/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"db": "BID",
"id": "101224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "PACKETSTORM",
"id": "144816"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"db": "VULHUB",
"id": "VHN-94610"
},
{
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"db": "BID",
"id": "101224"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"db": "PACKETSTORM",
"id": "144816"
},
{
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-31T00:00:00",
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"date": "2017-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"date": "2017-10-13T00:00:00",
"db": "VULHUB",
"id": "VHN-94610"
},
{
"date": "2017-10-13T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"date": "2017-10-10T00:00:00",
"db": "BID",
"id": "101224"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"date": "2017-10-31T13:33:33",
"db": "PACKETSTORM",
"id": "144816"
},
{
"date": "2017-10-13T03:29:00.240000",
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"date": "2017-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-32099"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULHUB",
"id": "VHN-94610"
},
{
"date": "2017-11-03T00:00:00",
"db": "VULMON",
"id": "CVE-2016-5791"
},
{
"date": "2017-12-19T22:36:00",
"db": "BID",
"id": "101224"
},
{
"date": "2017-11-10T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-008848"
},
{
"date": "2017-11-03T16:30:39.407000",
"db": "NVD",
"id": "CVE-2016-5791"
},
{
"date": "2017-10-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "JanTek JTC-200 Unauthorized Access Vulnerability",
"sources": [
{
"db": "IVD",
"id": "5a33fb15-6543-4df8-914e-2f593d80cac4"
},
{
"db": "CNVD",
"id": "CNVD-2017-32099"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201710-529"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…