VAR-201903-1180
Vulnerability from variot - Updated: 2023-12-18 12:43A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. Attackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. X-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research & Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research & Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research & Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201903-1180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "x-320m-i",
"scope": "eq",
"trust": 1.1,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "lte",
"trust": 1.0,
"vendor": "controlbyweb",
"version": "1.05"
},
{
"model": "x-320m-i",
"scope": "ne",
"trust": 0.3,
"vendor": "controlbyweb",
"version": "1.06"
}
],
"sources": [
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:controlbyweb:x-320m-i_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.05",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:controlbyweb:x-320m-i:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "John Elder and Tom Westenberg of Applied Risk",
"sources": [
{
"db": "BID",
"id": "106655"
}
],
"trust": 0.3
},
"cve": "CVE-2018-18881",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 6.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18881",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-129485",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-18881",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18881",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201901-742",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-129485",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Denial of Service (DOS) issue was discovered in ControlByWeb X-320M-I Web-Enabled Instrumentation-Grade Data Acquisition module 1.05 with firmware revision v1.05. An authenticated user can configure invalid network settings, stopping TCP based communications to the device. A physical factory reset is required to restore the device to an operational state. ControlByWeb X-320M-I Contains vulnerabilities related to security features.Service operation interruption (DoS) There is a possibility of being put into a state. ControlByWeb X-320M is prone to a cross-site scripting vulnerability and an authentication-bypass vulnerability. \nAttackers can exploit these issues to execute arbitrary code in the context of the browser, obtain sensitive information, or cause a denial-of-service attack; other attacks may also be possible. \nX-320M-I firmware revision v1.05 and prior are vulnerable. Xytronix Research \u0026 Design ControlByWeb X-320M is a network-enabled weather station controller from Xytronix Research \u0026 Design, USA. The product supports remote viewing of the current wind speed, wind direction, precipitation, temperature, humidity, solar radiation and air pressure, etc. A security feature issue vulnerability exists in the Xytronix Research \u0026 Design ControlByWeb X-320M. An attacker could exploit this vulnerability to cause a denial of service",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "VULHUB",
"id": "VHN-129485"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "106655",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2018-18881",
"trust": 2.8
},
{
"db": "ICS CERT",
"id": "ICSA-19-017-03",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-129485",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"id": "VAR-201903-1180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:43:35.999000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "X-320M | Web-Enabled Weather Station",
"trust": 0.8,
"url": "https://www.controlbyweb.com/x320m/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-254",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.securityfocus.com/bid/106655"
},
{
"trust": 1.7,
"url": "https://applied-risk.com/labs/advisories"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18881"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18881"
},
{
"trust": 0.8,
"url": "https://www.us-cert.gov/ics/advisories/icsa-19-017-03"
},
{
"trust": 0.3,
"url": "https://www.controlbyweb.com/x320m/"
},
{
"trust": 0.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-19-017-03"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-129485"
},
{
"db": "BID",
"id": "106655"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-03-21T00:00:00",
"db": "VULHUB",
"id": "VHN-129485"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-05-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"date": "2019-03-21T16:00:29.750000",
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"date": "2019-01-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-129485"
},
{
"date": "2019-01-17T00:00:00",
"db": "BID",
"id": "106655"
},
{
"date": "2019-07-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-015191"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-18881"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ControlByWeb X-320M-I Vulnerabilities related to security functions",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-015191"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201901-742"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…