var-202206-2135
Vulnerability from variot
HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Corporation of Japan
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202206-2135",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "home spot cube 2",
"scope": "lte",
"trust": 1.0,
"vendor": "kddi",
"version": "v102"
},
{
"model": "home spot cube2",
"scope": "eq",
"trust": 0.8,
"vendor": "kddi",
"version": null
},
{
"model": "home spot cube2",
"scope": "lte",
"trust": 0.8,
"vendor": "kddi",
"version": "v102 and earlier"
},
{
"model": "home spot cube2",
"scope": "eq",
"trust": 0.6,
"vendor": "kddi",
"version": "v102"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:kddi:home_spot_cube_2_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "v102",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:kddi:home_spot_cube_2:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33948"
}
]
},
"cve": "CVE-2022-33948",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2022-000049",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CNVD-2022-60671",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2022-33948",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2022-000049",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2022-33948",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2022-000049",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2022-60671",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202206-2821",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2022-33948",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOME SPOT CUBE2 V102 contains an OS command injection vulnerability due to improper processing of data received from DHCP server. An adjacent attacker may execute an arbitrary OS command on the product if a malicious DHCP server is placed on the WAN side of the product. This vulnerability information is based on the Information Security Early Warning Partnership. IPA Report to JPCERT/CC Coordinated with the developer. KDDI HOME SPOT CUBE2 is a home wireless router from KDDI Corporation of Japan",
"sources": [
{
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "VULMON",
"id": "CVE-2022-33948"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2022-33948",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN41017328",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049",
"trust": 1.4
},
{
"db": "CNVD",
"id": "CNVD-2022-60671",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022062910",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2821",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2022-33948",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"id": "VAR-202206-2135",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
}
],
"trust": 1.35
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
}
]
},
"last_update_date": "2023-12-18T13:59:40.043000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HOME\u00a0SPOT\u00a0CUBE2",
"trust": 0.8,
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [IPA evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/"
},
{
"trust": 1.7,
"url": "https://jvn.jp/en/jp/jvn41017328/index.html"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn41017328/index.html"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2022-33948/"
},
{
"trust": 0.6,
"url": "https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000049.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022062910"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"date": "2022-07-04T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"date": "2022-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"date": "2022-07-04T02:15:07.620000",
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"date": "2022-06-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-08-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2022-60671"
},
{
"date": "2022-07-15T00:00:00",
"db": "VULMON",
"id": "CVE-2022-33948"
},
{
"date": "2022-06-29T03:02:00",
"db": "JVNDB",
"id": "JVNDB-2022-000049"
},
{
"date": "2022-07-15T13:10:05.463000",
"db": "NVD",
"id": "CVE-2022-33948"
},
{
"date": "2022-07-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HOME\u00a0SPOT\u00a0CUBE2\u00a0 In \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2022-000049"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202206-2821"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.