Sign-up

ID

VAR-201707-0411


CVE

CVE-2017-2183


TITLE

HOME SPOT CUBE2 vulnerable to OS command injection in clock settings

Trust: 0.8

sources: JVNDB: JVNDB-2017-000135

DESCRIPTION

HOME SPOT CUBE2 firmware V101 and earlier allows authenticated attackers to execute arbitrary OS commands via Clock Settings. HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary OS command may be executed by an attacker who can access the management screen of the product. The WebUI is one of the graphical user interfaces. An operating system command injection vulnerability exists in the WebUI in KDDIHOMESPOTCUBE2 using firmware versions 101 and earlier. A remote attacker could exploit this vulnerability to execute arbitrary operating system commands. HOME SPOT CUBE2 is prone to following security vulnerabilities: 1. A buffer-overflow vulnerability 3. Other attacks may also be possible

Trust: 2.52

sources: NVD: CVE-2017-2183 // JVNDB: JVNDB-2017-000135 // CNVD: CNVD-2017-14889 // BID: 99282 // VULHUB: VHN-110386

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-14889

AFFECTED PRODUCTS

vendor:kddimodel:home spot cube 2scope:eqversion:v100

Trust: 1.6

vendor:kddimodel:home spot cube 2scope:eqversion:v101

Trust: 1.6

vendor:kddimodel:home spot cube2scope:lteversion:v101

Trust: 0.8

vendor:kddimodel:home spot cube2scope:lteversion:<=v101

Trust: 0.6

vendor:kddimodel:home spot cubescope:eqversion:101

Trust: 0.3

vendor:kddimodel:home spot cubescope:neversion:102

Trust: 0.3

sources: CNVD: CNVD-2017-14889 // BID: 99282 // JVNDB: JVNDB-2017-000135 // CNNVD: CNNVD-201706-1110 // NVD: CVE-2017-2183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2183
value: HIGH

Trust: 1.0

IPA: JVNDB-2017-000135
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-14889
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201706-1110
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110386
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2183
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000135
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-14889
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110386
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2183
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000135
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-14889 // VULHUB: VHN-110386 // JVNDB: JVNDB-2017-000135 // CNNVD: CNNVD-201706-1110 // NVD: CVE-2017-2183

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-110386 // JVNDB: JVNDB-2017-000135 // NVD: CVE-2017-2183

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201706-1110

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-1110

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000135

PATCH
title:About Firmware update for HOME SPOT CUBE2url:https://www.au.com/information/notice_mobile/update/update-20170612-01/
Trust: 0.8
title:KDDIHOMESPOTCUBEWebUI operating system command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/98206
Trust: 0.6
title:KDDI HOME SPOT CUBE Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=71309
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-14889 // 
            
            
            
            JVNDB: JVNDB-2017-000135 // 
            
            
            
            CNNVD: CNNVD-201706-1110

EXTERNAL IDS
db:JVNid:JVN24348065
Trust: 3.4
db:NVDid:CVE-2017-2183
Trust: 3.4
db:BIDid:99282
Trust: 2.0
db:JVNDBid:JVNDB-2017-000135
Trust: 0.8
db:CNNVDid:CNNVD-201706-1110
Trust: 0.7
db:CNVDid:CNVD-2017-14889
Trust: 0.6
db:VULHUBid:VHN-110386
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-14889 // 
            
            
            
            VULHUB: VHN-110386 // 
            
            
            
            BID: 99282 // 
            
            
            
            JVNDB: JVNDB-2017-000135 // 
            
            
            
            CNNVD: CNNVD-201706-1110 // 
            
            
            
            NVD: CVE-2017-2183

REFERENCES
url:http://jvn.jp/en/jp/jvn24348065/index.html
Trust: 2.8
url:http://www.securityfocus.com/bid/99282
Trust: 1.7
url:https://www.au.com/information/notice_mobile/update/update-20170612-01/
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2183
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2183
Trust: 0.8
url:http://jvn.jp/en/jp/jvn24348065/
Trust: 0.6
url:http://www.kddi.com/english/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-14889 // 
            
            
            
            VULHUB: VHN-110386 // 
            
            
            
            BID: 99282 // 
            
            
            
            JVNDB: JVNDB-2017-000135 // 
            
            
            
            CNNVD: CNNVD-201706-1110 // 
            
            
            
            NVD: CVE-2017-2183

CREDITS
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
Trust: 0.9
sources:
            
            
            BID: 99282 // 
            
            
            
            CNNVD: CNNVD-201706-1110

SOURCES
db:CNVDid:CNVD-2017-14889
db:VULHUBid:VHN-110386
db:BIDid:99282
db:JVNDBid:JVNDB-2017-000135
db:CNNVDid:CNNVD-201706-1110
db:NVDid:CVE-2017-2183

LAST UPDATE DATE
2024-08-14T13:56:40.306000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-14889date:2017-07-17T00:00:00
db:VULHUBid:VHN-110386date:2017-07-14T00:00:00
db:BIDid:99282date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-000135date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201706-1110date:2017-07-10T00:00:00
db:NVDid:CVE-2017-2183date:2017-07-14T15:51:55.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-14889date:2017-07-17T00:00:00
db:VULHUBid:VHN-110386date:2017-07-07T00:00:00
db:BIDid:99282date:2017-06-22T00:00:00
db:JVNDBid:JVNDB-2017-000135date:2017-06-21T00:00:00
db:CNNVDid:CNNVD-201706-1110date:2017-06-27T00:00:00
db:NVDid:CVE-2017-2183date:2017-07-07T13:29:00.317