Details of VAR-201806-0636

ID

VAR-201806-0636

CVE

CVE-2018-12041

TITLE

MediaTek AWUS036NH wireless USB Input validation vulnerability in adapter

Trust: 0.8

sources: JVNDB: JVNDB-2018-006156

DESCRIPTION

An issue was discovered on the MediaTek AWUS036NH wireless USB adapter through 5.1.25.0. Attackers can remotely deny service by sending specially constructed 802.11 frames. MediaTek AWUS036NH wireless USB The adapter contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. A security vulnerability exists in versions prior to MediaTekAWUS036NH5.1.25.0

Trust: 2.25

sources: NVD: CVE-2018-12041 // JVNDB: JVNDB-2018-006156 // CNVD: CNVD-2018-11365 // VULHUB: VHN-121961

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-11365

AFFECTED PRODUCTS

vendor:	mediatek	model:	awus036nh	scope:	eq	version:	5.1.25.0	Trust: 1.6
vendor:	media tech	model:	awus036nh	scope:	lte	version:	5.1.25.0	Trust: 0.8
vendor:	mediatek	model:	awus036nh	scope:	lt	version:	5.1.25.0	Trust: 0.6

sources: CNVD: CNVD-2018-11365 // JVNDB: JVNDB-2018-006156 // CNNVD: CNNVD-201806-668 // NVD: CVE-2018-12041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-12041
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-12041
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-11365
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201806-668
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-121961
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-12041
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-11365
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-121961
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-12041
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-11365 // VULHUB: VHN-121961 // JVNDB: JVNDB-2018-006156 // CNNVD: CNNVD-201806-668 // NVD: CVE-2018-12041

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-121961 // JVNDB: JVNDB-2018-006156 // NVD: CVE-2018-12041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-668

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201806-668

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006156

PATCH

title:

トップページ

url:

https://www.mediatek.jp/

Trust: 0.8

sources: JVNDB: JVNDB-2018-006156

EXTERNAL IDS

db:	NVD	id:	CVE-2018-12041	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-006156	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-668	Trust: 0.7
db:	CNVD	id:	CNVD-2018-11365	Trust: 0.6
db:	VULHUB	id:	VHN-121961	Trust: 0.1

sources: CNVD: CNVD-2018-11365 // VULHUB: VHN-121961 // JVNDB: JVNDB-2018-006156 // CNNVD: CNNVD-201806-668 // NVD: CVE-2018-12041

REFERENCES

url:	http://wiattack.net/testprocess.pdf	Trust: 2.5
url:	http://wiattack.net/iceco1or/fuzzdot.py	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-12041	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12041	Trust: 0.8

sources: CNVD: CNVD-2018-11365 // VULHUB: VHN-121961 // JVNDB: JVNDB-2018-006156 // CNNVD: CNNVD-201806-668 // NVD: CVE-2018-12041

SOURCES

db:	CNVD	id:	CNVD-2018-11365
db:	VULHUB	id:	VHN-121961
db:	JVNDB	id:	JVNDB-2018-006156
db:	CNNVD	id:	CNNVD-201806-668
db:	NVD	id:	CVE-2018-12041

LAST UPDATE DATE

2024-11-23T22:52:03.923000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-11365	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-121961	date:	2018-07-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-006156	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-668	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-12041	date:	2024-11-21T03:44:28.677

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-11365	date:	2018-06-13T00:00:00
db:	VULHUB	id:	VHN-121961	date:	2018-06-08T00:00:00
db:	JVNDB	id:	JVNDB-2018-006156	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-668	date:	2018-06-11T00:00:00
db:	NVD	id:	CVE-2018-12041	date:	2018-06-08T01:29:01.513