Sign-up

ID

VAR-201901-0729


CVE

CVE-2018-0625


TITLE

Multiple OS command injection vulnerabilities in Aterm WG1200HP

Trust: 0.8

sources: JVNDB: JVNDB-2018-000075

DESCRIPTION

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via formSysCmd parameter. Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities (CWE-78). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the product with administrative privileges may execute an arbitrary OS command. NECAterm WG1200HP is a wireless router from NEC. An operating system command injection vulnerability exists in NECAterm WG1200HP with firmware version 1.0.31 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0625 // JVNDB: JVNDB-2018-000075 // CNVD: CNVD-2019-01098

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01098

AFFECTED PRODUCTS

vendor:necmodel:aterm wg1200hpscope:lteversion:1.0.31

Trust: 1.0

vendor:necmodel:aterm wg1200hpscope:lteversion:firmware ver1.0.31

Trust: 0.8

vendor:necmodel:aterm wg1200hpscope:lteversion:<=1.0.31

Trust: 0.6

vendor:necmodel:aterm wg1200hpscope:eqversion:1.0.31

Trust: 0.6

sources: CNVD: CNVD-2019-01098 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-240 // NVD: CVE-2018-0625

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0625
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000075
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-01098
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-240
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-0625
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000075
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-01098
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0625
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000075
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-01098 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-240 // NVD: CVE-2018-0625

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-000075 // NVD: CVE-2018-0625

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-240

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-240

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000075

PATCH
title:NV16-005url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermWG1200HP Operating System Command Injection Vulnerability (CNVD-2019-01098)url:https://www.cnvd.org.cn/patchInfo/show/149855
Trust: 0.6
title:NEC Aterm WG1200HP Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88424
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01098 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-240

EXTERNAL IDS
db:NVDid:CVE-2018-0625
Trust: 3.0
db:JVNid:JVN00401783
Trust: 2.4
db:JVNDBid:JVNDB-2018-000075
Trust: 0.8
db:CNVDid:CNVD-2019-01098
Trust: 0.6
db:CNNVDid:CNNVD-201901-240
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01098 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-240 // 
            
            
            
            NVD: CVE-2018-0625

REFERENCES
url:https://jvn.jp/en/jp/jvn00401783/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0625
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0625  
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0626
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0627
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0628
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0626
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0627
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0628
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01098 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-240 // 
            
            
            
            NVD: CVE-2018-0625

SOURCES
db:CNVDid:CNVD-2019-01098
db:JVNDBid:JVNDB-2018-000075
db:CNNVDid:CNNVD-201901-240
db:NVDid:CVE-2018-0625

LAST UPDATE DATE
2024-08-14T14:12:33.122000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01098date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-240date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0625date:2019-01-15T15:29:40.597

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01098date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-240date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0625date:2019-01-09T23:29:00.327