Sign-up

ID

VAR-201901-0730


CVE

CVE-2018-0626


TITLE

Multiple OS command injection vulnerabilities in Aterm WG1200HP

Trust: 0.8

sources: JVNDB: JVNDB-2018-000075

DESCRIPTION

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd in formWsc parameter. Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities (CWE-78). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the product with administrative privileges may execute an arbitrary OS command. NECAterm WG1200HP is a wireless router from NEC. An operating system command injection vulnerability exists in NECAterm WG1200HP using firmware version 1.0.31 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0626 // JVNDB: JVNDB-2018-000075 // CNVD: CNVD-2019-01099

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01099

AFFECTED PRODUCTS

vendor:necmodel:aterm wg1200hpscope:lteversion:1.0.31

Trust: 1.0

vendor:necmodel:aterm wg1200hpscope:lteversion:firmware ver1.0.31

Trust: 0.8

vendor:necmodel:aterm wg1200hpscope:lteversion:<=1.0.31

Trust: 0.6

vendor:necmodel:aterm wg1200hpscope:eqversion:1.0.31

Trust: 0.6

sources: CNVD: CNVD-2019-01099 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-241 // NVD: CVE-2018-0626

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0626
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000075
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-01099
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-241
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-0626
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000075
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-01099
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0626
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000075
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-01099 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-241 // NVD: CVE-2018-0626

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-000075 // NVD: CVE-2018-0626

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-241

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-241

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000075

PATCH
title:NV16-005url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermWG1200HP Operating System Command Injection Vulnerability (CNVD-2019-01099)url:https://www.cnvd.org.cn/patchInfo/show/149853
Trust: 0.6
title:NEC Aterm WG1200HP Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88425
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01099 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-241

EXTERNAL IDS
db:NVDid:CVE-2018-0626
Trust: 3.0
db:JVNid:JVN00401783
Trust: 2.4
db:JVNDBid:JVNDB-2018-000075
Trust: 0.8
db:CNVDid:CNVD-2019-01099
Trust: 0.6
db:CNNVDid:CNNVD-201901-241
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01099 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-241 // 
            
            
            
            NVD: CVE-2018-0626

REFERENCES
url:https://jvn.jp/en/jp/jvn00401783/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0626
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0625  
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0626
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0627
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0628
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0625
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0627
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0628
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01099 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-241 // 
            
            
            
            NVD: CVE-2018-0626

SOURCES
db:CNVDid:CNVD-2019-01099
db:JVNDBid:JVNDB-2018-000075
db:CNNVDid:CNNVD-201901-241
db:NVDid:CVE-2018-0626

LAST UPDATE DATE
2024-08-14T14:12:33.095000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01099date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-241date:2019-06-05T00:00:00
db:NVDid:CVE-2018-0626date:2019-01-15T15:29:57.143

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01099date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-241date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0626date:2019-01-09T23:29:00.387