Sign-up

ID

VAR-201901-0731


CVE

CVE-2018-0627


TITLE

Multiple OS command injection vulnerabilities in Aterm WG1200HP

Trust: 0.8

sources: JVNDB: JVNDB-2018-000075

DESCRIPTION

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities (CWE-78). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the product with administrative privileges may execute an arbitrary OS command. NECAterm WG1200HP is a wireless router from NEC. An operating system command injection vulnerability exists in NECAterm WG1200HP using firmware version 1.0.31 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0627 // JVNDB: JVNDB-2018-000075 // CNVD: CNVD-2019-01100

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01100

AFFECTED PRODUCTS

vendor:necmodel:aterm wg1200hpscope:lteversion:1.0.31

Trust: 1.0

vendor:necmodel:aterm wg1200hpscope:lteversion:firmware ver1.0.31

Trust: 0.8

vendor:necmodel:aterm wg1200hpscope:ltversion:1.0.31

Trust: 0.6

vendor:necmodel:aterm wg1200hpscope:eqversion:1.0.31

Trust: 0.6

sources: CNVD: CNVD-2019-01100 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-242 // NVD: CVE-2018-0627

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0627
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000075
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-01100
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-242
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-0627
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000075
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-01100
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0627
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000075
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-01100 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-242 // NVD: CVE-2018-0627

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-000075 // NVD: CVE-2018-0627

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-242

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-242

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000075

PATCH
title:NV16-005url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermWG1200HP Operating System Command Injection Vulnerability (CNVD-2019-01100)url:https://www.cnvd.org.cn/patchInfo/show/149851
Trust: 0.6
title:NEC Aterm WG1200HP Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88426
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01100 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-242

EXTERNAL IDS
db:NVDid:CVE-2018-0627
Trust: 3.0
db:JVNid:JVN00401783
Trust: 2.4
db:JVNDBid:JVNDB-2018-000075
Trust: 0.8
db:CNVDid:CNVD-2019-01100
Trust: 0.6
db:CNNVDid:CNNVD-201901-242
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01100 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-242 // 
            
            
            
            NVD: CVE-2018-0627

REFERENCES
url:https://jvn.jp/en/jp/jvn00401783/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0627
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0625  
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0626
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0627
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0628
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0625
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0626
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0628
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01100 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-242 // 
            
            
            
            NVD: CVE-2018-0627

SOURCES
db:CNVDid:CNVD-2019-01100
db:JVNDBid:JVNDB-2018-000075
db:CNNVDid:CNNVD-201901-242
db:NVDid:CVE-2018-0627

LAST UPDATE DATE
2024-08-14T14:12:33.068000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01100date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-242date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0627date:2019-01-15T15:30:06.517

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01100date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-242date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0627date:2019-01-09T23:29:00.467