Sign-up

ID

VAR-201901-0732


CVE

CVE-2018-0628


TITLE

NEC Aterm WG1200HP Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-01101 // CNNVD: CNNVD-201901-243

DESCRIPTION

Aterm WG1200HP firmware Ver1.0.31 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. Aterm WG1200HP provided by NEC Corporation contains multiple OS command injection vulnerabilities (CWE-78). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user who can access the product with administrative privileges may execute an arbitrary OS command. NECAterm WG1200HP is a wireless router from NEC. An operating system command injection vulnerability exists in NECAterm WG1200HP using firmware version 1.0.31 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0628 // JVNDB: JVNDB-2018-000075 // CNVD: CNVD-2019-01101

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01101

AFFECTED PRODUCTS

vendor:necmodel:aterm wg1200hpscope:lteversion:1.0.31

Trust: 1.0

vendor:necmodel:aterm wg1200hpscope:lteversion:firmware ver1.0.31

Trust: 0.8

vendor:necmodel:aterm wg1200hpscope:ltversion:1.0.31

Trust: 0.6

vendor:necmodel:aterm wg1200hpscope:eqversion:1.0.31

Trust: 0.6

sources: CNVD: CNVD-2019-01101 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-243 // NVD: CVE-2018-0628

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0628
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000075
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2019-01101
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-243
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-0628
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000075
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2019-01101
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-0628
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000075
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2019-01101 // JVNDB: JVNDB-2018-000075 // CNNVD: CNNVD-201901-243 // NVD: CVE-2018-0628

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2018-000075 // NVD: CVE-2018-0628

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-243

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-243

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000075

PATCH
title:NV16-005url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:NECAtermWG1200HP operating system command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/149849
Trust: 0.6
title:NEC Aterm WG1200HP Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88427
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01101 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-243

EXTERNAL IDS
db:NVDid:CVE-2018-0628
Trust: 3.0
db:JVNid:JVN00401783
Trust: 2.4
db:JVNDBid:JVNDB-2018-000075
Trust: 0.8
db:CNVDid:CNVD-2019-01101
Trust: 0.6
db:CNNVDid:CNNVD-201901-243
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01101 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-243 // 
            
            
            
            NVD: CVE-2018-0628

REFERENCES
url:https://jvn.jp/en/jp/jvn00401783/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0628
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0625  
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0626
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0627
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0628
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0625
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0626
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0627
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01101 // 
            
            
            
            JVNDB: JVNDB-2018-000075 // 
            
            
            
            CNNVD: CNNVD-201901-243 // 
            
            
            
            NVD: CVE-2018-0628

SOURCES
db:CNVDid:CNVD-2019-01101
db:JVNDBid:JVNDB-2018-000075
db:CNNVDid:CNNVD-201901-243
db:NVDid:CVE-2018-0628

LAST UPDATE DATE
2024-08-14T14:12:33.040000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01101date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-243date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0628date:2019-01-17T19:02:41.400

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01101date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000075date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-243date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0628date:2019-01-09T23:29:00.513