Sign-up

ID

VAR-201901-0733


CVE

CVE-2018-0629


TITLE

Multiple vulnerabilities in Aterm W300P

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076

DESCRIPTION

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via HTTP request and response. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0629 // JVNDB: JVNDB-2018-000076 // CNVD: CNVD-2019-01102

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01102

AFFECTED PRODUCTS

vendor:necmodel:aterm w300pscope:lteversion:1.0.13

Trust: 1.0

vendor:necmodel:aterm w300pscope:lteversion:firmware ver1.0.13

Trust: 0.8

vendor:necmodel:aterm w300p )scope:eqversion:(<=1.0.13

Trust: 0.6

vendor:necmodel:aterm w300pscope:eqversion:1.0.13

Trust: 0.6

sources: CNVD: CNVD-2019-01102 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-244 // NVD: CVE-2018-0629

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000076
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0629
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01102
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-244
value: CRITICAL

Trust: 0.6

IPA: JVNDB-2018-000076
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0629
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01102
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000076
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0629
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01102 // JVNDB: JVNDB-2018-000076 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-244 // NVD: CVE-2018-0629

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076 // NVD: CVE-2018-0629

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-244

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000076

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermW300P Operating System Command Injection Vulnerability (CNVD-2019-01102)url:https://www.cnvd.org.cn/patchInfo/show/149857
Trust: 0.6
title:NEC Aterm W300P Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88428
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01102 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-244

EXTERNAL IDS
db:NVDid:CVE-2018-0629
Trust: 3.0
db:JVNid:JVN26629618
Trust: 2.4
db:JVNDBid:JVNDB-2018-000076
Trust: 0.8
db:CNVDid:CNVD-2019-01102
Trust: 0.6
db:CNNVDid:CNNVD-201901-244
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01102 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-244 // 
            
            
            
            NVD: CVE-2018-0629

REFERENCES
url:https://jvn.jp/en/jp/jvn26629618/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0629
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0633
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0629
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0630
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0631
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0630
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0631
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0633
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01102 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-244 // 
            
            
            
            NVD: CVE-2018-0629

SOURCES
db:CNVDid:CNVD-2019-01102
db:JVNDBid:JVNDB-2018-000076
db:CNNVDid:CNNVD-201901-244
db:NVDid:CVE-2018-0629

LAST UPDATE DATE
2024-08-14T13:45:17.468000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01102date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-244date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0629date:2019-01-17T19:10:06.270

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01102date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-244date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0629date:2019-01-09T23:29:00.577