Sign-up

ID

VAR-201901-0734


CVE

CVE-2018-0630


TITLE

Multiple vulnerabilities in Aterm W300P

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076

DESCRIPTION

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via sysCmd parameter. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0630 // JVNDB: JVNDB-2018-000076 // CNVD: CNVD-2019-01103

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01103

AFFECTED PRODUCTS

vendor:necmodel:aterm w300pscope:lteversion:1.0.13

Trust: 1.0

vendor:necmodel:aterm w300pscope:lteversion:firmware ver1.0.13

Trust: 0.8

vendor:necmodel:aterm w300p )scope:eqversion:(<=1.0.13

Trust: 0.6

vendor:necmodel:aterm w300pscope:eqversion:1.0.13

Trust: 0.6

sources: CNVD: CNVD-2019-01103 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-245 // NVD: CVE-2018-0630

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000076
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0630
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01103
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-245
value: CRITICAL

Trust: 0.6

IPA: JVNDB-2018-000076
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0630
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01103
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000076
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0630
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01103 // JVNDB: JVNDB-2018-000076 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-245 // NVD: CVE-2018-0630

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076 // NVD: CVE-2018-0630

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-245

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-245

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000076

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermW300P Operating System Command Injection Vulnerability (CNVD-2019-01103)url:https://www.cnvd.org.cn/patchInfo/show/149859
Trust: 0.6
title:NEC Aterm W300P Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88429
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01103 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-245

EXTERNAL IDS
db:NVDid:CVE-2018-0630
Trust: 3.0
db:JVNid:JVN26629618
Trust: 2.4
db:JVNDBid:JVNDB-2018-000076
Trust: 0.8
db:CNVDid:CNVD-2019-01103
Trust: 0.6
db:CNNVDid:CNNVD-201901-245
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01103 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-245 // 
            
            
            
            NVD: CVE-2018-0630

REFERENCES
url:https://jvn.jp/en/jp/jvn26629618/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0630
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0633
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0629
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0630
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0631
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0629
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0631
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0633
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01103 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-245 // 
            
            
            
            NVD: CVE-2018-0630

SOURCES
db:CNVDid:CNVD-2019-01103
db:JVNDBid:JVNDB-2018-000076
db:CNNVDid:CNNVD-201901-245
db:NVDid:CVE-2018-0630

LAST UPDATE DATE
2024-08-14T13:45:17.441000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01103date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-245date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0630date:2019-01-17T19:12:54.447

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01103date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-245date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0630date:2019-01-09T23:29:00.637