Sign-up

ID

VAR-201901-0735


CVE

CVE-2018-0631


TITLE

NEC Aterm W300P Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2019-01104 // CNNVD: CNNVD-201901-246

DESCRIPTION

Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary OS commands via targetAPSsid parameter. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. An operating system command injection vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0631 // JVNDB: JVNDB-2018-000076 // CNVD: CNVD-2019-01104

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01104

AFFECTED PRODUCTS

vendor:necmodel:aterm w300pscope:lteversion:1.0.13

Trust: 1.0

vendor:necmodel:aterm w300pscope:lteversion:firmware ver1.0.13

Trust: 0.8

vendor:necmodel:aterm w300p )scope:eqversion:(<=1.0.13

Trust: 0.6

vendor:necmodel:aterm w300pscope:eqversion:1.0.13

Trust: 0.6

sources: CNVD: CNVD-2019-01104 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-246 // NVD: CVE-2018-0631

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000076
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0631
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01104
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-246
value: CRITICAL

Trust: 0.6

IPA: JVNDB-2018-000076
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0631
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01104
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000076
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0631
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01104 // JVNDB: JVNDB-2018-000076 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-246 // NVD: CVE-2018-0631

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076 // NVD: CVE-2018-0631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-246

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-246

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000076

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:NECAtermW300P operating system command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/149861
Trust: 0.6
title:NEC Aterm W300P Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88430
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01104 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-246

EXTERNAL IDS
db:NVDid:CVE-2018-0631
Trust: 3.0
db:JVNid:JVN26629618
Trust: 2.4
db:JVNDBid:JVNDB-2018-000076
Trust: 0.8
db:CNVDid:CNVD-2019-01104
Trust: 0.6
db:CNNVDid:CNNVD-201901-246
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01104 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-246 // 
            
            
            
            NVD: CVE-2018-0631

REFERENCES
url:https://jvn.jp/en/jp/jvn26629618/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0631
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0633
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0629
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0630
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0631
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0629
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0630
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0633
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01104 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-246 // 
            
            
            
            NVD: CVE-2018-0631

SOURCES
db:CNVDid:CNVD-2019-01104
db:JVNDBid:JVNDB-2018-000076
db:CNNVDid:CNNVD-201901-246
db:NVDid:CVE-2018-0631

LAST UPDATE DATE
2024-08-14T13:45:17.412000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01104date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-246date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0631date:2019-01-17T19:14:48.527

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01104date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-246date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0631date:2019-01-09T23:29:00.683