Sign-up

ID

VAR-201901-0736


CVE

CVE-2018-0632


TITLE

Multiple vulnerabilities in Aterm W300P

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076

DESCRIPTION

Buffer overflow in Aterm W300P Ver1.0.13 and earlier allows attacker with administrator rights to execute arbitrary code via HTTP request and response. Aterm W300P provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * Buffer Overflow (CWE-119) - CVE-2018-0632, CVE-2018-0633 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0629, CVE-2018-0630, CVE-2018-0631 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0632, CVE-2018-0633. The NECAtermW300P is a wireless router from NEC. A buffer overflow vulnerability exists in NECAtermW300P with firmware version 1.0.13 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0632 // JVNDB: JVNDB-2018-000076 // CNVD: CNVD-2019-01105

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01105

AFFECTED PRODUCTS

vendor:necmodel:aterm w300pscope:lteversion:1.0.13

Trust: 1.0

vendor:necmodel:aterm w300pscope:lteversion:firmware ver1.0.13

Trust: 0.8

vendor:necmodel:aterm w300pscope:ltversion:1.0.13

Trust: 0.6

vendor:necmodel:aterm w300pscope:eqversion:1.0.13

Trust: 0.6

sources: CNVD: CNVD-2019-01105 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-247 // NVD: CVE-2018-0632

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000076
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0632
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01105
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-247
value: MEDIUM

Trust: 0.6

IPA: JVNDB-2018-000076
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0632
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01105
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000076
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0632
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01105 // JVNDB: JVNDB-2018-000076 // JVNDB: JVNDB-2018-000076 // CNNVD: CNNVD-201901-247 // NVD: CVE-2018-0632

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-78

Trust: 0.8

sources: JVNDB: JVNDB-2018-000076 // NVD: CVE-2018-0632

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-247

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-247

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000076

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermW300P Buffer Overflow Vulnerability (CNVD-2019-01105)url:https://www.cnvd.org.cn/patchInfo/show/149863
Trust: 0.6
title:NEC Aterm W300P Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88431
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01105 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-247

EXTERNAL IDS
db:NVDid:CVE-2018-0632
Trust: 3.0
db:JVNid:JVN26629618
Trust: 2.4
db:JVNDBid:JVNDB-2018-000076
Trust: 0.8
db:CNVDid:CNVD-2019-01105
Trust: 0.6
db:CNNVDid:CNNVD-201901-247
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01105 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-247 // 
            
            
            
            NVD: CVE-2018-0632

REFERENCES
url:https://jvn.jp/en/jp/jvn26629618/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0632
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0633
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0629
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0630
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0631
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0632
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0629
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0630
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0631
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0633
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01105 // 
            
            
            
            JVNDB: JVNDB-2018-000076 // 
            
            
            
            CNNVD: CNNVD-201901-247 // 
            
            
            
            NVD: CVE-2018-0632

SOURCES
db:CNVDid:CNVD-2019-01105
db:JVNDBid:JVNDB-2018-000076
db:CNNVDid:CNNVD-201901-247
db:NVDid:CVE-2018-0632

LAST UPDATE DATE
2024-08-14T13:45:17.333000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01105date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-247date:2020-05-22T00:00:00
db:NVDid:CVE-2018-0632date:2019-01-16T17:09:11.840

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01105date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000076date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-247date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0632date:2019-01-09T23:29:00.747