ID

VAR-201901-0838


CVE

CVE-2018-16194


TITLE

Multiple vulnerabilities in Aterm WF1200CR and Aterm WG1200CR

Trust: 0.8

sources: JVNDB: JVNDB-2018-000131

DESCRIPTION

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16193 * An attacker who can log in the device may execute an arbitrary OS command. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Trust: 2.16

sources: NVD: CVE-2018-16194 // JVNDB: JVNDB-2018-000131 // CNVD: CNVD-2018-25741

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-25741

AFFECTED PRODUCTS

vendor:necmodel:aterm wf1200crscope:lteversion:1.1.1

Trust: 1.0

vendor:necmodel:aterm wg1200crscope:lteversion:1.0.1

Trust: 1.0

vendor:necmodel:aterm wf1200crscope:lteversion:firmware ver1.1.1

Trust: 0.8

vendor:necmodel:aterm wg1200crscope:lteversion:firmware ver1.0.1

Trust: 0.8

vendor:necmodel:aterm wf1200crscope:lteversion:<=1.1.1

Trust: 0.6

vendor:302 240necmodel:aterm wg1200crscope:lteversion:<=1.0.1

Trust: 0.6

vendor:necmodel:aterm wf1200crscope:eqversion:1.1.1

Trust: 0.6

vendor:necmodel:aterm wg1200crscope:eqversion:1.0.1

Trust: 0.6

sources: CNVD: CNVD-2018-25741 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-709 // NVD: CVE-2018-16194

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000131
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2018-16194
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000131
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-25741
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-709
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2018-16194
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000131
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000131
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000131
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2018-000131
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2018-25741
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-16194
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000131
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000131
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000131
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2018-000131
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-25741 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-709 // NVD: CVE-2018-16194

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-79

Trust: 0.8

problemtype:CWE-200

Trust: 0.8

sources: JVNDB: JVNDB-2018-000131 // NVD: CVE-2018-16194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-709

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-709

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-000131

PATCH

title:Information from NEC Corporationurl:https://jpn.nec.com/security-info/secinfo/nv18-021.html

Trust: 0.8

title:Patch for NECAtermWF1200CR and AtermWG1200CR Operating System Command Injection Vulnerability (CNVD-2018-25741)url:https://www.cnvd.org.cn/patchInfo/show/147505

Trust: 0.6

title:NEC Aterm WF1200CR and Aterm WG1200CR Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87932

Trust: 0.6

sources: CNVD: CNVD-2018-25741 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-709

EXTERNAL IDS

db:NVDid:CVE-2018-16194

Trust: 3.0

db:JVNid:JVN87535892

Trust: 2.4

db:JVNDBid:JVNDB-2018-000131

Trust: 1.4

db:CNVDid:CNVD-2018-25741

Trust: 0.6

db:CNNVDid:CNNVD-201812-709

Trust: 0.6

sources: CNVD: CNVD-2018-25741 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-709 // NVD: CVE-2018-16194

REFERENCES

url:https://jvn.jp/en/jp/jvn87535892/index.html

Trust: 2.4

url:https://jpn.nec.com/security-info/secinfo/nv18-021.html

Trust: 1.6

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16192

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16193

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16194

Trust: 0.8

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16195

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16192

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16193

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16194

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-16195

Trust: 0.8

url:https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000131.html

Trust: 0.6

sources: CNVD: CNVD-2018-25741 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-709 // NVD: CVE-2018-16194

SOURCES

db:CNVDid:CNVD-2018-25741
db:JVNDBid:JVNDB-2018-000131
db:CNNVDid:CNNVD-201812-709
db:NVDid:CVE-2018-16194

LAST UPDATE DATE

2024-11-23T21:52:31.678000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-25741date:2018-12-19T00:00:00
db:JVNDBid:JVNDB-2018-000131date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201812-709date:2018-12-17T00:00:00
db:NVDid:CVE-2018-16194date:2024-11-21T03:52:16.010

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-25741date:2018-12-19T00:00:00
db:JVNDBid:JVNDB-2018-000131date:2018-12-14T00:00:00
db:CNNVDid:CNNVD-201812-709date:2018-12-17T00:00:00
db:NVDid:CVE-2018-16194date:2019-01-09T23:29:04.433