Details of VAR-201901-0839

ID

VAR-201901-0839

CVE

CVE-2018-16195

TITLE

NEC Aterm WF1200CR and Aterm WG1200CR Operating System Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-25740 // CNNVD: CNNVD-201812-710

DESCRIPTION

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands via SOAP interface of UPnP. Aterm WF1200CR and Aterm WG1200CR provided by NEC Corporation contain multiple vulnerabilities listed below. * Information disclosure (CWE-200) - CVE-2018-16192 * Stored cross-site scripting (CWE-79) - CVE-2018-16193 * OS command injection (CWE-78) - CVE-2018-16194 * OS command injection in SOAP interface of UPnP (CWE-78) - CVE-2018-16195 Satoru Nagaoka of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* An attacker with access to the device may obtain registered information on the device. - CVE-2018-16192 * An arbitrary script may be executed on a logged in user's web browser. - CVE-2018-16195. NECAtermWF1200CR and AtermWG1200CR are both router products of NEC

Trust: 2.16

sources: NVD: CVE-2018-16195 // JVNDB: JVNDB-2018-000131 // CNVD: CNVD-2018-25740

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-25740

AFFECTED PRODUCTS

vendor:	nec	model:	aterm wg1200cr	scope:	lte	version:	1.0.1	Trust: 1.0
vendor:	nec	model:	aterm wf1200cr	scope:	lte	version:	1.1.1	Trust: 1.0
vendor:	nec	model:	aterm wf1200cr	scope:	lte	version:	firmware ver1.1.1	Trust: 0.8
vendor:	nec	model:	aterm wg1200cr	scope:	lte	version:	firmware ver1.0.1	Trust: 0.8
vendor:	nec	model:	aterm wf1200cr	scope:	lte	version:	<=1.1.1	Trust: 0.6
vendor:	302 240nec	model:	aterm wg1200cr	scope:	lte	version:	<=1.0.1	Trust: 0.6
vendor:	nec	model:	aterm wf1200cr	scope:	eq	version:	1.1.1	Trust: 0.6
vendor:	nec	model:	aterm wg1200cr	scope:	eq	version:	1.0.1	Trust: 0.6

sources: CNVD: CNVD-2018-25740 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-710 // NVD: CVE-2018-16195

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2018-000131
value:	MEDIUM
Trust: 2.4
nvd@nist.gov:	CVE-2018-16195
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2018-000131
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-25740
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201812-710
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2018-16195
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2018-000131
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2018-000131
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2018-000131
severity:	LOW
baseScore:	2.3
vectorString:	AV:A/AC:M/AU:S/C:N/I:P/A:N
accessVector:	ADJACENT NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2018-000131
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2018-25740
severity:	MEDIUM
baseScore:	5.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.5
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2018-16195
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2018-000131
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2018-000131
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2018-000131
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2018-000131
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-25740 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-710 // NVD: CVE-2018-16195

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.8
problemtype:	CWE-79	Trust: 0.8
problemtype:	CWE-200	Trust: 0.8

sources: JVNDB: JVNDB-2018-000131 // NVD: CVE-2018-16195

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201812-710

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201812-710

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-000131

PATCH

title:	Information from NEC Corporation	url:	https://jpn.nec.com/security-info/secinfo/nv18-021.html	Trust: 0.8
title:	NECAtermWF1200CR and AtermWG1200CR operating system command injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/147507	Trust: 0.6
title:	NEC Aterm WF1200CR and Aterm WG1200CR Fixes for operating system command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=87933	Trust: 0.6

sources: CNVD: CNVD-2018-25740 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-710

EXTERNAL IDS

db:	NVD	id:	CVE-2018-16195	Trust: 3.0
db:	JVN	id:	JVN87535892	Trust: 2.4
db:	JVNDB	id:	JVNDB-2018-000131	Trust: 1.4
db:	CNVD	id:	CNVD-2018-25740	Trust: 0.6
db:	CNNVD	id:	CNNVD-201812-710	Trust: 0.6

sources: CNVD: CNVD-2018-25740 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-710 // NVD: CVE-2018-16195

REFERENCES

url:	https://jvn.jp/en/jp/jvn87535892/index.html	Trust: 2.4
url:	https://jpn.nec.com/security-info/secinfo/nv18-021.html	Trust: 1.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16192	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16193	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16194	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16195	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16192	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16193	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16194	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-16195	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000131.html	Trust: 0.6

sources: CNVD: CNVD-2018-25740 // JVNDB: JVNDB-2018-000131 // CNNVD: CNNVD-201812-710 // NVD: CVE-2018-16195

SOURCES

db:	CNVD	id:	CNVD-2018-25740
db:	JVNDB	id:	JVNDB-2018-000131
db:	CNNVD	id:	CNNVD-201812-710
db:	NVD	id:	CVE-2018-16195

LAST UPDATE DATE

2024-08-14T14:12:32.972000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-25740	date:	2018-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-000131	date:	2019-08-27T00:00:00
db:	CNNVD	id:	CNNVD-201812-710	date:	2019-01-11T00:00:00
db:	NVD	id:	CVE-2018-16195	date:	2019-01-17T19:43:06.767

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-25740	date:	2018-12-19T00:00:00
db:	JVNDB	id:	JVNDB-2018-000131	date:	2018-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201812-710	date:	2018-12-17T00:00:00
db:	NVD	id:	CVE-2018-16195	date:	2019-01-09T23:29:04.497