Details of VAR-201905-0745

ID

VAR-201905-0745

CVE

CVE-2018-14839

TITLE

LG N1A1 NAS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015437

DESCRIPTION

LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. LG N1A1 NAS Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. LG N1A1 NAS is a network storage device produced by South Korea's LG (LG). The vulnerability stems from the fact that the network system or product does not correctly filter special characters, commands, etc. in the process of constructing executable commands of the operating system from external input data. Attackers can exploit this vulnerability to execute illegal operating system commands

Trust: 1.8

sources: NVD: CVE-2018-14839 // JVNDB: JVNDB-2018-015437 // VULHUB: VHN-125038 // VULMON: CVE-2018-14839

AFFECTED PRODUCTS

vendor:

model:

n1a1

scope:

version:

3718.510

Trust: 1.8

sources: JVNDB: JVNDB-2018-015437 // NVD: CVE-2018-14839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-14839
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-14839
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201905-609
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-125038
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-14839
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-14839
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-125038
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-14839
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2018-14839
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125038 // VULMON: CVE-2018-14839 // JVNDB: JVNDB-2018-015437 // CNNVD: CNNVD-201905-609 // NVD: CVE-2018-14839

PROBLEMTYPE DATA

problemtype:	CWE-78	Trust: 1.1
problemtype:	CWE-77	Trust: 0.9

sources: VULHUB: VHN-125038 // JVNDB: JVNDB-2018-015437 // NVD: CVE-2018-14839

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-609

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201905-609

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015437

PATCH

title:	N1A1DD1	url:	https://www.lg.com/us/support-product/lg-N1A1DD1	Trust: 0.8
title:	LG N1A1 NAS Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92750	Trust: 0.6

sources: JVNDB: JVNDB-2018-015437 // CNNVD: CNNVD-201905-609

EXTERNAL IDS

db:	NVD	id:	CVE-2018-14839	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-015437	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-609	Trust: 0.7
db:	VULHUB	id:	VHN-125038	Trust: 0.1
db:	VULMON	id:	CVE-2018-14839	Trust: 0.1

sources: VULHUB: VHN-125038 // VULMON: CVE-2018-14839 // JVNDB: JVNDB-2018-015437 // CNNVD: CNNVD-201905-609 // NVD: CVE-2018-14839

REFERENCES

url:	https://medium.com/@0x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247	Trust: 1.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-14839	Trust: 1.4
url:	https://medium.com/%400x616163/lg-n1a1-unauthenticated-remote-command-injection-cve-2018-14839-9d2cf760e247	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14839	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/78.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-125038 // VULMON: CVE-2018-14839 // JVNDB: JVNDB-2018-015437 // CNNVD: CNNVD-201905-609 // NVD: CVE-2018-14839

SOURCES

db:	VULHUB	id:	VHN-125038
db:	VULMON	id:	CVE-2018-14839
db:	JVNDB	id:	JVNDB-2018-015437
db:	CNNVD	id:	CNNVD-201905-609
db:	NVD	id:	CVE-2018-14839

LAST UPDATE DATE

2024-11-23T22:21:41.040000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125038	date:	2019-10-03T00:00:00
db:	VULMON	id:	CVE-2018-14839	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-015437	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-609	date:	2020-05-22T00:00:00
db:	NVD	id:	CVE-2018-14839	date:	2024-11-21T03:49:54.283

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125038	date:	2019-05-14T00:00:00
db:	VULMON	id:	CVE-2018-14839	date:	2019-05-14T00:00:00
db:	JVNDB	id:	JVNDB-2018-015437	date:	2019-06-04T00:00:00
db:	CNNVD	id:	CNNVD-201905-609	date:	2019-05-14T00:00:00
db:	NVD	id:	CVE-2018-14839	date:	2019-05-14T21:29:00.247