Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
jvnJapan Vulnerability NotesJVN:24348065
HistoryJun 20, 2017 - 12:00 a.m.

JVN#24348065: Multiple vulnerabilities in HOME SPOT CUBE2

2017-06-2000:00:00
Japan Vulnerability Notes
jvn.jp
54

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.6%

JSON

HOME SPOT CUBE2 provided by KDDI CORPORATION is a wireless LAN router. HOME SPOT CUBE2 contains multiple vulnerabilities listed below.

OS command injection in Clock Settings (CWE-78) - CVE-2017-2183

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Buffer overflow in WebUI (CWE-119) - CVE-2017-2184

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Base Score: 8.8
CVSS v2 AV:A/AC:L/Au:N/C:P/I:P/A:P Base Score: 5.8

OS command injection in WebUI (CWE-78) - CVE-2017-2185

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Base Score: 6.8
CVSS v2 AV:A/AC:L/Au:S/C:P/I:P/A:P Base Score: 5.2

Improper authentication in WebUI (CWE-287) - CVE-2017-2186

Version Vector Score
CVSS v3 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Base Score: 6.5
CVSS v2 AV:A/AC:L/Au:N/C:N/I:P/A:N Base Score: 3.3

Impact

The impact of each vulnerability is as follows.

  • An arbitrary OS command may be executed by an attacker who can access the management screen of the product – CVE-2017-2183, CVE-2017-2185
  • Arbitrary code may be executed by an attacker who can access the management screen of the product – CVE-2017-2184
  • Firmware may be altered by an attacker who can access the management screen of the product – CVE-2017-2186

Solution

Update the Firmware
Apply the appropriate firmware update provided by the developer.

Products Affected

  • HOME SPOT CUBE2 firmware ​V101 and earlier

Related

prion 4
cvelist 4
cve 4
nvd 4
prion
prion
Design/Logic Flaw
2017-07-07 13:29:00
Buffer overflow
2017-07-07 13:29:00
Authentication flaw
2017-07-07 13:29:00
cvelist
cvelist
CVE-2017-2184
2017-07-07 13:00:00
CVE-2017-2186
2017-07-07 13:00:00
CVE-2017-2185
2017-07-07 13:00:00
cve
cve
CVE-2017-2184
2017-07-07 13:29:00
CVE-2017-2186
2017-07-07 13:29:00
CVE-2017-2185
2017-07-07 13:29:00
nvd
nvd
CVE-2017-2186
2017-07-07 13:29:00
CVE-2017-2184
2017-07-07 13:29:00
CVE-2017-2185
2017-07-07 13:29:00

8.3 High

CVSS2

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

8.8 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

68.6%

JSON
Related for JVN:24348065
prion4cvelist4cve4nvd4