Details of VAR-201505-0272

ID

VAR-201505-0272

CVE

CVE-2014-8383

TITLE

InFocus IN3128HD Vulnerability to bypass authentication in projector firmware

Trust: 0.8

sources: JVNDB: JVNDB-2015-002724

DESCRIPTION

The InFocus IN3128HD projector with firmware 0.26 allows remote attackers to bypass authentication via a direct request to main.html. Supplementary information : CWE Vulnerability types by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. The InFocus IN3128HD projector is a projector product used in the education industry. InFocus IN3128HD is prone to a remote authentication-bypass vulnerability. An attacker can exploit this issue to bypass the authentication mechanism and gain unauthorized access. This may aid in further attacks. InFocus IN3128HD running firmware version 0.26 is vulnerable

Trust: 2.52

sources: NVD: CVE-2014-8383 // JVNDB: JVNDB-2015-002724 // CNVD: CNVD-2015-03321 // BID: 74359 // VULHUB: VHN-76328

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03321

AFFECTED PRODUCTS

vendor:	infocus	model:	in3128hd	scope:	eq	version:	0.26	Trust: 3.3
vendor:	infocus	model:	in3128hd projector	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2015-03321 // BID: 74359 // JVNDB: JVNDB-2015-002724 // CNNVD: CNNVD-201505-307 // NVD: CVE-2014-8383

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8383
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8383
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03321
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201505-307
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76328
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8383
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03321
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-76328
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03321 // VULHUB: VHN-76328 // JVNDB: JVNDB-2015-002724 // CNNVD: CNNVD-201505-307 // NVD: CVE-2014-8383

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-002724 // NVD: CVE-2014-8383

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-307

TYPE

Design Error

Trust: 0.3

sources: BID: 74359

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002724

PATCH

title:

InFocus IN3128HD Projector

url:

http://www.infocus.com/projectors/IN3128HD

Trust: 0.8

sources: JVNDB: JVNDB-2015-002724

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8383	Trust: 3.4
db:	PACKETSTORM	id:	131661	Trust: 1.7
db:	JVNDB	id:	JVNDB-2015-002724	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-307	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03321	Trust: 0.6
db:	BID	id:	74359	Trust: 0.4
db:	VULHUB	id:	VHN-76328	Trust: 0.1

sources: CNVD: CNVD-2015-03321 // VULHUB: VHN-76328 // BID: 74359 // JVNDB: JVNDB-2015-002724 // CNNVD: CNNVD-201505-307 // NVD: CVE-2014-8383

REFERENCES

url:	http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities	Trust: 2.8
url:	http://seclists.org/fulldisclosure/2015/apr/88	Trust: 2.3
url:	http://packetstormsecurity.com/files/131661/infocus-in3128hd-projector-missing-authentication.html	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8383	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8383	Trust: 0.8
url:	http://www.infocus.com/projectors/in3128hd	Trust: 0.3

sources: CNVD: CNVD-2015-03321 // VULHUB: VHN-76328 // BID: 74359 // JVNDB: JVNDB-2015-002724 // CNNVD: CNNVD-201505-307 // NVD: CVE-2014-8383

CREDITS

Joaquin Rodriguez Varela from Core Security CoreLabs Team

Trust: 0.3

sources: BID: 74359

SOURCES

db:	CNVD	id:	CNVD-2015-03321
db:	VULHUB	id:	VHN-76328
db:	BID	id:	74359
db:	JVNDB	id:	JVNDB-2015-002724
db:	CNNVD	id:	CNNVD-201505-307
db:	NVD	id:	CVE-2014-8383

LAST UPDATE DATE

2025-04-13T23:09:54.279000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03321	date:	2015-05-25T00:00:00
db:	VULHUB	id:	VHN-76328	date:	2015-05-19T00:00:00
db:	BID	id:	74359	date:	2015-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002724	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-307	date:	2015-05-19T00:00:00
db:	NVD	id:	CVE-2014-8383	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03321	date:	2015-05-25T00:00:00
db:	VULHUB	id:	VHN-76328	date:	2015-05-18T00:00:00
db:	BID	id:	74359	date:	2015-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002724	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-307	date:	2015-05-19T00:00:00
db:	NVD	id:	CVE-2014-8383	date:	2015-05-18T15:59:00.073