Details of VAR-201505-0273

ID

VAR-201505-0273

CVE

CVE-2014-8384

TITLE

InFocus IN3128HD In projector firmware DHCP Server and device IP Vulnerability whose settings are changed

Trust: 0.8

sources: JVNDB: JVNDB-2015-002725

DESCRIPTION

The InFocus IN3128HD projector with firmware 0.26 does not restrict access to cgi-bin/webctrl.cgi.elf, which allows remote attackers to modify the DHCP server and device IP configuration, reboot the device, change the device name, and have other unspecified impact via a crafted request. Supplementary information : CWE Vulnerability type by CWE-306: Missing Authentication for Critical Function ( Lack of authentication for critical functions ) Has been identified. may cause unspecified effects. The InFocus IN3128HD projector is a projector product used by the InFocus company in the education industry. There is a security hole in the InFocus IN3128HD projector with firmware version 0.26. The program failed to restrict access to the cgi-bin/webctrl.cgi.elf file. An attacker can exploit this issue to bypass the authentication process and gain unauthorized access to the system. Successfully exploiting this issue may lead to further attacks. InFocus IN3128HD 0.26 is vulnerable

Trust: 2.52

sources: NVD: CVE-2014-8384 // JVNDB: JVNDB-2015-002725 // CNVD: CNVD-2015-03218 // BID: 74360 // VULHUB: VHN-76329

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03218

AFFECTED PRODUCTS

vendor:	infocus	model:	in3128hd	scope:	eq	version:	0.26	Trust: 3.3
vendor:	infocus	model:	in3128hd projector	scope:	-	version:	-	Trust: 0.8

sources: CNVD: CNVD-2015-03218 // BID: 74360 // JVNDB: JVNDB-2015-002725 // CNNVD: CNNVD-201505-308 // NVD: CVE-2014-8384

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-8384
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-8384
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03218
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201505-308
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-76329
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-8384
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03218
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-76329
severity:	HIGH
baseScore:	9.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03218 // VULHUB: VHN-76329 // JVNDB: JVNDB-2015-002725 // CNNVD: CNNVD-201505-308 // NVD: CVE-2014-8384

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2015-002725 // NVD: CVE-2014-8384

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201505-308

TYPE

Design Error

Trust: 0.3

sources: BID: 74360

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002725

PATCH

title:

InFocus IN3128HD Projector

url:

http://www.infocus.com/projectors/IN3128HD

Trust: 0.8

sources: JVNDB: JVNDB-2015-002725

EXTERNAL IDS

db:	NVD	id:	CVE-2014-8384	Trust: 3.4
db:	PACKETSTORM	id:	131661	Trust: 2.3
db:	JVNDB	id:	JVNDB-2015-002725	Trust: 0.8
db:	CNNVD	id:	CNNVD-201505-308	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03218	Trust: 0.6
db:	BID	id:	74360	Trust: 0.4
db:	VULHUB	id:	VHN-76329	Trust: 0.1

sources: CNVD: CNVD-2015-03218 // VULHUB: VHN-76329 // BID: 74360 // JVNDB: JVNDB-2015-002725 // CNNVD: CNNVD-201505-308 // NVD: CVE-2014-8384

REFERENCES

url:	http://www.coresecurity.com/advisories/infocus-in3128hd-projector-multiple-vulnerabilities	Trust: 3.4
url:	http://seclists.org/fulldisclosure/2015/apr/88	Trust: 2.3
url:	http://packetstormsecurity.com/files/131661/infocus-in3128hd-projector-missing-authentication.html	Trust: 2.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8384	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8384	Trust: 0.8
url:	http://www.infocus.com/projectors/in3128hd	Trust: 0.3

sources: CNVD: CNVD-2015-03218 // VULHUB: VHN-76329 // BID: 74360 // JVNDB: JVNDB-2015-002725 // CNNVD: CNNVD-201505-308 // NVD: CVE-2014-8384

CREDITS

Joaquin Rodriguez Varela from Core Security CoreLabs Team.

Trust: 0.3

sources: BID: 74360

SOURCES

db:	CNVD	id:	CNVD-2015-03218
db:	VULHUB	id:	VHN-76329
db:	BID	id:	74360
db:	JVNDB	id:	JVNDB-2015-002725
db:	CNNVD	id:	CNNVD-201505-308
db:	NVD	id:	CVE-2014-8384

LAST UPDATE DATE

2025-04-13T23:09:54.312000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03218	date:	2015-05-20T00:00:00
db:	VULHUB	id:	VHN-76329	date:	2015-05-19T00:00:00
db:	BID	id:	74360	date:	2015-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002725	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-308	date:	2015-05-19T00:00:00
db:	NVD	id:	CVE-2014-8384	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03218	date:	2015-05-20T00:00:00
db:	VULHUB	id:	VHN-76329	date:	2015-05-18T00:00:00
db:	BID	id:	74360	date:	2015-04-27T00:00:00
db:	JVNDB	id:	JVNDB-2015-002725	date:	2015-05-20T00:00:00
db:	CNNVD	id:	CNNVD-201505-308	date:	2015-05-19T00:00:00
db:	NVD	id:	CVE-2014-8384	date:	2015-05-18T15:59:01.637