Details of VAR-201506-0003

ID

VAR-201506-0003

CVE

CVE-2012-4716

TITLE

N-Tron 702-W Industrial Wireless Access Point Vulnerabilities that break cryptographic protection mechanisms in devices

Trust: 0.8

sources: JVNDB: JVNDB-2012-006350

DESCRIPTION

N-Tron 702-W Industrial Wireless Access Point devices use the same (1) SSH and (2) HTTPS private keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key. Spectris N-Tron 702-W Industrial Wireless Access Point devices are wireless access point devices. Allow remote attackers to obtain sensitive information through known keys or to gain unauthorized access. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks

Trust: 2.52

sources: NVD: CVE-2012-4716 // JVNDB: JVNDB-2012-006350 // CNVD: CNVD-2015-03889 // BID: 75105 // VULHUB: VHN-57997

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03889

AFFECTED PRODUCTS

vendor:	n tron	model:	702w industrial wireless access point	scope:	eq	version:	-	Trust: 1.6
vendor:	n tron corp	model:	n-tron 702-w industrial wireless access point	scope:	-	version:	-	Trust: 0.8
vendor:	n tron	model:	702-w industrial wireless access point	scope:	-	version:	-	Trust: 0.6
vendor:	n tron	model:	702-w industrial wireless access point	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-03889 // BID: 75105 // JVNDB: JVNDB-2012-006350 // CNNVD: CNNVD-201506-261 // NVD: CVE-2012-4716

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4716
value:	HIGH
Trust: 1.0
NVD:	CVE-2012-4716
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2015-03889
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201506-261
value:	HIGH
Trust: 0.6
VULHUB:	VHN-57997
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2012-4716
severity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03889
severity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-57997
severity:	HIGH
baseScore:	8.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03889 // VULHUB: VHN-57997 // JVNDB: JVNDB-2012-006350 // CNNVD: CNNVD-201506-261 // NVD: CVE-2012-4716

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-57997 // JVNDB: JVNDB-2012-006350 // NVD: CVE-2012-4716

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-261

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201506-261

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-006350

PATCH

title:

Top Page

url:

http://old.n-tron.com/

Trust: 0.8

sources: JVNDB: JVNDB-2012-006350

EXTERNAL IDS

db:	ICS CERT	id:	ICSA-15-160-01	Trust: 3.4
db:	NVD	id:	CVE-2012-4716	Trust: 3.4
db:	BID	id:	75105	Trust: 1.0
db:	JVNDB	id:	JVNDB-2012-006350	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-261	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03889	Trust: 0.6
db:	VULHUB	id:	VHN-57997	Trust: 0.1

sources: CNVD: CNVD-2015-03889 // VULHUB: VHN-57997 // BID: 75105 // JVNDB: JVNDB-2012-006350 // CNNVD: CNNVD-201506-261 // NVD: CVE-2012-4716

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-15-160-01	Trust: 3.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4716	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4716	Trust: 0.8

sources: CNVD: CNVD-2015-03889 // VULHUB: VHN-57997 // BID: 75105 // JVNDB: JVNDB-2012-006350 // CNNVD: CNNVD-201506-261 // NVD: CVE-2012-4716

CREDITS

Neil Smith of (ZeroFox) Riskive Security

Trust: 0.3

sources: BID: 75105

SOURCES

db:	CNVD	id:	CNVD-2015-03889
db:	VULHUB	id:	VHN-57997
db:	BID	id:	75105
db:	JVNDB	id:	JVNDB-2012-006350
db:	CNNVD	id:	CNNVD-201506-261
db:	NVD	id:	CVE-2012-4716

LAST UPDATE DATE

2025-04-12T23:16:51.262000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03889	date:	2015-06-19T00:00:00
db:	VULHUB	id:	VHN-57997	date:	2015-06-16T00:00:00
db:	BID	id:	75105	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2012-006350	date:	2015-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201506-261	date:	2015-06-18T00:00:00
db:	NVD	id:	CVE-2012-4716	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03889	date:	2015-06-19T00:00:00
db:	VULHUB	id:	VHN-57997	date:	2015-06-13T00:00:00
db:	BID	id:	75105	date:	2015-06-09T00:00:00
db:	JVNDB	id:	JVNDB-2012-006350	date:	2015-06-17T00:00:00
db:	CNNVD	id:	CNNVD-201506-261	date:	2015-06-15T00:00:00
db:	NVD	id:	CVE-2012-4716	date:	2015-06-13T18:59:00.077