Sign-up

ID

VAR-201512-0026


CVE

CVE-2015-7934


TITLE

Adcon Telemetry A840 Telemetry Gateway Base station Java Vulnerability in obtaining path name of log file in client

Trust: 0.8

sources: JVNDB: JVNDB-2015-006525

DESCRIPTION

The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station allows remote attackers to discover log-file pathnames via unspecified vectors. The Adcon Telemetry A840 Telemetry Gateway is the A840 series of gateway products from Adcon Telemetry, Germany. A hard-coded credentials security-bypass vulnerability 2. Multiple information-disclosure vulnerabilities 3. An authentication-bypass vulnerability Attackers can exploit these issues to gain unauthorized access to affected device, obtain sensitive information, or bypass authentication mechanism and perform unauthorized actions. This may aid in further attacks

Trust: 2.61

sources: NVD: CVE-2015-7934 // JVNDB: JVNDB-2015-006525 // CNVD: CNVD-2015-08414 // BID: 79345 // VULHUB: VHN-85895 // VULMON: CVE-2015-7934

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08414

AFFECTED PRODUCTS

vendor:adconmodel:a840 telemetry gateway base stationscope:eqversion: -

Trust: 1.6

vendor:adcon telemetrymodel:a840 telemetry gatewayscope:eqversion: -

Trust: 0.8

vendor:adconmodel:telemetry a840 telemetry gateway icsa-15-349-01scope: - version: -

Trust: 0.6

vendor:adconmodel:telemetry a850 telemetry gatewayscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2015-08414 // BID: 79345 // JVNDB: JVNDB-2015-006525 // CNNVD: CNNVD-201512-506 // NVD: CVE-2015-7934

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7934
value: HIGH

Trust: 1.0

NVD: CVE-2015-7934
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08414
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-506
value: MEDIUM

Trust: 0.6

VULHUB: VHN-85895
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-7934
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-7934
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08414
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85895
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7934
baseSeverity: HIGH
baseScore: 8.6
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.0
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2015-08414 // VULHUB: VHN-85895 // VULMON: CVE-2015-7934 // JVNDB: JVNDB-2015-006525 // CNNVD: CNNVD-201512-506 // NVD: CVE-2015-7934

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-85895 // JVNDB: JVNDB-2015-006525 // NVD: CVE-2015-7934

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-506

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-506

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006525

PATCH
title:Base Stationsurl:http://www.adcon.at/index.php?option=com_hikashop&view=product&layout=listing&Itemid=219&lang=en
Trust: 0.8
title:Patch for Adcon Telemetry A840 Telemetry Gateway Information Disclosure Vulnerability (CNVD-2015-08414)url:https://www.cnvd.org.cn/patchInfo/show/68815
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08414 // 
            
            
            
            JVNDB: JVNDB-2015-006525

EXTERNAL IDS
db:NVDid:CVE-2015-7934
Trust: 3.5
db:ICS CERTid:ICSA-15-349-01
Trust: 2.9
db:BIDid:79345
Trust: 2.7
db:JVNDBid:JVNDB-2015-006525
Trust: 0.8
db:CNNVDid:CNNVD-201512-506
Trust: 0.7
db:CNVDid:CNVD-2015-08414
Trust: 0.6
db:VULHUBid:VHN-85895
Trust: 0.1
db:VULMONid:CVE-2015-7934
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08414 // 
            
            
            
            VULHUB: VHN-85895 // 
            
            
            
            VULMON: CVE-2015-7934 // 
            
            
            
            BID: 79345 // 
            
            
            
            JVNDB: JVNDB-2015-006525 // 
            
            
            
            CNNVD: CNNVD-201512-506 // 
            
            
            
            NVD: CVE-2015-7934

REFERENCES
url:https://ics-cert.us-cert.gov/advisories/icsa-15-349-01
Trust: 3.0
url:http://www.securityfocus.com/bid/79345
Trust: 2.5
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7934
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7934
Trust: 0.8
url:http://www.adcon.at/index.php?option=com_content&view=article&id=75:a850-telemetry-gateway&catid=8&itemid=196&lang=en
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08414 // 
            
            
            
            VULHUB: VHN-85895 // 
            
            
            
            VULMON: CVE-2015-7934 // 
            
            
            
            BID: 79345 // 
            
            
            
            JVNDB: JVNDB-2015-006525 // 
            
            
            
            CNNVD: CNNVD-201512-506 // 
            
            
            
            NVD: CVE-2015-7934

CREDITS
Aditya K. Sood
Trust: 0.9
sources:
            
            
            BID: 79345 // 
            
            
            
            CNNVD: CNNVD-201512-506

SOURCES
db:CNVDid:CNVD-2015-08414
db:VULHUBid:VHN-85895
db:VULMONid:CVE-2015-7934
db:BIDid:79345
db:JVNDBid:JVNDB-2015-006525
db:CNNVDid:CNNVD-201512-506
db:NVDid:CVE-2015-7934

LAST UPDATE DATE
2025-04-13T23:03:36.839000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08414date:2015-12-23T00:00:00
db:VULHUBid:VHN-85895date:2016-11-28T00:00:00
db:VULMONid:CVE-2015-7934date:2016-11-28T00:00:00
db:BIDid:79345date:2015-12-15T00:00:00
db:JVNDBid:JVNDB-2015-006525date:2015-12-25T00:00:00
db:CNNVDid:CNNVD-201512-506date:2015-12-24T00:00:00
db:NVDid:CVE-2015-7934date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08414date:2015-12-23T00:00:00
db:VULHUBid:VHN-85895date:2015-12-24T00:00:00
db:VULMONid:CVE-2015-7934date:2015-12-24T00:00:00
db:BIDid:79345date:2015-12-15T00:00:00
db:JVNDBid:JVNDB-2015-006525date:2015-12-25T00:00:00
db:CNNVDid:CNNVD-201512-506date:2015-12-17T00:00:00
db:NVDid:CVE-2015-7934date:2015-12-24T01:59:03.050