Sign-up

ID

VAR-201601-0402


CVE

CVE-2016-1137


TITLE

HOME SPOT CUBE vulnerable to open redirect

Trust: 0.8

sources: JVNDB: JVNDB-2016-000008

DESCRIPTION

Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.A user may be transferred to the external website specified by an attacker. KDDI Home Spot Cube is prone to the following security vulnerabilities: Cross-site scripting - CVE-2016-1136 Open redirect - CVE-2016-1137 HTTP header injection - CVE-2016-1138 Cross-site request forgery - CVE-2016-1139 Click jacking - CVE-2016-1140 OS command injection - CVE-2016-1141 Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, or conduct phishing attacks, or inject arbitrary HTTP headers, or execute arbitrary OS commands in context of the affected application,or allow attackers to gain unauthorized access to the affected application or obtain sensitive information, and to to perform certain unauthorized actions

Trust: 2.52

sources: NVD: CVE-2016-1137 // JVNDB: JVNDB-2016-000008 // CNVD: CNVD-2016-00915 // BID: 81982 // VULHUB: VHN-89956

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-00915

AFFECTED PRODUCTS

vendor:kddimodel:home spot cubescope:eqversion:2.0

Trust: 1.6

vendor:kddimodel:home spot cubescope: - version: -

Trust: 0.8

vendor:kddimodel:home spot cube devicesscope:ltversion:2

Trust: 0.6

vendor:kddimodel:home spot cubescope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-00915 // BID: 81982 // JVNDB: JVNDB-2016-000008 // CNNVD: CNNVD-201601-690 // NVD: CVE-2016-1137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-1137
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000008
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-00915
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201601-690
value: MEDIUM

Trust: 0.6

VULHUB: VHN-89956
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-1137
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000008
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-00915
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-89956
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-1137
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 4.0
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000008
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-00915 // VULHUB: VHN-89956 // JVNDB: JVNDB-2016-000008 // CNNVD: CNNVD-201601-690 // NVD: CVE-2016-1137

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-20

Trust: 0.8

sources: JVNDB: JVNDB-2016-000008 // NVD: CVE-2016-1137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-690

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201601-690

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000008

PATCH
title:Notes on use of HOME SPOT CUBEurl:http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06
Trust: 0.8
title:KDDIHOMESPOTCUBEdevices patch for open redirection vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/71232
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2016-00915 // 
            
            
            
            JVNDB: JVNDB-2016-000008

EXTERNAL IDS
db:NVDid:CVE-2016-1137
Trust: 3.4
db:JVNid:JVN54686544
Trust: 2.8
db:JVNDBid:JVNDB-2016-000008
Trust: 2.5
db:BIDid:81982
Trust: 0.9
db:CNNVDid:CNNVD-201601-690
Trust: 0.7
db:CNVDid:CNVD-2016-00915
Trust: 0.6
db:VULHUBid:VHN-89956
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-00915 // 
            
            
            
            VULHUB: VHN-89956 // 
            
            
            
            BID: 81982 // 
            
            
            
            JVNDB: JVNDB-2016-000008 // 
            
            
            
            CNNVD: CNNVD-201601-690 // 
            
            
            
            NVD: CVE-2016-1137

REFERENCES
url:http://jvn.jp/en/jp/jvn54686544/index.html
Trust: 2.8
url:http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06
Trust: 2.0
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000008
Trust: 1.7
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1137
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1137
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-00915 // 
            
            
            
            VULHUB: VHN-89956 // 
            
            
            
            BID: 81982 // 
            
            
            
            JVNDB: JVNDB-2016-000008 // 
            
            
            
            CNNVD: CNNVD-201601-690 // 
            
            
            
            NVD: CVE-2016-1137

CREDITS
Masaki Yoshikawa
Trust: 0.3
sources:
            
            
            BID: 81982

SOURCES
db:CNVDid:CNVD-2016-00915
db:VULHUBid:VHN-89956
db:BIDid:81982
db:JVNDBid:JVNDB-2016-000008
db:CNNVDid:CNNVD-201601-690
db:NVDid:CVE-2016-1137

LAST UPDATE DATE
2025-04-13T23:23:41.769000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-00915date:2016-02-15T00:00:00
db:VULHUBid:VHN-89956date:2016-02-10T00:00:00
db:BIDid:81982date:2016-01-27T00:00:00
db:JVNDBid:JVNDB-2016-000008date:2016-02-16T00:00:00
db:CNNVDid:CNNVD-201601-690date:2016-02-01T00:00:00
db:NVDid:CVE-2016-1137date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-00915date:2016-02-15T00:00:00
db:VULHUBid:VHN-89956date:2016-01-30T00:00:00
db:BIDid:81982date:2016-01-27T00:00:00
db:JVNDBid:JVNDB-2016-000008date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-690date:2016-01-30T00:00:00
db:NVDid:CVE-2016-1137date:2016-01-30T15:59:02.063