Details of VAR-201601-0403

ID

VAR-201601-0403

CVE

CVE-2016-1138

TITLE

HOME SPOT CUBE vulnerable to HTTP header injection

Trust: 0.8

sources: JVNDB: JVNDB-2016-000009

DESCRIPTION

CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors. HOME SPOT CUBE provided by KDDI CORPORATION is a wireless LAN router. Masaki Yoshikawa of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An HTTP response splitting attack may result in arbitrary cookie values. A CRLF injection vulnerability exists in previous versions of KDDIHOMESPOTCUBE2. KDDI Home Spot Cube is prone to the following security vulnerabilities: Cross-site scripting - CVE-2016-1136 Open redirect - CVE-2016-1137 HTTP header injection - CVE-2016-1138 Cross-site request forgery - CVE-2016-1139 Click jacking - CVE-2016-1140 OS command injection - CVE-2016-1141 Attackers can exploit these issues to execute arbitrary script or HTML code, steal cookie-based authentication credentials, or conduct phishing attacks, or inject arbitrary HTTP headers, or execute arbitrary OS commands in context of the affected application,or allow attackers to gain unauthorized access to the affected application or obtain sensitive information, and to to perform certain unauthorized actions. Note- HOME SPOT CUBE2 is not affected by these vulnerabilities

Trust: 2.52

sources: NVD: CVE-2016-1138 // JVNDB: JVNDB-2016-000009 // CNVD: CNVD-2016-00914 // BID: 81982 // VULHUB: VHN-89957

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00914

AFFECTED PRODUCTS

vendor:	kddi	model:	home spot cube	scope:	eq	version:	2.0	Trust: 1.6
vendor:	kddi	model:	home spot cube	scope:	-	version:	-	Trust: 0.8
vendor:	kddi	model:	home spot cube devices	scope:	lt	version:	2	Trust: 0.6
vendor:	kddi	model:	home spot cube	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2016-00914 // BID: 81982 // JVNDB: JVNDB-2016-000009 // CNNVD: CNNVD-201601-691 // NVD: CVE-2016-1138

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-1138
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2016-000009
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00914
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201601-691
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89957
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-1138
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2016-000009
severity:	LOW
baseScore:	2.6
vectorString:	AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-00914
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-89957
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-1138
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.0
Trust: 1.0
IPA:	JVNDB-2016-000009
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-00914 // VULHUB: VHN-89957 // JVNDB: JVNDB-2016-000009 // CNNVD: CNNVD-201601-691 // NVD: CVE-2016-1138

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-000009 // NVD: CVE-2016-1138

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-691

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201601-691

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-000009

PATCH

title:	Notes on use of HOME SPOT CUBE	url:	http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06	Trust: 0.8
title:	KDDIHOMESPOTCUBEdevicesCRLF injection vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/71230	Trust: 0.6

sources: CNVD: CNVD-2016-00914 // JVNDB: JVNDB-2016-000009

EXTERNAL IDS

db:	NVD	id:	CVE-2016-1138	Trust: 3.4
db:	JVN	id:	JVN54686544	Trust: 2.8
db:	JVNDB	id:	JVNDB-2016-000009	Trust: 2.5
db:	BID	id:	81982	Trust: 0.9
db:	CNNVD	id:	CNNVD-201601-691	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00914	Trust: 0.6
db:	VULHUB	id:	VHN-89957	Trust: 0.1

sources: CNVD: CNVD-2016-00914 // VULHUB: VHN-89957 // BID: 81982 // JVNDB: JVNDB-2016-000009 // CNNVD: CNNVD-201601-691 // NVD: CVE-2016-1138

REFERENCES

url:	http://jvn.jp/en/jp/jvn54686544/index.html	Trust: 2.8
url:	http://www.au.kddi.com/mobile/service/smartphone/wifi/homespot/#anc06	Trust: 2.0
url:	http://jvndb.jvn.jp/jvndb/jvndb-2016-000009	Trust: 1.7
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-1138	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-1138	Trust: 0.8

sources: CNVD: CNVD-2016-00914 // VULHUB: VHN-89957 // BID: 81982 // JVNDB: JVNDB-2016-000009 // CNNVD: CNNVD-201601-691 // NVD: CVE-2016-1138

CREDITS

Masaki Yoshikawa

Trust: 0.3

sources: BID: 81982

SOURCES

db:	CNVD	id:	CNVD-2016-00914
db:	VULHUB	id:	VHN-89957
db:	BID	id:	81982
db:	JVNDB	id:	JVNDB-2016-000009
db:	CNNVD	id:	CNNVD-201601-691
db:	NVD	id:	CVE-2016-1138

LAST UPDATE DATE

2025-04-13T23:23:41.872000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00914	date:	2016-02-15T00:00:00
db:	VULHUB	id:	VHN-89957	date:	2016-02-10T00:00:00
db:	BID	id:	81982	date:	2016-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-000009	date:	2016-02-16T00:00:00
db:	CNNVD	id:	CNNVD-201601-691	date:	2016-02-01T00:00:00
db:	NVD	id:	CVE-2016-1138	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00914	date:	2016-02-15T00:00:00
db:	VULHUB	id:	VHN-89957	date:	2016-01-30T00:00:00
db:	BID	id:	81982	date:	2016-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2016-000009	date:	2016-01-27T00:00:00
db:	CNNVD	id:	CNNVD-201601-691	date:	2016-01-30T00:00:00
db:	NVD	id:	CVE-2016-1138	date:	2016-01-30T15:59:03.047