Details of VAR-201601-0722

ID

VAR-201601-0722

TITLE

Furuno Voyage Data Recorder (VDR) moduleserv firmware update utility fails to properly sanitize user-provided input

Trust: 0.8

sources: CERT/CC: VU#820196

DESCRIPTION

Provided by Furuno Electric Co., Ltd. Voyage Data Recorder (VDR) VR-3000/VR-3000S and VR-7000 Firmware update function moduleserv Does not properly validate user input, root A vulnerability exists that allows arbitrary commands to be executed with privileges. The product page of Furuno Electric Co., Ltd. VDR Is "Records all crucial data to identify the cause of maritime casualty as well as contribute to the future prevention of the catastrophe of any kind. ( All important data is recorded not only to identify the cause of maritime disasters but also to prevent any future disasters. )" It has been described as. Voyage Data Recorder (VDR) VR-3000/VR-3000S and VR-7000 Firmware update function moduleserv Is 10110/TCP Waiting for communication. moduleserv Does not properly validate user input, so attackers root Any command can be executed with authority. For more information IOActive Blog, Maritime Security: Hacking into a Voyage Data Recorder (VDR) Please confirm. Maritime Security: Hacking into a Voyage Data Recorder (VDR) http://blog.ioactive.com/2015/12/maritime-security-hacking-into-voyage.htmlBy an attacker with network access to the device, root An arbitrary command may be executed with authority. The vulnerability stems from the program's insufficient filtering of user-submitted input. Successful exploits will result in complete compromise of the affected system

Trust: 2.79

sources: CERT/CC: VU#820196 // JVNDB: JVNDB-2016-001002 // CNVD: CNVD-2016-00346 // CNNVD: CNNVD-201601-313 // BID: 79817

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00346

AFFECTED PRODUCTS

vendor:	furuno	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	furuno electric	model:	vr-3000/vr-3000s	scope:	lte	version:	v1.50 from v1.54	Trust: 0.8
vendor:	furuno electric	model:	vr-3000/vr-3000s	scope:	lte	version:	v1.61 v1.6 system	Trust: 0.8
vendor:	furuno electric	model:	vr-3000/vr-3000s	scope:	lte	version:	v2.06 from v2.54	Trust: 0.8
vendor:	furuno electric	model:	vr-3000/vr-3000s	scope:	lte	version:	v2.60 from v2.61	Trust: 0.8
vendor:	furuno electric	model:	vr-7000	scope:	lte	version:	v1.02	Trust: 0.8
vendor:	furuno	model:	electric voyage data recorder vr-3000/vr-3000s/vr-7000	scope:	-	version:	-	Trust: 0.6
vendor:	furuno	model:	voyage data recorder vr-7000	scope:	eq	version:	1.02	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	2.61	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	2.60	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	2.54	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	2.06	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	1.61	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	1.54	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	eq	version:	1.50	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	2.61	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	2.60	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	2.54	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	2.06	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	1.61	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	1.54	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	eq	version:	1.50	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-7000	scope:	ne	version:	1.04	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	ne	version:	2.62	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	ne	version:	2.56	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	ne	version:	1.62	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000s	scope:	ne	version:	1.56	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	ne	version:	2.62	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	ne	version:	2.56	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	ne	version:	1.62	Trust: 0.3
vendor:	furuno	model:	voyage data recorder vr-3000	scope:	ne	version:	1.56	Trust: 0.3

sources: CERT/CC: VU#820196 // CNVD: CNVD-2016-00346 // BID: 79817 // JVNDB: JVNDB-2016-001002

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2016-001002
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-00346
value:	HIGH
Trust: 0.6

IPA:	JVNDB-2016-001002
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-00346
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-00346 // JVNDB: JVNDB-2016-001002

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-313

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201601-313

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-001002

PATCH

title:	VDR	url:	http://www.furuno.com/jp/merchant/vdr/	Trust: 0.8
title:	Patches for arbitrary command execution vulnerabilities for multiple FurunoElectricVoyageDataRecorder products	url:	https://www.cnvd.org.cn/patchinfo/show/70281	Trust: 0.6

sources: CNVD: CNVD-2016-00346 // JVNDB: JVNDB-2016-001002

EXTERNAL IDS

db:	CERT/CC	id:	VU#820196	Trust: 1.9
db:	BID	id:	79817	Trust: 1.5
db:	JVN	id:	JVNVU98928449	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-001002	Trust: 0.8
db:	CNVD	id:	CNVD-2016-00346	Trust: 0.6
db:	CNNVD	id:	CNNVD-201601-313	Trust: 0.6

sources: CERT/CC: VU#820196 // CNVD: CNVD-2016-00346 // BID: 79817 // JVNDB: JVNDB-2016-001002 // CNNVD: CNNVD-201601-313

REFERENCES

url:	http://blog.ioactive.com/2015/12/maritime-security-hacking-into-voyage.html	Trust: 1.9
url:	http://www.securityfocus.com/bid/79817	Trust: 1.2
url:	http://www.furuno.com/en/merchant/vdr/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98928449/index.html	Trust: 0.8
url:	https://www.kb.cert.org/vuls/id/820196\	Trust: 0.8
url:	http://www.furuno.com/en/	Trust: 0.3
url:	https://www.kb.cert.org/vuls/id/820196	Trust: 0.3

sources: CERT/CC: VU#820196 // CNVD: CNVD-2016-00346 // BID: 79817 // JVNDB: JVNDB-2016-001002 // CNNVD: CNNVD-201601-313

CREDITS

Ruben Santamarta of IOActive.

Trust: 0.9

sources: BID: 79817 // CNNVD: CNNVD-201601-313

SOURCES

db:	CERT/CC	id:	VU#820196
db:	CNVD	id:	CNVD-2016-00346
db:	BID	id:	79817
db:	JVNDB	id:	JVNDB-2016-001002
db:	CNNVD	id:	CNNVD-201601-313

LAST UPDATE DATE

2022-05-17T02:09:47.687000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#820196	date:	2016-01-04T00:00:00
db:	CNVD	id:	CNVD-2016-00346	date:	2016-01-20T00:00:00
db:	BID	id:	79817	date:	2016-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-001002	date:	2016-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201601-313	date:	2016-01-15T00:00:00

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#820196	date:	2016-01-04T00:00:00
db:	CNVD	id:	CNVD-2016-00346	date:	2016-01-20T00:00:00
db:	BID	id:	79817	date:	2016-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2016-001002	date:	2016-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201601-313	date:	2016-01-15T00:00:00