Details of VAR-201604-0066

ID

VAR-201604-0066

CVE

CVE-2016-2293

TITLE

Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerabilities whose settings are acquired in modules

Trust: 0.8

sources: JVNDB: JVNDB-2016-002359

DESCRIPTION

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. AccuenergyAcuvim II and IIR are Accuenergy's multi-function network power meters, which provide power parameter measurement, four-quadrant energy metering and over-limit alarms. AXN-NET is one of the Ethernet module accessories. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks

Trust: 2.61

sources: NVD: CVE-2016-2293 // JVNDB: JVNDB-2016-002359 // CNVD: CNVD-2016-02339 // BID: 86082 // VULHUB: VHN-91112 // VULMON: CVE-2016-2293

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02339

AFFECTED PRODUCTS

vendor:	accuenergy	model:	acuvim iir net	scope:	lte	version:	3.08	Trust: 1.0
vendor:	accuenergy	model:	acuvim ii net	scope:	lte	version:	3.08	Trust: 1.0
vendor:	accuenergy	model:	acuvim ii	scope:	-	version:	-	Trust: 0.8
vendor:	accuenergy	model:	acuvim ii net	scope:	eq	version:	3.08	Trust: 0.8
vendor:	accuenergy	model:	acuvim iir	scope:	-	version:	-	Trust: 0.8
vendor:	accuenergy	model:	acuvim iir net	scope:	eq	version:	3.08	Trust: 0.8
vendor:	accuenergy	model:	acuvim ii	scope:	eq	version:	3.08	Trust: 0.6
vendor:	accuenergy	model:	iir axn-net	scope:	eq	version:	3.08	Trust: 0.6
vendor:	accuenergy	model:	acuvim iir	scope:	eq	version:	-	Trust: 0.6
vendor:	accuenergy	model:	acuvim ii	scope:	eq	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-02339 // JVNDB: JVNDB-2016-002359 // CNNVD: CNNVD-201604-323 // NVD: CVE-2016-2293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2293
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2293
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02339
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201604-323
value:	HIGH
Trust: 0.6
VULHUB:	VHN-91112
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-2293
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-2293
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-02339
severity:	HIGH
baseScore:	8.5
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-91112
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2293
baseSeverity:	HIGH
baseScore:	8.6
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	LOW
exploitabilityScore:	3.9
impactScore:	4.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02339 // VULHUB: VHN-91112 // VULMON: CVE-2016-2293 // JVNDB: JVNDB-2016-002359 // CNNVD: CNNVD-201604-323 // NVD: CVE-2016-2293

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.9

sources: VULHUB: VHN-91112 // JVNDB: JVNDB-2016-002359 // NVD: CVE-2016-2293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-323

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201604-323

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002359

PATCH

title:	Top Page	url:	https://www.accuenergy.com/	Trust: 0.8
title:	Patch for modifying the vulnerability of AccuenergyAcuvimII and IIRAXN-NET modules	url:	https://www.cnvd.org.cn/patchInfo/show/74345	Trust: 0.6

sources: CNVD: CNVD-2016-02339 // JVNDB: JVNDB-2016-002359

EXTERNAL IDS

db:	NVD	id:	CVE-2016-2293	Trust: 3.5
db:	ICS CERT	id:	ICSA-16-105-02	Trust: 3.2
db:	JVNDB	id:	JVNDB-2016-002359	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-323	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02339	Trust: 0.6
db:	BID	id:	86082	Trust: 0.4
db:	VULHUB	id:	VHN-91112	Trust: 0.1
db:	VULMON	id:	CVE-2016-2293	Trust: 0.1

sources: CNVD: CNVD-2016-02339 // VULHUB: VHN-91112 // VULMON: CVE-2016-2293 // BID: 86082 // JVNDB: JVNDB-2016-002359 // CNNVD: CNNVD-201604-323 // NVD: CVE-2016-2293

REFERENCES

url:	https://ics-cert.us-cert.gov/advisories/icsa-16-105-02	Trust: 3.3
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2293	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2293	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.securityfocus.com/bid/86082	Trust: 0.1

sources: CNVD: CNVD-2016-02339 // VULHUB: VHN-91112 // VULMON: CVE-2016-2293 // JVNDB: JVNDB-2016-002359 // CNNVD: CNNVD-201604-323 // NVD: CVE-2016-2293

CREDITS

Maxim Rupp

Trust: 0.9

sources: BID: 86082 // CNNVD: CNNVD-201604-323

SOURCES

db:	CNVD	id:	CNVD-2016-02339
db:	VULHUB	id:	VHN-91112
db:	VULMON	id:	CVE-2016-2293
db:	BID	id:	86082
db:	JVNDB	id:	JVNDB-2016-002359
db:	CNNVD	id:	CNNVD-201604-323
db:	NVD	id:	CVE-2016-2293

LAST UPDATE DATE

2025-04-12T23:16:45.896000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02339	date:	2016-04-19T00:00:00
db:	VULHUB	id:	VHN-91112	date:	2016-04-28T00:00:00
db:	VULMON	id:	CVE-2016-2293	date:	2016-04-28T00:00:00
db:	BID	id:	86082	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002359	date:	2016-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201604-323	date:	2016-04-22T00:00:00
db:	NVD	id:	CVE-2016-2293	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02339	date:	2016-04-19T00:00:00
db:	VULHUB	id:	VHN-91112	date:	2016-04-21T00:00:00
db:	VULMON	id:	CVE-2016-2293	date:	2016-04-21T00:00:00
db:	BID	id:	86082	date:	2016-04-14T00:00:00
db:	JVNDB	id:	JVNDB-2016-002359	date:	2016-05-02T00:00:00
db:	CNNVD	id:	CNNVD-201604-323	date:	2016-04-15T00:00:00
db:	NVD	id:	CVE-2016-2293	date:	2016-04-21T11:00:10.103