Details of VAR-201604-0295

ID

VAR-201604-0295

CVE

CVE-2016-2332

TITLE

SysLINK M2M Modular Gateway contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#822980

DESCRIPTION

flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remotely authenticated user 5066 ( alias dnsmasq) An arbitrary command may be executed via a parameter. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. The vulnerability is constructed with root privileges and runs arbitrary commands with the '5066' parameter in the POST request of the flu.cgi file. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic

Trust: 3.24

sources: NVD: CVE-2016-2332 // CERT/CC: VU#822980 // JVNDB: JVNDB-2016-002409 // CNVD: CNVD-2016-02644 // BID: 87337 // VULHUB: VHN-91151

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02644

AFFECTED PRODUCTS

vendor:	systech	model:	syslink sl-1000 modular gateway	scope:	eq	version:	-	Trust: 1.6
vendor:	systech	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	systech	model:	syslink sl-1000 m2m modular gateway	scope:	-	version:	-	Trust: 0.8
vendor:	systech	model:	syslink sl-1000 m2m modular gateway	scope:	lt	version:	01a.8	Trust: 0.8
vendor:	systech	model:	syslink sl-1000 m2m modular gateway <01a.8	scope:	-	version:	-	Trust: 0.6

sources: CERT/CC: VU#822980 // CNVD: CNVD-2016-02644 // JVNDB: JVNDB-2016-002409 // CNNVD: CNNVD-201604-549 // NVD: CVE-2016-2332

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-2332
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-2332
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02644
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201604-549
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-91151
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-2332
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02644
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-91151
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-2332
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02644 // VULHUB: VHN-91151 // JVNDB: JVNDB-2016-002409 // CNNVD: CNNVD-201604-549 // NVD: CVE-2016-2332

PROBLEMTYPE DATA

problemtype:	CWE-77	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-91151 // JVNDB: JVNDB-2016-002409 // NVD: CVE-2016-2332

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201604-549

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201604-549

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-002409

PATCH

title:	SysLINK M2M Gateway	url:	http://www.systech.com/syslink-m2m-modular-gateway	Trust: 0.8
title:	Patch for SystechSysLINKM2MModularGateway Command Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/74842	Trust: 0.6
title:	Systech SysLINK SL-1000 M2M Modular Gateway Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61233	Trust: 0.6

sources: CNVD: CNVD-2016-02644 // JVNDB: JVNDB-2016-002409 // CNNVD: CNNVD-201604-549

EXTERNAL IDS

db:	CERT/CC	id:	VU#822980	Trust: 3.9
db:	NVD	id:	CVE-2016-2332	Trust: 3.4
db:	JVN	id:	JVNVU98139587	Trust: 0.8
db:	JVNDB	id:	JVNDB-2016-002409	Trust: 0.8
db:	CNNVD	id:	CNNVD-201604-549	Trust: 0.7
db:	CNVD	id:	CNVD-2016-02644	Trust: 0.6
db:	BID	id:	87337	Trust: 0.3
db:	VULHUB	id:	VHN-91151	Trust: 0.1

sources: CERT/CC: VU#822980 // CNVD: CNVD-2016-02644 // VULHUB: VHN-91151 // BID: 87337 // JVNDB: JVNDB-2016-002409 // CNNVD: CNNVD-201604-549 // NVD: CVE-2016-2332

REFERENCES

url:	http://www.kb.cert.org/vuls/id/822980	Trust: 3.1
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2332	Trust: 1.4
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2332	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98139587/index.html	Trust: 0.8

sources: CERT/CC: VU#822980 // CNVD: CNVD-2016-02644 // VULHUB: VHN-91151 // JVNDB: JVNDB-2016-002409 // CNNVD: CNNVD-201604-549 // NVD: CVE-2016-2332

CREDITS

Roman Faynberg , Jeremy Allen of Carve Systems

Trust: 0.6

sources: CNNVD: CNNVD-201604-549

SOURCES

db:	CERT/CC	id:	VU#822980
db:	CNVD	id:	CNVD-2016-02644
db:	VULHUB	id:	VHN-91151
db:	BID	id:	87337
db:	JVNDB	id:	JVNDB-2016-002409
db:	CNNVD	id:	CNNVD-201604-549
db:	NVD	id:	CVE-2016-2332

LAST UPDATE DATE

2025-04-12T23:22:09.641000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#822980	date:	2016-04-22T00:00:00
db:	CNVD	id:	CNVD-2016-02644	date:	2016-04-28T00:00:00
db:	VULHUB	id:	VHN-91151	date:	2016-05-04T00:00:00
db:	BID	id:	87337	date:	2016-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-002409	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-549	date:	2016-04-26T00:00:00
db:	NVD	id:	CVE-2016-2332	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#822980	date:	2016-04-22T00:00:00
db:	CNVD	id:	CNVD-2016-02644	date:	2016-04-28T00:00:00
db:	VULHUB	id:	VHN-91151	date:	2016-04-25T00:00:00
db:	BID	id:	87337	date:	2016-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2016-002409	date:	2016-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201604-549	date:	2016-04-25T00:00:00
db:	NVD	id:	CVE-2016-2332	date:	2016-04-25T18:59:03.230