Details of VAR-201604-0669

ID

VAR-201604-0669

TITLE

Multiple security vulnerabilities exist in LG NAS N1A1

Trust: 0.6

sources: CNVD: CNVD-2016-05130

DESCRIPTION

LGNASN1A1 is a network storage device developed by Korea LG Group. The Familycast service in LGNASN1A110119 has arbitrary file upload/download, secure bypass, SQL injection and unauthorized operation vulnerabilities. Attackers can use these vulnerabilities to upload or download arbitrary files, execute arbitrary script code, bypass security restrictions, access or modify. Data, exploiting potential vulnerabilities in the underlying database, gaining permissions, and performing unauthorized operations. There are multiple security vulnerabilities in the Familycast service in LG NAS N1A1 version 10119

Trust: 1.35

sources: CNVD: CNVD-2016-05130 // CNNVD: CNNVD-201607-467 // BID: 90763

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-05130

AFFECTED PRODUCTS

vendor:

model:

nas n1a1

scope:

version:

10119

Trust: 0.6

sources: CNVD: CNVD-2016-05130

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-05130
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-05130
severity:	HIGH
baseScore:	9.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	8.5
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-05130

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-467

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201607-467

EXTERNAL IDS

db:	BID	id:	90763	Trust: 1.5
db:	CNVD	id:	CNVD-2016-05130	Trust: 0.6
db:	CNNVD	id:	CNNVD-201607-467	Trust: 0.6

sources: CNVD: CNVD-2016-05130 // BID: 90763 // CNNVD: CNNVD-201607-467

REFERENCES

url:	http://www.lg.com/us/support-product/lg-n1a1dd1	Trust: 0.9
url:	http://www.securityfocus.com/bid/90763	Trust: 0.6
url:	https://github.com/ebux/lg-nas-n1a1-vulnerabilities	Trust: 0.3
url:	http://www.search-lab.hu/advisories/113-secadv-20160519	Trust: 0.3

sources: CNVD: CNVD-2016-05130 // BID: 90763 // CNNVD: CNNVD-201607-467

CREDITS

Gergely Eberhardt from SEARCH-LAB Ltd.

Trust: 0.9

sources: BID: 90763 // CNNVD: CNNVD-201607-467

SOURCES

db:	CNVD	id:	CNVD-2016-05130
db:	BID	id:	90763
db:	CNNVD	id:	CNNVD-201607-467

LAST UPDATE DATE

2022-05-17T02:04:32.816000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05130	date:	2016-07-21T00:00:00
db:	BID	id:	90763	date:	2016-07-06T14:44:00
db:	CNNVD	id:	CNNVD-201607-467	date:	2016-07-18T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05130	date:	2016-07-21T00:00:00
db:	BID	id:	90763	date:	2016-04-10T00:00:00
db:	CNNVD	id:	CNNVD-201607-467	date:	2016-04-10T00:00:00