Sign-up

ID

VAR-201606-0180


CVE

CVE-2016-4822


TITLE

Corega CG-WLBARGL Command Injection Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-04295 // CNNVD: CNNVD-201606-508

DESCRIPTION

Corega CG-WLBARGL devices allow remote authenticated users to execute arbitrary commands via unspecified vectors. CG-WLBARGL provided by Corega Inc is a wireless LAN router. CG-WLBARGL contains a command injection vulnerability. Ohji Kashiwazaki of Global Security Experts Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary command may be executed by an authenticated attacker. CG-WLBARGL is prone to an unspecified command-injection vulnerability because it fails to adequately sanitize user-supplied input. A security vulnerability exists in the Corega CG-WLBARGL device

Trust: 2.52

sources: NVD: CVE-2016-4822 // JVNDB: JVNDB-2016-000107 // CNVD: CNVD-2016-04295 // BID: 91348 // VULHUB: VHN-93641

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-04295

AFFECTED PRODUCTS

vendor:coregamodel:cg-wlbarglscope: - version: -

Trust: 1.4

vendor:coregamodel:cg-wlbarglscope:eqversion: -

Trust: 1.0

vendor:coregamodel:cg-wlbargnlscope:eqversion: -

Trust: 0.6

sources: CNVD: CNVD-2016-04295 // JVNDB: JVNDB-2016-000107 // CNNVD: CNNVD-201606-508 // NVD: CVE-2016-4822

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-4822
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000107
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-04295
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201606-508
value: MEDIUM

Trust: 0.6

VULHUB: VHN-93641
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-4822
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000107
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-04295
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-93641
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-4822
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.1

Trust: 1.0

IPA: JVNDB-2016-000107
baseSeverity: MEDIUM
baseScore: 4.3
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-04295 // VULHUB: VHN-93641 // JVNDB: JVNDB-2016-000107 // CNNVD: CNNVD-201606-508 // NVD: CVE-2016-4822

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.1

problemtype:CWE-20

Trust: 0.8

sources: VULHUB: VHN-93641 // JVNDB: JVNDB-2016-000107 // NVD: CVE-2016-4822

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201606-508

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201606-508

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000107

PATCH
title:About command injection vulnerabilityurl:http://corega.jp/support/security/20160622_wlbargl.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-000107

EXTERNAL IDS
db:NVDid:CVE-2016-4822
Trust: 3.4
db:JVNid:JVN76653039
Trust: 3.1
db:JVNDBid:JVNDB-2016-000107
Trust: 2.5
db:CNNVDid:CNNVD-201606-508
Trust: 0.7
db:CNVDid:CNVD-2016-04295
Trust: 0.6
db:BIDid:91348
Trust: 0.4
db:VULHUBid:VHN-93641
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-04295 // 
            
            
            
            VULHUB: VHN-93641 // 
            
            
            
            BID: 91348 // 
            
            
            
            JVNDB: JVNDB-2016-000107 // 
            
            
            
            CNNVD: CNNVD-201606-508 // 
            
            
            
            NVD: CVE-2016-4822

REFERENCES
url:http://jvn.jp/en/jp/jvn76653039/index.html
Trust: 3.1
url:http://jvndb.jvn.jp/jvndb/jvndb-2016-000107
Trust: 1.7
url:http://corega.jp/support/security/20160622_wlbargl.htm
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4822
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4822
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2016-04295 // 
            
            
            
            VULHUB: VHN-93641 // 
            
            
            
            JVNDB: JVNDB-2016-000107 // 
            
            
            
            CNNVD: CNNVD-201606-508 // 
            
            
            
            NVD: CVE-2016-4822

CREDITS
Ohji Kashiwazaki of Global Security Experts Inc.
Trust: 0.9
sources:
            
            
            BID: 91348 // 
            
            
            
            CNNVD: CNNVD-201606-508

SOURCES
db:CNVDid:CNVD-2016-04295
db:VULHUBid:VHN-93641
db:BIDid:91348
db:JVNDBid:JVNDB-2016-000107
db:CNNVDid:CNNVD-201606-508
db:NVDid:CVE-2016-4822

LAST UPDATE DATE
2025-04-13T23:39:31.776000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-04295date:2016-06-24T00:00:00
db:VULHUBid:VHN-93641date:2016-06-28T00:00:00
db:BIDid:91348date:2016-06-22T00:00:00
db:JVNDBid:JVNDB-2016-000107date:2016-06-29T00:00:00
db:CNNVDid:CNNVD-201606-508date:2016-11-02T00:00:00
db:NVDid:CVE-2016-4822date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-04295date:2016-06-24T00:00:00
db:VULHUBid:VHN-93641date:2016-06-25T00:00:00
db:BIDid:91348date:2016-06-22T00:00:00
db:JVNDBid:JVNDB-2016-000107date:2016-06-22T00:00:00
db:CNNVDid:CNNVD-201606-508date:2016-06-23T00:00:00
db:NVDid:CVE-2016-4822date:2016-06-25T21:59:04.547