Sign-up

ID

VAR-201701-1163


TITLE

Guofuan Security Authentication Gateway Has Remote Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-11527

DESCRIPTION

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. Guofuan security authentication gateway ha_old.php page has an arbitrary command execution vulnerability. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

Trust: 0.6

sources: CNVD: CNVD-2016-11527

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11527

AFFECTED PRODUCTS

vendor:guofuan e commerce security certificationmodel:gatewayscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-11527

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-11527
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-11527
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-11527

PATCH

title:Guofuan Security Authentication Gateway Has Remote Command Execution Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/84357

Trust: 0.6

sources: CNVD: CNVD-2016-11527

EXTERNAL IDS

db:CNVDid:CNVD-2016-11527

Trust: 0.6

sources: CNVD: CNVD-2016-11527

SOURCES

db:CNVDid:CNVD-2016-11527

LAST UPDATE DATE

2022-05-04T09:34:25.711000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-11527date:2016-12-05T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-11527date:2017-01-09T00:00:00