Details of VAR-201701-1172

ID

VAR-201701-1172

TITLE

Guofuan Security Authentication Gateway Has Arbitrary Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-11528

DESCRIPTION

Guofuan Security Authentication Gateway is a device for user identity authentication, access and access control, which can guarantee the information security of network and application resources. There is an arbitrary command execution vulnerability in the hot.php page of Guofuan Security Authentication Gateway. An attacker could execute arbitrary system commands through this vulnerability, which could lead to the disclosure of sensitive information or damage to the system.

Trust: 0.6

sources: CNVD: CNVD-2016-11528

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11528

AFFECTED PRODUCTS

vendor:

guofuan e commerce security certification

model:

gateway

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-11528

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-11528
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-11528
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-11528

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-11528

Trust: 0.6

sources: CNVD: CNVD-2016-11528

SOURCES

db:

CNVD

id:

CNVD-2016-11528

LAST UPDATE DATE

2022-05-04T09:47:47.288000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-11528

date:

2016-12-05T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-11528

date:

2017-01-09T00:00:00