Sign-up

ID

VAR-201704-0901


CVE

CVE-2017-2152


TITLE

WNC01WH vulnerable to OS command injection

Trust: 0.8

sources: JVNDB: JVNDB-2017-000072

DESCRIPTION

WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to execute arbitrary OS commands via unspecified vectors. WNC01WH provided by BUFFALO INC. is a network camera. WNC01WH contains an OS command injection vulnerability (CWE-78). Kiyotaka ATSUMI of LAC Co., Ltd. reported this vulnerability to IPA. Enables a locally authenticated attacker to perform command injection attacks. A security vulnerability exists in Buffalo WNC01WH devices using firmware versions 1.0.0.9 and earlier

Trust: 2.25

sources: NVD: CVE-2017-2152 // JVNDB: JVNDB-2017-000072 // CNVD: CNVD-2017-05872 // VULHUB: VHN-110355

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-05872

AFFECTED PRODUCTS

vendor:buffalomodel:wnc01whscope:lteversion:1.0.0.9

Trust: 1.0

vendor:buffalomodel:wnc01whscope:lteversion:version 1.0.0.9

Trust: 0.8

vendor:buffalomodel:wnc01whscope:lteversion:<=1.0.0.8

Trust: 0.6

vendor:buffalomodel:wnc01whscope:eqversion:1.0.0.9

Trust: 0.6

sources: CNVD: CNVD-2017-05872 // JVNDB: JVNDB-2017-000072 // CNNVD: CNNVD-201705-096 // NVD: CVE-2017-2152

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2152
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2017-000072
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-05872
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201705-096
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110355
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2152
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000072
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-05872
severity: MEDIUM
baseScore: 4.3
vectorString: AV:L/AC:L/AU:S/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110355
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2152
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000072
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-05872 // VULHUB: VHN-110355 // JVNDB: JVNDB-2017-000072 // CNNVD: CNNVD-201705-096 // NVD: CVE-2017-2152

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-110355 // JVNDB: JVNDB-2017-000072 // NVD: CVE-2017-2152

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201705-096

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201705-096

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000072

PATCH
title:BUFFALO INC. websiteurl:http://buffalo.jp/support_s/s20161201.html
Trust: 0.8
title:BuffaloWNC01WH command injection vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/93146
Trust: 0.6
title:Buffalo WNC01WH Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69771
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05872 // 
            
            
            
            JVNDB: JVNDB-2017-000072 // 
            
            
            
            CNNVD: CNNVD-201705-096

EXTERNAL IDS
db:NVDid:CVE-2017-2152
Trust: 3.1
db:JVNid:JVN48790793
Trust: 3.1
db:JVNDBid:JVNDB-2017-000072
Trust: 0.8
db:CNNVDid:CNNVD-201705-096
Trust: 0.7
db:CNVDid:CNVD-2017-05872
Trust: 0.6
db:VULHUBid:VHN-110355
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-05872 // 
            
            
            
            VULHUB: VHN-110355 // 
            
            
            
            JVNDB: JVNDB-2017-000072 // 
            
            
            
            CNNVD: CNNVD-201705-096 // 
            
            
            
            NVD: CVE-2017-2152

REFERENCES
url:https://jvn.jp/en/jp/jvn48790793/index.html
Trust: 2.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2152
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2152
Trust: 0.8
url:http://jvn.jp/en/jp/jvn48790793/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-05872 // 
            
            
            
            VULHUB: VHN-110355 // 
            
            
            
            JVNDB: JVNDB-2017-000072 // 
            
            
            
            CNNVD: CNNVD-201705-096 // 
            
            
            
            NVD: CVE-2017-2152

SOURCES
db:CNVDid:CNVD-2017-05872
db:VULHUBid:VHN-110355
db:JVNDBid:JVNDB-2017-000072
db:CNNVDid:CNNVD-201705-096
db:NVDid:CVE-2017-2152

LAST UPDATE DATE
2025-04-20T23:26:07.406000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-05872date:2017-05-04T00:00:00
db:VULHUBid:VHN-110355date:2017-05-06T00:00:00
db:JVNDBid:JVNDB-2017-000072date:2017-06-01T00:00:00
db:CNNVDid:CNNVD-201705-096date:2017-05-09T00:00:00
db:NVDid:CVE-2017-2152date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-05872date:2017-05-04T00:00:00
db:VULHUBid:VHN-110355date:2017-04-28T00:00:00
db:JVNDBid:JVNDB-2017-000072date:2017-04-21T00:00:00
db:CNNVDid:CNNVD-201705-096date:2017-04-28T00:00:00
db:NVDid:CVE-2017-2152date:2017-04-28T16:59:02.027