Sign-up

ID

VAR-201707-0321


CVE

CVE-2017-2276


TITLE

Multiple vulnerabilities SONY Portable Wireless Server WG-C10

Trust: 0.8

sources: JVNDB: JVNDB-2017-000175

DESCRIPTION

Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary commands via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-2275 * Buffer overflow (CWE-119) - CVE-2017-2276 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can log in to the product as an administrator may execute arbitrary OS commands. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

Trust: 2.25

sources: NVD: CVE-2017-2276 // JVNDB: JVNDB-2017-000175 // CNVD: CNVD-2017-24404 // VULHUB: VHN-110479

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-24404

AFFECTED PRODUCTS

vendor:sonymodel:wg-c10scope:lteversion:3.0.79

Trust: 1.0

vendor:sonymodel:wg-c10scope:lteversion:v3.0.79

Trust: 0.8

vendor:sonymodel:wg-c10scope:lteversion:<=3.0.79

Trust: 0.6

vendor:sonymodel:wg-c10scope:eqversion:3.0.79

Trust: 0.6

sources: CNVD: CNVD-2017-24404 // JVNDB: JVNDB-2017-000175 // CNNVD: CNNVD-201707-1099 // NVD: CVE-2017-2276

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2017-000175
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2017-2276
value: HIGH

Trust: 1.0

CNVD: CNVD-2017-24404
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201707-1099
value: CRITICAL

Trust: 0.6

VULHUB: VHN-110479
value: HIGH

Trust: 0.1

IPA: JVNDB-2017-000175
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2017-2276
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2017-24404
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110479
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA: JVNDB-2017-000175
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2017-2276
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-24404 // VULHUB: VHN-110479 // JVNDB: JVNDB-2017-000175 // JVNDB: JVNDB-2017-000175 // CNNVD: CNNVD-201707-1099 // NVD: CVE-2017-2276

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

problemtype:CWE-78

Trust: 0.8

sources: VULHUB: VHN-110479 // JVNDB: JVNDB-2017-000175 // NVD: CVE-2017-2276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1099

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201707-1099

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000175

PATCH
title:Security Notice for the WG-C10 Portable Wireless Serverurl:https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-000175

EXTERNAL IDS
db:JVNid:JVN14151222
Trust: 3.1
db:NVDid:CVE-2017-2276
Trust: 3.1
db:JVNDBid:JVNDB-2017-000175
Trust: 0.8
db:CNNVDid:CNNVD-201707-1099
Trust: 0.7
db:CNVDid:CNVD-2017-24404
Trust: 0.6
db:VULHUBid:VHN-110479
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24404 // 
            
            
            
            VULHUB: VHN-110479 // 
            
            
            
            JVNDB: JVNDB-2017-000175 // 
            
            
            
            CNNVD: CNNVD-201707-1099 // 
            
            
            
            NVD: CVE-2017-2276

REFERENCES
url:https://jvn.jp/en/jp/jvn14151222/index.html
Trust: 2.5
url:https://esupport.sony.com/us/p/news-item.pl?news_id=527&mdl=wgc10
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2275
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2276
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2275
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2276
Trust: 0.8
url:http://jvn.jp/en/jp/jvn14151222/
Trust: 0.6
url:https://esupport.sony.com/us/p/news-item.pl?news_id=527&amp;mdl=wgc10
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24404 // 
            
            
            
            VULHUB: VHN-110479 // 
            
            
            
            JVNDB: JVNDB-2017-000175 // 
            
            
            
            CNNVD: CNNVD-201707-1099 // 
            
            
            
            NVD: CVE-2017-2276

SOURCES
db:CNVDid:CNVD-2017-24404
db:VULHUBid:VHN-110479
db:JVNDBid:JVNDB-2017-000175
db:CNNVDid:CNNVD-201707-1099
db:NVDid:CVE-2017-2276

LAST UPDATE DATE
2025-04-20T23:13:04.587000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24404date:2019-05-17T00:00:00
db:VULHUBid:VHN-110479date:2017-07-26T00:00:00
db:JVNDBid:JVNDB-2017-000175date:2018-01-24T00:00:00
db:CNNVDid:CNNVD-201707-1099date:2017-07-26T00:00:00
db:NVDid:CVE-2017-2276date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-24404date:2017-09-03T00:00:00
db:VULHUBid:VHN-110479date:2017-07-22T00:00:00
db:JVNDBid:JVNDB-2017-000175date:2017-07-19T00:00:00
db:CNNVDid:CNNVD-201707-1099date:2017-07-26T00:00:00
db:NVDid:CVE-2017-2276date:2017-07-22T00:29:00.340