Sign-up

ID

VAR-201707-0322


CVE

CVE-2017-2277


TITLE

SONY Portable Wireless Server WG-C10 fails to restrict access permissions

Trust: 0.8

sources: JVNDB: JVNDB-2017-000176

DESCRIPTION

WG-C10 v3.0.79 and earlier allows an attacker to bypass access restrictions to obtain or alter information stored in the external storage connected to the product via unspecified vectors. Portable Wireless Server WG-C10 provided by Sony Corporation fails to restrict access permissions (CWE-284). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. There are security vulnerabilities in Sony WG-C103.0.79 and earlier

Trust: 2.25

sources: NVD: CVE-2017-2277 // JVNDB: JVNDB-2017-000176 // CNVD: CNVD-2017-24405 // VULHUB: VHN-110480

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-24405

AFFECTED PRODUCTS

vendor:sonymodel:wg-c10scope:lteversion:3.0.79

Trust: 1.0

vendor:sonymodel:wg-c10scope:lteversion:v3.0.79

Trust: 0.8

vendor:sonymodel:wg-c10scope:lteversion:<=3.0.79

Trust: 0.6

vendor:sonymodel:wg-c10scope:eqversion:3.0.79

Trust: 0.6

sources: CNVD: CNVD-2017-24405 // JVNDB: JVNDB-2017-000176 // CNNVD: CNNVD-201707-1098 // NVD: CVE-2017-2277

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2277
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2017-000176
value: HIGH

Trust: 0.8

CNVD: CNVD-2017-24405
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201707-1098
value: CRITICAL

Trust: 0.6

VULHUB: VHN-110480
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2277
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000176
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-24405
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110480
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2277
baseSeverity: CRITICAL
baseScore: 9.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 5.2
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000176
baseSeverity: HIGH
baseScore: 7.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-24405 // VULHUB: VHN-110480 // JVNDB: JVNDB-2017-000176 // CNNVD: CNNVD-201707-1098 // NVD: CVE-2017-2277

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:CWE-264

Trust: 0.8

problemtype:CWE-284

Trust: 0.1

sources: VULHUB: VHN-110480 // JVNDB: JVNDB-2017-000176 // NVD: CVE-2017-2277

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-1098

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201707-1098

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000176

PATCH
title:Security Notice for the WG-C10 Portable Wireless Serverurl:https://esupport.sony.com/US/p/news-item.pl?news_id=527&mdl=WGC10
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2017-000176

EXTERNAL IDS
db:NVDid:CVE-2017-2277
Trust: 3.1
db:JVNid:JVN77412145
Trust: 2.5
db:JVNDBid:JVNDB-2017-000176
Trust: 0.8
db:CNNVDid:CNNVD-201707-1098
Trust: 0.7
db:JVNid:JVN14151222
Trust: 0.6
db:CNVDid:CNVD-2017-24405
Trust: 0.6
db:VULHUBid:VHN-110480
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24405 // 
            
            
            
            VULHUB: VHN-110480 // 
            
            
            
            JVNDB: JVNDB-2017-000176 // 
            
            
            
            CNNVD: CNNVD-201707-1098 // 
            
            
            
            NVD: CVE-2017-2277

REFERENCES
url:https://jvn.jp/en/jp/jvn77412145/index.html
Trust: 2.5
url:https://esupport.sony.com/us/p/news-item.pl?news_id=527&mdl=wgc10
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2277
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2277
Trust: 0.8
url:http://jvn.jp/en/jp/jvn14151222/
Trust: 0.6
url:https://esupport.sony.com/us/p/news-item.pl?news_id=527&amp;mdl=wgc10
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-24405 // 
            
            
            
            VULHUB: VHN-110480 // 
            
            
            
            JVNDB: JVNDB-2017-000176 // 
            
            
            
            CNNVD: CNNVD-201707-1098 // 
            
            
            
            NVD: CVE-2017-2277

SOURCES
db:CNVDid:CNVD-2017-24405
db:VULHUBid:VHN-110480
db:JVNDBid:JVNDB-2017-000176
db:CNNVDid:CNNVD-201707-1098
db:NVDid:CVE-2017-2277

LAST UPDATE DATE
2025-04-20T23:13:04.618000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-24405date:2017-09-03T00:00:00
db:VULHUBid:VHN-110480date:2020-08-24T00:00:00
db:JVNDBid:JVNDB-2017-000176date:2018-02-14T00:00:00
db:CNNVDid:CNNVD-201707-1098date:2020-10-23T00:00:00
db:NVDid:CVE-2017-2277date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-24405date:2017-09-03T00:00:00
db:VULHUBid:VHN-110480date:2017-07-22T00:00:00
db:JVNDBid:JVNDB-2017-000176date:2017-07-19T00:00:00
db:CNNVDid:CNNVD-201707-1098date:2017-07-26T00:00:00
db:NVDid:CVE-2017-2277date:2017-07-22T00:29:00.373