Details of VAR-201708-0384

ID

VAR-201708-0384

CVE

CVE-2017-10835

TITLE

Multiple vulnerabilities in "Dokodemo eye Smart HD" SCR02HD

Trust: 0.8

sources: JVNDB: JVNDB-2017-000204

DESCRIPTION

"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows authenticated attackers to conduct code injection attacks via unspecified vectors. Wireless monitor "Dokodemo eye Smart HD" SCR02HD provided by NIPPON ANTENNA Co., Ltd contains multiple vulnerabilities listed below. * OS command injection (CWE-78) - CVE-2017-10832 * Improper access restriction (CWE-425) - CVE-2017-10833 * Directory traversal (CWE-22) - CVE-2017-10834 * Arbitrary PHP code execution (CWE-94) - CVE-2017-10835 Masashi Shiraishi of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. * An arbitrary OS command may be executed by a remote attacker - CVE-2017-10832 * Viewing information and modifying of configuration by a remote attacker - CVE-2017-10833 * An arbitrary local file on the product may be accessed by an authenticated attacker - CVE-2017-10834 * Arbitrary PHP code on the product may be executed by an authenticated attacker - CVE-2017-10835. DokodemoeyeSmartHDSCR02HD is a wireless monitor from NIPPONANTENNA

Trust: 2.25

sources: NVD: CVE-2017-10835 // JVNDB: JVNDB-2017-000204 // CNVD: CNVD-2017-22800 // VULHUB: VHN-101197

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-22800

AFFECTED PRODUCTS

vendor:	nippon antenna	model:	scr02hd	scope:	lte	version:	1.0.3.1000	Trust: 1.0
vendor:	nippon anntena	model:	"dokodemo eye smart hd" scr02hd	scope:	lte	version:	1.0.3.1000	Trust: 0.8
vendor:	nippon	model:	antenna dokodemo eye smart hd scr02hd	scope:	lte	version:	<=1.0.3.1000	Trust: 0.6
vendor:	nippon antenna	model:	scr02hd	scope:	eq	version:	1.0.3.1000	Trust: 0.6

sources: CNVD: CNVD-2017-22800 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1378 // NVD: CVE-2017-10835

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA:	JVNDB-2017-000204
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2017-10835
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2017-000204
value:	CRITICAL
Trust: 0.8
IPA:	JVNDB-2017-000204
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2017-22800
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201708-1378
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-101197
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-10835
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2017-000204
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2017-000204
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2017-000204
severity:	LOW
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2017-000204
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-22800
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-101197
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-10835
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
IPA:	JVNDB-2017-000204
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2017-000204
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2017-000204
baseSeverity:	MEDIUM
baseScore:	4.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
IPA:	JVNDB-2017-000204
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-22800 // VULHUB: VHN-101197 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1378 // NVD: CVE-2017-10835

PROBLEMTYPE DATA

problemtype:	CWE-94	Trust: 1.9
problemtype:	CWE-78	Trust: 0.8
problemtype:	CWE-22	Trust: 0.8
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-101197 // JVNDB: JVNDB-2017-000204 // NVD: CVE-2017-10835

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201708-1378

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201708-1378

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-000204

PATCH

title:

NIPPON ANTENNA Co., Ltd website

url:

http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf

Trust: 0.8

sources: JVNDB: JVNDB-2017-000204

EXTERNAL IDS

db:	NVD	id:	CVE-2017-10835	Trust: 3.1
db:	JVN	id:	JVN87410770	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-000204	Trust: 0.8
db:	CNNVD	id:	CNNVD-201708-1378	Trust: 0.7
db:	CNVD	id:	CNVD-2017-22800	Trust: 0.6
db:	VULHUB	id:	VHN-101197	Trust: 0.1

sources: CNVD: CNVD-2017-22800 // VULHUB: VHN-101197 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1378 // NVD: CVE-2017-10835

REFERENCES

url:	https://jvn.jp/en/jp/jvn87410770/index.html	Trust: 2.5
url:	http://www.nippon-antenna.co.jp/product/ine/pdf/scr02hd_about_security.pdf	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10835	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10832	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10833	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-10834	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10832	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10833	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10834	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-10835	Trust: 0.8
url:	http://jvn.jp/en/jp/jvn87410770/	Trust: 0.6

sources: CNVD: CNVD-2017-22800 // VULHUB: VHN-101197 // JVNDB: JVNDB-2017-000204 // CNNVD: CNNVD-201708-1378 // NVD: CVE-2017-10835

SOURCES

db:	CNVD	id:	CNVD-2017-22800
db:	VULHUB	id:	VHN-101197
db:	JVNDB	id:	JVNDB-2017-000204
db:	CNNVD	id:	CNNVD-201708-1378
db:	NVD	id:	CVE-2017-10835

LAST UPDATE DATE

2025-04-20T23:23:38.268000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-22800	date:	2017-08-25T00:00:00
db:	VULHUB	id:	VHN-101197	date:	2017-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2017-000204	date:	2018-02-28T00:00:00
db:	CNNVD	id:	CNNVD-201708-1378	date:	2017-09-07T00:00:00
db:	NVD	id:	CVE-2017-10835	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-22800	date:	2017-08-25T00:00:00
db:	VULHUB	id:	VHN-101197	date:	2017-08-29T00:00:00
db:	JVNDB	id:	JVNDB-2017-000204	date:	2017-08-23T00:00:00
db:	CNNVD	id:	CNNVD-201708-1378	date:	2017-08-28T00:00:00
db:	NVD	id:	CVE-2017-10835	date:	2017-08-29T01:35:12.983