Sign-up

ID

VAR-201710-0915


CVE

CVE-2017-11321


TITLE

UCOPIA Wireless Appliance Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-008959

DESCRIPTION

The restricted shell interface in UCOPIA Wireless Appliance before 5.1.8 allows remote authenticated users to gain 'admin' privileges via shell metacharacters in the less command. UCOPIA Wireless Appliance Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCOPIAWirelessAppliance is a wireless device from UCOPIA, France. A security vulnerability exists in the restricted shell interface in versions prior to UCOPIAWirelessAppliance 5.1.8

Trust: 2.34

sources: NVD: CVE-2017-11321 // JVNDB: JVNDB-2017-008959 // CNVD: CNVD-2018-11049 // VULHUB: VHN-101732 // VULMON: CVE-2017-11321

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-11049

AFFECTED PRODUCTS

vendor:ucopiamodel:wireless appliancescope:ltversion:5.1.8

Trust: 1.4

vendor:ucopiamodel:wireless appliancescope:lteversion:5.1.7

Trust: 1.0

vendor:ucopiamodel:wireless appliancescope:eqversion:5.1.7

Trust: 0.6

sources: CNVD: CNVD-2018-11049 // JVNDB: JVNDB-2017-008959 // CNNVD: CNNVD-201707-641 // NVD: CVE-2017-11321

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-11321
value: HIGH

Trust: 1.0

NVD: CVE-2017-11321
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-11049
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201707-641
value: HIGH

Trust: 0.6

VULHUB: VHN-101732
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-11321
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-11321
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-11049
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-101732
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-11321
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-11321
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2018-11049 // VULHUB: VHN-101732 // VULMON: CVE-2017-11321 // JVNDB: JVNDB-2017-008959 // CNNVD: CNNVD-201707-641 // NVD: CVE-2017-11321

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-101732 // JVNDB: JVNDB-2017-008959 // NVD: CVE-2017-11321

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201707-641

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201707-641

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-008959

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-101732 // 
            
            
            
            VULMON: CVE-2017-11321

PATCH
title:Top Pageurl:http://www.ucopia.com/en/
Trust: 0.8
title:Patch for UCOPIAWirelessAppliance Empowerment Vulnerability (CNVD-2018-11049)url:https://www.cnvd.org.cn/patchInfo/show/131389
Trust: 0.6
title:UCOPIA Wireless Appliance Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=99934
Trust: 0.6
title:CVEsurl:https://github.com/tnpitsecurity/CVEs 
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11049 // 
            
            
            
            VULMON: CVE-2017-11321 // 
            
            
            
            JVNDB: JVNDB-2017-008959 // 
            
            
            
            CNNVD: CNNVD-201707-641

EXTERNAL IDS
db:NVDid:CVE-2017-11321
Trust: 3.2
db:EXPLOIT-DBid:42937
Trust: 1.8
db:JVNDBid:JVNDB-2017-008959
Trust: 0.8
db:CNNVDid:CNNVD-201707-641
Trust: 0.7
db:CNVDid:CNVD-2018-11049
Trust: 0.6
db:PACKETSTORMid:144413
Trust: 0.1
db:VULHUBid:VHN-101732
Trust: 0.1
db:VULMONid:CVE-2017-11321
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11049 // 
            
            
            
            VULHUB: VHN-101732 // 
            
            
            
            VULMON: CVE-2017-11321 // 
            
            
            
            JVNDB: JVNDB-2017-008959 // 
            
            
            
            CNNVD: CNNVD-201707-641 // 
            
            
            
            NVD: CVE-2017-11321

REFERENCES
url:https://sysdream.com/news/lab/2017-09-29-cve-2017-11321-ucopia-wireless-appliance-5-1-8-restricted-shell-escape/
Trust: 2.6
url:https://www.exploit-db.com/exploits/42937/
Trust: 1.9
url:https://nvd.nist.gov/vuln/detail/cve-2017-11321
Trust: 1.4
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-11321
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-11049 // 
            
            
            
            VULHUB: VHN-101732 // 
            
            
            
            VULMON: CVE-2017-11321 // 
            
            
            
            JVNDB: JVNDB-2017-008959 // 
            
            
            
            CNNVD: CNNVD-201707-641 // 
            
            
            
            NVD: CVE-2017-11321

SOURCES
db:CNVDid:CNVD-2018-11049
db:VULHUBid:VHN-101732
db:VULMONid:CVE-2017-11321
db:JVNDBid:JVNDB-2017-008959
db:CNNVDid:CNNVD-201707-641
db:NVDid:CVE-2017-11321

LAST UPDATE DATE
2025-04-20T23:42:55.780000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-11049date:2018-06-06T00:00:00
db:VULHUBid:VHN-101732date:2020-10-02T00:00:00
db:VULMONid:CVE-2017-11321date:2020-10-02T00:00:00
db:JVNDBid:JVNDB-2017-008959date:2017-10-31T00:00:00
db:CNNVDid:CNNVD-201707-641date:2019-10-23T00:00:00
db:NVDid:CVE-2017-11321date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-11049date:2018-06-06T00:00:00
db:VULHUBid:VHN-101732date:2017-10-03T00:00:00
db:VULMONid:CVE-2017-11321date:2017-10-03T00:00:00
db:JVNDBid:JVNDB-2017-008959date:2017-10-31T00:00:00
db:CNNVDid:CNNVD-201707-641date:2017-07-17T00:00:00
db:NVDid:CVE-2017-11321date:2017-10-03T01:29:00.997