Sign-up

ID

VAR-201710-0948


CVE

CVE-2017-2132


TITLE

Home unit KX-HJB1000 contains multiple vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-000229

DESCRIPTION

Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allow an attacker to delete arbitrary files in a specific directory via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. PanasonicHomeUnitKX-HJB1000 has an arbitrary file deletion vulnerability. An attacker could use this vulnerability to remove any files from the directory. An attacker can exploit this issue to delete arbitrary files on a vulnerable computer with the affected application

Trust: 2.61

sources: NVD: CVE-2017-2132 // JVNDB: JVNDB-2017-000229 // CNVD: CNVD-2017-33660 // BID: 101584 // VULHUB: VHN-110335 // VULMON: CVE-2017-2132

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33660

AFFECTED PRODUCTS

vendor:panasonicmodel:kx-hjb1000scope:eqversion:hjb1000_4.47

Trust: 1.6

vendor:panasonicmodel:kx-hjb1000scope:eqversion:ghx1yg_14.50

Trust: 1.6

vendor:panasonicmodel:home unit kx-hjb1000scope:eqversion:ghx1yg 14.50

Trust: 0.8

vendor:panasonicmodel:home unit kx-hjb1000scope:eqversion:hjb1000_4.47

Trust: 0.8

vendor:panasonicmodel:unit kx-hjb1000 hjb1000 4.47scope: - version: -

Trust: 0.6

vendor:panasonicmodel:unit kx-hjb1000 ghx1ygscope:eqversion:14.50

Trust: 0.6

vendor:panasonicmodel:home unit kx-hjb1000 hjb1000 4.47scope: - version: -

Trust: 0.3

vendor:panasonicmodel:home unit kx-hjb1000 ghx1ygscope:eqversion:14.50

Trust: 0.3

sources: CNVD: CNVD-2017-33660 // BID: 101584 // JVNDB: JVNDB-2017-000229 // CNNVD: CNNVD-201710-1001 // NVD: CVE-2017-2132

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2017-000229
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2017-2132
value: HIGH

Trust: 1.0

CNVD: CNVD-2017-33660
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-1001
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110335
value: MEDIUM

Trust: 0.1

VULMON: CVE-2017-2132
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2132
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-33660
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110335
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2132
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33660 // VULHUB: VHN-110335 // VULMON: CVE-2017-2132 // JVNDB: JVNDB-2017-000229 // JVNDB: JVNDB-2017-000229 // JVNDB: JVNDB-2017-000229 // CNNVD: CNNVD-201710-1001 // NVD: CVE-2017-2132

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

problemtype:CWE-89

Trust: 0.8

problemtype:CWE-264

Trust: 0.8

sources: VULHUB: VHN-110335 // JVNDB: JVNDB-2017-000229 // NVD: CVE-2017-2132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-1001

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201710-1001

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000229

PATCH
title:Panasonic Corporation websiteurl:http://www.panasonic.com/jp/support/consumer/com/hns/homeunit/releasenote
Trust: 0.8
title:PanasonicHomeUnitKX-HJB1000 patch for arbitrary file deletion vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105953
Trust: 0.6
title:Panasonic KX-HJB1000 Home unit Repair measures for device security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75893
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33660 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1001

EXTERNAL IDS
db:NVDid:CVE-2017-2132
Trust: 3.5
db:JVNid:JVN54795166
Trust: 3.5
db:BIDid:101584
Trust: 2.1
db:JVNDBid:JVNDB-2017-000229
Trust: 0.8
db:CNNVDid:CNNVD-201710-1001
Trust: 0.7
db:CNVDid:CNVD-2017-33660
Trust: 0.6
db:VULHUBid:VHN-110335
Trust: 0.1
db:VULMONid:CVE-2017-2132
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33660 // 
            
            
            
            VULHUB: VHN-110335 // 
            
            
            
            VULMON: CVE-2017-2132 // 
            
            
            
            BID: 101584 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1001 // 
            
            
            
            NVD: CVE-2017-2132

REFERENCES
url:https://jvn.jp/en/jp/jvn54795166/
Trust: 2.7
url:http://www.securityfocus.com/bid/101584
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2131
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2132
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2133
Trust: 0.8
url:http://jvn.jp/en/jp/jvn54795166/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2131
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2132
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2133
Trust: 0.8
url:http://jpn.faq.panasonic.com/app/answers/detail/a_id/9190/p/1761,2579,2580
Trust: 0.3
url:http://panasonic.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33660 // 
            
            
            
            VULHUB: VHN-110335 // 
            
            
            
            VULMON: CVE-2017-2132 // 
            
            
            
            BID: 101584 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1001 // 
            
            
            
            NVD: CVE-2017-2132

CREDITS
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
Trust: 0.3
sources:
            
            
            BID: 101584

SOURCES
db:CNVDid:CNVD-2017-33660
db:VULHUBid:VHN-110335
db:VULMONid:CVE-2017-2132
db:BIDid:101584
db:JVNDBid:JVNDB-2017-000229
db:CNNVDid:CNNVD-201710-1001
db:NVDid:CVE-2017-2132

LAST UPDATE DATE
2025-04-20T23:15:53.016000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33660date:2017-11-13T00:00:00
db:VULHUBid:VHN-110335date:2017-11-08T00:00:00
db:VULMONid:CVE-2017-2132date:2017-11-08T00:00:00
db:BIDid:101584date:2017-12-19T20:00:00
db:JVNDBid:JVNDB-2017-000229date:2018-03-07T00:00:00
db:CNNVDid:CNNVD-201710-1001date:2017-11-01T00:00:00
db:NVDid:CVE-2017-2132date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33660date:2017-11-13T00:00:00
db:VULHUBid:VHN-110335date:2017-10-20T00:00:00
db:VULMONid:CVE-2017-2132date:2017-10-20T00:00:00
db:BIDid:101584date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-000229date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201710-1001date:2017-10-20T00:00:00
db:NVDid:CVE-2017-2132date:2017-10-20T11:29:00.247