Sign-up

ID

VAR-201710-0949


CVE

CVE-2017-2133


TITLE

Home unit KX-HJB1000 contains multiple vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2017-000229

DESCRIPTION

SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors. Home unit KX-HJB1000 provided by Panasonic Corporation is a control system for home network. Home unit KX-HJB1000 contains multiple vulnerabilities listed below. Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user with access to the affected product may view the configuration menu - CVE-2017-2131 * A user with access to the affected product may delete arbitrary files in the specific directory - CVE-2017-2132 * A user who can log in to the affected product may obtain or alter information on the product - CVE-2017-2133 . Panasonic KX-HJB1000 Homeunitdevices is a network camera from Matsushita Electric Industrial Co., Ltd. of Japan. There is a SQL injection vulnerability in HomeunitKX-HJB1000. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

Trust: 2.52

sources: NVD: CVE-2017-2133 // JVNDB: JVNDB-2017-000229 // CNVD: CNVD-2017-33659 // BID: 101583 // VULHUB: VHN-110336

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33659

AFFECTED PRODUCTS

vendor:panasonicmodel:kx-hjb1000scope:eqversion:hjb1000_4.47

Trust: 1.6

vendor:panasonicmodel:kx-hjb1000scope:eqversion:ghx1yg_14.50

Trust: 1.6

vendor:panasonicmodel:home unit kx-hjb1000scope:eqversion:ghx1yg 14.50

Trust: 0.8

vendor:panasonicmodel:home unit kx-hjb1000scope:eqversion:hjb1000_4.47

Trust: 0.8

vendor:panasonicmodel:unit kx-hjb1000 hjb1000 4.47scope: - version: -

Trust: 0.6

vendor:panasonicmodel:unit kx-hjb1000 ghx1ygscope:eqversion:14.50

Trust: 0.6

vendor:panasonicmodel:home unit kx-hjb1000 hjb1000 4.47scope: - version: -

Trust: 0.3

vendor:panasonicmodel:home unit kx-hjb1000 ghx1ygscope:eqversion:14.50

Trust: 0.3

sources: CNVD: CNVD-2017-33659 // BID: 101583 // JVNDB: JVNDB-2017-000229 // CNNVD: CNNVD-201710-1000 // NVD: CVE-2017-2133

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2017-000229
value: MEDIUM

Trust: 2.4

nvd@nist.gov: CVE-2017-2133
value: HIGH

Trust: 1.0

CNVD: CNVD-2017-33659
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201710-1000
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110336
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2133
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

IPA: JVNDB-2017-000229
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-33659
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-110336
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2133
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

IPA: JVNDB-2017-000229
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2017-33659 // VULHUB: VHN-110336 // JVNDB: JVNDB-2017-000229 // JVNDB: JVNDB-2017-000229 // JVNDB: JVNDB-2017-000229 // CNNVD: CNNVD-201710-1000 // NVD: CVE-2017-2133

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

problemtype:CWE-264

Trust: 0.8

problemtype:CWE-20

Trust: 0.8

sources: VULHUB: VHN-110336 // JVNDB: JVNDB-2017-000229 // NVD: CVE-2017-2133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201710-1000

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201710-1000

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-000229

PATCH
title:Panasonic Corporation websiteurl:http://www.panasonic.com/jp/support/consumer/com/hns/homeunit/releasenote
Trust: 0.8
title:Patch for Panasonic HomeUnitKX-HJB1000SQL Injection Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/105956
Trust: 0.6
title:Panasonic KX-HJB1000 Home unit device SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=75892
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2017-33659 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1000

EXTERNAL IDS
db:NVDid:CVE-2017-2133
Trust: 3.4
db:JVNid:JVN54795166
Trust: 2.8
db:BIDid:101583
Trust: 2.0
db:JVNDBid:JVNDB-2017-000229
Trust: 0.8
db:CNNVDid:CNNVD-201710-1000
Trust: 0.7
db:CNVDid:CNVD-2017-33659
Trust: 0.6
db:VULHUBid:VHN-110336
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2017-33659 // 
            
            
            
            VULHUB: VHN-110336 // 
            
            
            
            BID: 101583 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1000 // 
            
            
            
            NVD: CVE-2017-2133

REFERENCES
url:https://jvn.jp/en/jp/jvn54795166/
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2017-2133
Trust: 1.4
url:http://www.securityfocus.com/bid/101583
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2131
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2132
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2133
Trust: 0.8
url:http://jvn.jp/en/jp/jvn54795166/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2131
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2132
Trust: 0.8
url:http://jpn.faq.panasonic.com/app/answers/detail/a_id/9190/p/1761,2579,2580
Trust: 0.3
url:http://panasonic.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2017-33659 // 
            
            
            
            VULHUB: VHN-110336 // 
            
            
            
            BID: 101583 // 
            
            
            
            JVNDB: JVNDB-2017-000229 // 
            
            
            
            CNNVD: CNNVD-201710-1000 // 
            
            
            
            NVD: CVE-2017-2133

CREDITS
Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc.
Trust: 0.3
sources:
            
            
            BID: 101583

SOURCES
db:CNVDid:CNVD-2017-33659
db:VULHUBid:VHN-110336
db:BIDid:101583
db:JVNDBid:JVNDB-2017-000229
db:CNNVDid:CNNVD-201710-1000
db:NVDid:CVE-2017-2133

LAST UPDATE DATE
2025-04-20T23:15:53.054000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2017-33659date:2017-11-13T00:00:00
db:VULHUBid:VHN-110336date:2017-11-07T00:00:00
db:BIDid:101583date:2017-12-19T20:00:00
db:JVNDBid:JVNDB-2017-000229date:2018-03-07T00:00:00
db:CNNVDid:CNNVD-201710-1000date:2017-11-01T00:00:00
db:NVDid:CVE-2017-2133date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2017-33659date:2017-11-13T00:00:00
db:VULHUBid:VHN-110336date:2017-10-20T00:00:00
db:BIDid:101583date:2017-10-17T00:00:00
db:JVNDBid:JVNDB-2017-000229date:2017-10-17T00:00:00
db:CNNVDid:CNNVD-201710-1000date:2017-10-20T00:00:00
db:NVDid:CVE-2017-2133date:2017-10-20T11:29:00.293