Details of VAR-201710-1443

ID

VAR-201710-1443

TITLE

Shanghai Feixun Data Communication Technology Co., Ltd. Feixun K2 Wireless Router Has Command Execution Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2017-25289

DESCRIPTION

The Fixon K2 wireless router is a wireless router for home use. Shanghai Feixun Data Communication Technology Co., Ltd. Feixun K2 wireless router has a command execution vulnerability. The vulnerability is because the timeRebootEnablestatus and timeRebootrange parameters do not filter the data submitted by the user, allowing an attacker to log in to the router as an administrator to execute arbitrary commands and gain server permissions.

Trust: 0.6

sources: CNVD: CNVD-2017-25289

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-25289

AFFECTED PRODUCTS

vendor:

feixun data communication

model:

k2 wireless router a6

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2017-25289

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2017-25289
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2017-25289
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:H/AU:S/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	HIGH
authentication:	SINGLE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2017-25289

PATCH

title:

Shanghai Feixun Data Communication Technology Co., Ltd. Feixun K2 Wireless Router Has Command Execution Vulnerability

url:

https://www.cnvd.org.cn/patchinfo/show/101033

Trust: 0.6

sources: CNVD: CNVD-2017-25289

EXTERNAL IDS

db:

CNVD

id:

CNVD-2017-25289

Trust: 0.6

sources: CNVD: CNVD-2017-25289

SOURCES

db:

CNVD

id:

CNVD-2017-25289

LAST UPDATE DATE

2022-05-04T09:34:03.185000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2017-25289

date:

2017-09-11T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2017-25289

date:

2017-10-09T00:00:00