Details of VAR-201712-0705

ID

VAR-201712-0705

CVE

CVE-2017-16241

TITLE

AMAG Symmetry Door Edge Network Controller Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-011513

DESCRIPTION

Incorrect access control in AMAG Symmetry Door Edge Network Controllers (EN-1DBC Boot App 23611 03.60 and STD App 23603 03.60; EN-2DBC Boot App 24451 01.00 and STD App 2461 01.00) enables remote attackers to execute door controller commands (e.g., lock, unlock, add ID card value) by sending unauthenticated requests to the affected devices via Serial over TCP/IP, as demonstrated by a Ud command. AMAG Symmetry Door Edge Network Controller Contains an access control vulnerability.Information may be tampered with. of the United States. A security vulnerability exists in AMAGSymmetryDoorEdgeNetworkControllers that stems from incorrect access control

Trust: 2.25

sources: NVD: CVE-2017-16241 // JVNDB: JVNDB-2017-011513 // CNVD: CNVD-2018-00621 // VULHUB: VHN-107144

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-00621

AFFECTED PRODUCTS

vendor:	amag	model:	std	scope:	eq	version:	01.00	Trust: 1.6
vendor:	amag	model:	en-1dbc	scope:	eq	version:	03.60	Trust: 1.6
vendor:	amag	model:	en-2dbc	scope:	eq	version:	03.60	Trust: 1.6
vendor:	amag	model:	std	scope:	eq	version:	03.60	Trust: 1.6
vendor:	amag	model:	technology en-1dbc	scope:	-	version:	-	Trust: 0.8
vendor:	amag	model:	technology en-2dbc	scope:	-	version:	-	Trust: 0.8
vendor:	amag	model:	std	scope:	-	version:	-	Trust: 0.8
vendor:	amag	model:	symmetry door edge network controllers	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2018-00621 // JVNDB: JVNDB-2017-011513 // CNNVD: CNNVD-201711-013 // NVD: CVE-2017-16241

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-16241
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-16241
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2018-00621
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201711-013
value:	HIGH
Trust: 0.6
VULHUB:	VHN-107144
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2017-16241
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-00621
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-107144
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-16241
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-00621 // VULHUB: VHN-107144 // JVNDB: JVNDB-2017-011513 // CNNVD: CNNVD-201711-013 // NVD: CVE-2017-16241

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.1
problemtype:	CWE-284	Trust: 0.9

sources: VULHUB: VHN-107144 // JVNDB: JVNDB-2017-011513 // NVD: CVE-2017-16241

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-013

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201711-013

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-011513

PATCH

title:	Top Page	url:	http://www.amag.com/en/	Trust: 0.8
title:	AMAGSymmetryDoorEdgeNetworkControllers command to execute the patch for the vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/113031	Trust: 0.6

sources: CNVD: CNVD-2018-00621 // JVNDB: JVNDB-2017-011513

EXTERNAL IDS

db:	NVD	id:	CVE-2017-16241	Trust: 3.1
db:	JVNDB	id:	JVNDB-2017-011513	Trust: 0.8
db:	CNVD	id:	CNVD-2018-00621	Trust: 0.6
db:	CNNVD	id:	CNNVD-201711-013	Trust: 0.6
db:	VULHUB	id:	VHN-107144	Trust: 0.1

sources: CNVD: CNVD-2018-00621 // VULHUB: VHN-107144 // JVNDB: JVNDB-2017-011513 // CNNVD: CNNVD-201711-013 // NVD: CVE-2017-16241

REFERENCES

url:	https://www.secureworks.com/research/advisory-2017-001	Trust: 2.5
url:	https://github.com/lixmk/concierge	Trust: 1.7
url:	https://hushcon.com/schedule.html	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-16241	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-16241	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2017-16241/	Trust: 0.6

sources: CNVD: CNVD-2018-00621 // VULHUB: VHN-107144 // JVNDB: JVNDB-2017-011513 // CNNVD: CNNVD-201711-013 // NVD: CVE-2017-16241

SOURCES

db:	CNVD	id:	CNVD-2018-00621
db:	VULHUB	id:	VHN-107144
db:	JVNDB	id:	JVNDB-2017-011513
db:	CNNVD	id:	CNNVD-201711-013
db:	NVD	id:	CVE-2017-16241

LAST UPDATE DATE

2025-04-20T23:39:55.129000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-00621	date:	2018-01-10T00:00:00
db:	VULHUB	id:	VHN-107144	date:	2019-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2017-011513	date:	2018-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201711-013	date:	2020-07-27T00:00:00
db:	NVD	id:	CVE-2017-16241	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-00621	date:	2018-01-10T00:00:00
db:	VULHUB	id:	VHN-107144	date:	2017-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2017-011513	date:	2018-01-18T00:00:00
db:	CNNVD	id:	CNNVD-201711-013	date:	2017-10-31T00:00:00
db:	NVD	id:	CVE-2017-16241	date:	2017-12-10T01:29:00.190