Details of VAR-201801-1392

ID

VAR-201801-1392

CVE

CVE-2018-5997

TITLE

RAVPower Filehub Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001580

DESCRIPTION

An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. RAVPower Filehub Contains path traversal vulnerabilities and unsafe uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. HTTPServer is one of the HTTP servers. A remote code execution vulnerability exists in RAVPowerFilehub. The HTTP Server in RAVPower Filehub version 2.000.056 has a path traversal vulnerability

Trust: 2.34

sources: NVD: CVE-2018-5997 // JVNDB: JVNDB-2018-001580 // CNVD: CNVD-2018-02999 // VULHUB: VHN-136029 // VULMON: CVE-2018-5997

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-02999

AFFECTED PRODUCTS

vendor:

ravpower

model:

filehub

scope:

version:

2.000.056

Trust: 3.0

sources: CNVD: CNVD-2018-02999 // JVNDB: JVNDB-2018-001580 // CNNVD: CNNVD-201801-975 // NVD: CVE-2018-5997

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-5997
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-5997
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-02999
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201801-975
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-136029
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-5997
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-5997
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2018-02999
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-136029
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-5997
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-02999 // VULHUB: VHN-136029 // VULMON: CVE-2018-5997 // JVNDB: JVNDB-2018-001580 // CNNVD: CNNVD-201801-975 // NVD: CVE-2018-5997

PROBLEMTYPE DATA

problemtype:	CWE-22	Trust: 1.9
problemtype:	CWE-434	Trust: 1.9

sources: VULHUB: VHN-136029 // JVNDB: JVNDB-2018-001580 // NVD: CVE-2018-5997

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-975

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201801-975

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-001580

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-136029 // VULMON: CVE-2018-5997

PATCH

title:

Top Page

url:

https://www.ravpower.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-001580

EXTERNAL IDS

db:	NVD	id:	CVE-2018-5997	Trust: 3.2
db:	EXPLOIT-DB	id:	43871	Trust: 3.2
db:	JVNDB	id:	JVNDB-2018-001580	Trust: 0.8
db:	CNNVD	id:	CNNVD-201801-975	Trust: 0.7
db:	CNVD	id:	CNVD-2018-02999	Trust: 0.6
db:	PACKETSTORM	id:	146073	Trust: 0.1
db:	VULHUB	id:	VHN-136029	Trust: 0.1
db:	VULMON	id:	CVE-2018-5997	Trust: 0.1

sources: CNVD: CNVD-2018-02999 // VULHUB: VHN-136029 // VULMON: CVE-2018-5997 // JVNDB: JVNDB-2018-001580 // CNNVD: CNNVD-201801-975 // NVD: CVE-2018-5997

REFERENCES

url:	https://www.exploit-db.com/exploits/43871/	Trust: 3.3
url:	https://nvd.nist.gov/vuln/detail/cve-2018-5997	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5997	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/22.html	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/434.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2018-02999 // VULHUB: VHN-136029 // VULMON: CVE-2018-5997 // JVNDB: JVNDB-2018-001580 // CNNVD: CNNVD-201801-975 // NVD: CVE-2018-5997

SOURCES

db:	CNVD	id:	CNVD-2018-02999
db:	VULHUB	id:	VHN-136029
db:	VULMON	id:	CVE-2018-5997
db:	JVNDB	id:	JVNDB-2018-001580
db:	CNNVD	id:	CNNVD-201801-975
db:	NVD	id:	CVE-2018-5997

LAST UPDATE DATE

2024-11-23T23:02:13.672000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-02999	date:	2018-02-11T00:00:00
db:	VULHUB	id:	VHN-136029	date:	2018-02-12T00:00:00
db:	VULMON	id:	CVE-2018-5997	date:	2018-02-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-001580	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-975	date:	2018-01-26T00:00:00
db:	NVD	id:	CVE-2018-5997	date:	2024-11-21T04:09:51.103

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-02999	date:	2018-02-08T00:00:00
db:	VULHUB	id:	VHN-136029	date:	2018-01-25T00:00:00
db:	VULMON	id:	CVE-2018-5997	date:	2018-01-25T00:00:00
db:	JVNDB	id:	JVNDB-2018-001580	date:	2018-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201801-975	date:	2018-01-26T00:00:00
db:	NVD	id:	CVE-2018-5997	date:	2018-01-25T17:29:00.303