Sign-up

ID

VAR-201801-1485


CVE

CVE-2018-5319


TITLE

RAVPower FileHub Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-001596

DESCRIPTION

RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. RAVPower FileHub Contains an information disclosure vulnerability.Information may be obtained. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. A security vulnerability exists in the RAVPowerFileHub2.000.056 version

Trust: 2.25

sources: NVD: CVE-2018-5319 // JVNDB: JVNDB-2018-001596 // CNVD: CNVD-2018-03107 // VULHUB: VHN-135350

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-03107

AFFECTED PRODUCTS

vendor:ravpowermodel:filehubscope:eqversion:2.000.056

Trust: 3.0

sources: CNVD: CNVD-2018-03107 // JVNDB: JVNDB-2018-001596 // CNNVD: CNNVD-201801-916 // NVD: CVE-2018-5319

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-5319
value: HIGH

Trust: 1.0

NVD: CVE-2018-5319
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-03107
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-916
value: MEDIUM

Trust: 0.6

VULHUB: VHN-135350
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-5319
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-03107
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-135350
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-5319
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-03107 // VULHUB: VHN-135350 // JVNDB: JVNDB-2018-001596 // CNNVD: CNNVD-201801-916 // NVD: CVE-2018-5319

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-135350 // JVNDB: JVNDB-2018-001596 // NVD: CVE-2018-5319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-916

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201801-916

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001596

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-135350

PATCH
title:Top Pageurl:https://www.ravpower.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001596

EXTERNAL IDS
db:EXPLOIT-DBid:43856
Trust: 3.1
db:NVDid:CVE-2018-5319
Trust: 3.1
db:JVNDBid:JVNDB-2018-001596
Trust: 0.8
db:CNNVDid:CNNVD-201801-916
Trust: 0.7
db:CNVDid:CNVD-2018-03107
Trust: 0.6
db:PACKETSTORMid:146069
Trust: 0.1
db:VULHUBid:VHN-135350
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-03107 // 
            
            
            
            VULHUB: VHN-135350 // 
            
            
            
            JVNDB: JVNDB-2018-001596 // 
            
            
            
            CNNVD: CNNVD-201801-916 // 
            
            
            
            NVD: CVE-2018-5319

REFERENCES
url:https://www.exploit-db.com/exploits/43856/
Trust: 3.1
url:https://nvd.nist.gov/vuln/detail/cve-2018-5319
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5319
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-03107 // 
            
            
            
            VULHUB: VHN-135350 // 
            
            
            
            JVNDB: JVNDB-2018-001596 // 
            
            
            
            CNNVD: CNNVD-201801-916 // 
            
            
            
            NVD: CVE-2018-5319

SOURCES
db:CNVDid:CNVD-2018-03107
db:VULHUBid:VHN-135350
db:JVNDBid:JVNDB-2018-001596
db:CNNVDid:CNNVD-201801-916
db:NVDid:CVE-2018-5319

LAST UPDATE DATE
2024-11-23T23:08:47.538000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-03107date:2018-02-09T00:00:00
db:VULHUBid:VHN-135350date:2018-02-12T00:00:00
db:JVNDBid:JVNDB-2018-001596date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-916date:2018-01-25T00:00:00
db:NVDid:CVE-2018-5319date:2024-11-21T04:08:34.907

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-03107date:2018-02-09T00:00:00
db:VULHUBid:VHN-135350date:2018-01-24T00:00:00
db:JVNDBid:JVNDB-2018-001596date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-916date:2018-01-25T00:00:00
db:NVDid:CVE-2018-5319date:2018-01-24T15:29:01.217