Sign-up

ID

VAR-201803-2024


CVE

CVE-2018-7756


TITLE

DEWESoft Code injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003081

DESCRIPTION

RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command. DEWESoft Contains a code injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. DEWESoftX3SP1 is a device for industrial measurement. A security vulnerability exists in the RunExeFile.exe file in the DEWESoftX3SP1 (64-bit) device that originated from the program requiring authentication for sessions on the TCP1999 port. A remote attacker could exploit the vulnerability to execute arbitrary code or access internal commands

Trust: 2.25

sources: NVD: CVE-2018-7756 // JVNDB: JVNDB-2018-003081 // CNVD: CNVD-2018-06129 // VULMON: CVE-2018-7756

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-06129

AFFECTED PRODUCTS

vendor:dewesoftmodel:dewesoftscope:eqversion:x3

Trust: 1.6

vendor:dewesoftmodel:dewesoftscope:eqversion:x3 sp1 (64-bit)

Trust: 0.8

vendor:dewesoftmodel:sp1 64-bitscope:eqversion:x3

Trust: 0.6

sources: CNVD: CNVD-2018-06129 // JVNDB: JVNDB-2018-003081 // CNNVD: CNNVD-201803-596 // NVD: CVE-2018-7756

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-7756
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-7756
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2018-06129
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201803-596
value: CRITICAL

Trust: 0.6

VULMON: CVE-2018-7756
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-7756
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-06129
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2018-7756
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-06129 // VULMON: CVE-2018-7756 // JVNDB: JVNDB-2018-003081 // CNNVD: CNNVD-201803-596 // NVD: CVE-2018-7756

PROBLEMTYPE DATA

problemtype:CWE-94

Trust: 1.8

sources: JVNDB: JVNDB-2018-003081 // NVD: CVE-2018-7756

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-596

TYPE

code injection

Trust: 0.6

sources: CNNVD: CNNVD-201803-596

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003081

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2018-7756

PATCH
title:Top Pageurl:https://www.dewesoft.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-003081

EXTERNAL IDS
db:NVDid:CVE-2018-7756
Trust: 3.1
db:EXPLOIT-DBid:44275
Trust: 1.9
db:JVNDBid:JVNDB-2018-003081
Trust: 0.8
db:CNVDid:CNVD-2018-06129
Trust: 0.6
db:CNNVDid:CNNVD-201803-596
Trust: 0.6
db:VULMONid:CVE-2018-7756
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06129 // 
            
            
            
            VULMON: CVE-2018-7756 // 
            
            
            
            JVNDB: JVNDB-2018-003081 // 
            
            
            
            CNNVD: CNNVD-201803-596 // 
            
            
            
            NVD: CVE-2018-7756

REFERENCES
url:http://hyp3rlinx.altervista.org/advisories/dewesoft-x3-remote-internal-command-access.txt
Trust: 2.3
url:https://www.exploit-db.com/exploits/44275/
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-7756
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-7756
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/94.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-06129 // 
            
            
            
            VULMON: CVE-2018-7756 // 
            
            
            
            JVNDB: JVNDB-2018-003081 // 
            
            
            
            CNNVD: CNNVD-201803-596 // 
            
            
            
            NVD: CVE-2018-7756

SOURCES
db:CNVDid:CNVD-2018-06129
db:VULMONid:CVE-2018-7756
db:JVNDBid:JVNDB-2018-003081
db:CNNVDid:CNNVD-201803-596
db:NVDid:CVE-2018-7756

LAST UPDATE DATE
2024-11-23T22:26:26.178000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-06129date:2018-03-23T00:00:00
db:VULMONid:CVE-2018-7756date:2018-04-12T00:00:00
db:JVNDBid:JVNDB-2018-003081date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-596date:2018-03-19T00:00:00
db:NVDid:CVE-2018-7756date:2024-11-21T04:12:40.523

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-06129date:2018-03-23T00:00:00
db:VULMONid:CVE-2018-7756date:2018-03-15T00:00:00
db:JVNDBid:JVNDB-2018-003081date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-596date:2018-03-19T00:00:00
db:NVDid:CVE-2018-7756date:2018-03-15T01:29:03.573