Sign-up

ID

VAR-201803-2096


CVE

CVE-2018-6875


TITLE

KeepKey Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-003058

DESCRIPTION

Format String vulnerability in KeepKey version 4.0.0 allows attackers to trigger information display (of information that should not be accessible), related to text containing characters that the device's font lacks. KeepKey Contains an information disclosure vulnerability.Information may be obtained. KEYHODLERSKeepKey is a device used by KEYHODLERS in the United States to store bitcoin. A format string vulnerability exists in KEYHODLERSKeepKey version 4.0.0. An attacker could exploit the vulnerability to access information that is not authorized to access

Trust: 2.25

sources: NVD: CVE-2018-6875 // JVNDB: JVNDB-2018-003058 // CNVD: CNVD-2018-07917 // VULHUB: VHN-136907

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-07917

AFFECTED PRODUCTS

vendor:shapeshiftmodel:keepkeyscope:eqversion:4.0.0

Trust: 1.0

vendor:key hodlersmodel:keepkeyscope:eqversion:4.0.0

Trust: 0.8

vendor:keymodel:hodlers keepkeyscope:eqversion:4.0.0

Trust: 0.6

vendor:keepkeymodel:keepkeyscope:eqversion:4.0.0

Trust: 0.6

sources: CNVD: CNVD-2018-07917 // JVNDB: JVNDB-2018-003058 // CNNVD: CNNVD-201803-543 // NVD: CVE-2018-6875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6875
value: HIGH

Trust: 1.0

NVD: CVE-2018-6875
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-07917
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201803-543
value: HIGH

Trust: 0.6

VULHUB: VHN-136907
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-6875
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-07917
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136907
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6875
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-07917 // VULHUB: VHN-136907 // JVNDB: JVNDB-2018-003058 // CNNVD: CNNVD-201803-543 // NVD: CVE-2018-6875

PROBLEMTYPE DATA

problemtype:CWE-134

Trust: 1.0

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-136907 // JVNDB: JVNDB-2018-003058 // NVD: CVE-2018-6875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-543

TYPE

format string error

Trust: 0.6

sources: CNNVD: CNNVD-201803-543

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003058

PATCH
title:Security Updates & Responsible Disclosureurl:https://www.keepkey.com/2018/03/09/security-updates-responsible-disclosure/
Trust: 0.8
title:KEYHODLERSKeepKey format string vulnerability patchurl:https://www.cnvd.org.cn/patchInfo/show/126431
Trust: 0.6
title:KeepKey Fixes for formatting string vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79191
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-07917 // 
            
            
            
            JVNDB: JVNDB-2018-003058 // 
            
            
            
            CNNVD: CNNVD-201803-543

EXTERNAL IDS
db:NVDid:CVE-2018-6875
Trust: 3.1
db:JVNDBid:JVNDB-2018-003058
Trust: 0.8
db:CNVDid:CNVD-2018-07917
Trust: 0.6
db:CNNVDid:CNNVD-201803-543
Trust: 0.6
db:VULHUBid:VHN-136907
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-07917 // 
            
            
            
            VULHUB: VHN-136907 // 
            
            
            
            JVNDB: JVNDB-2018-003058 // 
            
            
            
            CNNVD: CNNVD-201803-543 // 
            
            
            
            NVD: CVE-2018-6875

REFERENCES
url:https://www.keepkey.com/2018/03/09/security-updates-responsible-disclosure/
Trust: 2.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6875
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6875
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-07917 // 
            
            
            
            VULHUB: VHN-136907 // 
            
            
            
            JVNDB: JVNDB-2018-003058 // 
            
            
            
            CNNVD: CNNVD-201803-543 // 
            
            
            
            NVD: CVE-2018-6875

SOURCES
db:CNVDid:CNVD-2018-07917
db:VULHUBid:VHN-136907
db:JVNDBid:JVNDB-2018-003058
db:CNNVDid:CNNVD-201803-543
db:NVDid:CVE-2018-6875

LAST UPDATE DATE
2024-11-23T22:55:55.171000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-07917date:2018-04-19T00:00:00
db:VULHUBid:VHN-136907date:2020-01-07T00:00:00
db:JVNDBid:JVNDB-2018-003058date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-543date:2019-10-23T00:00:00
db:NVDid:CVE-2018-6875date:2024-11-21T04:11:20.830

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-07917date:2018-04-19T00:00:00
db:VULHUBid:VHN-136907date:2018-03-14T00:00:00
db:JVNDBid:JVNDB-2018-003058date:2018-05-11T00:00:00
db:CNNVDid:CNNVD-201803-543date:2018-03-14T00:00:00
db:NVDid:CVE-2018-6875date:2018-03-14T13:29:00.457