Details of VAR-201806-0898

ID

VAR-201806-0898

CVE

CVE-2018-1151

TITLE

Western Digital TV Media Player and TV Live Hub Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006292

DESCRIPTION

The web server on Western Digital TV Media Player 1.03.07 and TV Live Hub 3.12.13 allow unauthenticated remote attackers to execute arbitrary code or cause denial of service via crafted HTTP requests to toServerValue.cgi

Trust: 1.8

sources: NVD: CVE-2018-1151 // JVNDB: JVNDB-2018-006292 // VULHUB: VHN-121376 // VULMON: CVE-2018-1151

IOT TAXONOMY

category:	['home & office device', 'network device']	sub_category:	TV	Trust: 0.1
category:	['home & office device', 'network device']	sub_category:	hub	Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	westerndigital	model:	tv media player	scope:	eq	version:	1.03.07	Trust: 1.0
vendor:	westerndigital	model:	tv live hub	scope:	eq	version:	3.12.13	Trust: 1.0
vendor:	western digital	model:	tv live hub	scope:	eq	version:	3.12.13	Trust: 0.8
vendor:	western digital	model:	tv media player	scope:	eq	version:	1.03.07	Trust: 0.8
vendor:	wdc	model:	tv live hub	scope:	eq	version:	3.12.13	Trust: 0.6
vendor:	wdc	model:	tv media player	scope:	eq	version:	1.03.07	Trust: 0.6

sources: JVNDB: JVNDB-2018-006292 // CNNVD: CNNVD-201806-725 // NVD: CVE-2018-1151

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-1151
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-1151
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201806-725
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-121376
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-1151
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-1151
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-121376
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-1151
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-121376 // VULMON: CVE-2018-1151 // JVNDB: JVNDB-2018-006292 // CNNVD: CNNVD-201806-725 // NVD: CVE-2018-1151

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-121376 // JVNDB: JVNDB-2018-006292 // NVD: CVE-2018-1151

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-725

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201806-725

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006292

PATCH

title:

Top Page

url:

https://www.wdc.com/

Trust: 0.8

sources: JVNDB: JVNDB-2018-006292

EXTERNAL IDS

db:	NVD	id:	CVE-2018-1151	Trust: 2.7
db:	TENABLE	id:	TRA-2018-14	Trust: 2.6
db:	JVNDB	id:	JVNDB-2018-006292	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-725	Trust: 0.7
db:	OTHER	id:	NONE	Trust: 0.1
db:	SEEBUG	id:	SSVID-97554	Trust: 0.1
db:	VULHUB	id:	VHN-121376	Trust: 0.1
db:	VULMON	id:	CVE-2018-1151	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-121376 // VULMON: CVE-2018-1151 // JVNDB: JVNDB-2018-006292 // CNNVD: CNNVD-201806-725 // NVD: CVE-2018-1151

REFERENCES

url:	https://www.tenable.com/security/research/tra-2018-14	Trust: 2.6
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1151	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-1151	Trust: 0.8
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: OTHER: None // VULHUB: VHN-121376 // VULMON: CVE-2018-1151 // JVNDB: JVNDB-2018-006292 // CNNVD: CNNVD-201806-725 // NVD: CVE-2018-1151

SOURCES

db:	OTHER	id:	-
db:	VULHUB	id:	VHN-121376
db:	VULMON	id:	CVE-2018-1151
db:	JVNDB	id:	JVNDB-2018-006292
db:	CNNVD	id:	CNNVD-201806-725
db:	NVD	id:	CVE-2018-1151

LAST UPDATE DATE

2025-01-30T20:01:05.286000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-121376	date:	2019-05-28T00:00:00
db:	VULMON	id:	CVE-2018-1151	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-006292	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-725	date:	2019-05-29T00:00:00
db:	NVD	id:	CVE-2018-1151	date:	2024-11-21T03:59:17.530

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-121376	date:	2018-06-12T00:00:00
db:	VULMON	id:	CVE-2018-1151	date:	2018-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2018-006292	date:	2018-08-15T00:00:00
db:	CNNVD	id:	CNNVD-201806-725	date:	2018-06-13T00:00:00
db:	NVD	id:	CVE-2018-1151	date:	2018-06-12T17:29:00.397