Sign-up

ID

VAR-201809-0814


CVE

CVE-2018-16752


TITLE

LINK-NET LW-N605R Vulnerability related to input validation in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2018-011624

DESCRIPTION

LINK-NET LW-N605R devices with firmware 12.20.2.1486 allow Remote Code Execution via shell metacharacters in the HOST field of the ping feature at adm/systools.asp. Authentication is needed but the default password of admin for the admin account may be used in some cases. LINK-NET LW-N605R There is an input validation vulnerability in the device firmware.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The LW-N605R is a network product launched by LINK-NET. A security vulnerability exists in LINK-NET LW-N605R using firmware version 12.20.2.1486

Trust: 2.34

sources: NVD: CVE-2018-16752 // JVNDB: JVNDB-2018-011624 // CNVD: CNVD-2018-18480 // VULHUB: VHN-127143 // VULMON: CVE-2018-16752

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-18480

AFFECTED PRODUCTS

vendor:linknet usamodel:lw-n605rscope:eqversion:12.20.2.1486

Trust: 1.6

vendor:link netmodel:lw-n605rscope:eqversion:12.20.2.1486

Trust: 0.8

vendor:link netmodel:lw-n605rscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-18480 // JVNDB: JVNDB-2018-011624 // CNNVD: CNNVD-201809-940 // NVD: CVE-2018-16752

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-16752
value: HIGH

Trust: 1.0

NVD: CVE-2018-16752
value: HIGH

Trust: 0.8

CNVD: CNVD-2018-18480
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201809-940
value: HIGH

Trust: 0.6

VULHUB: VHN-127143
value: HIGH

Trust: 0.1

VULMON: CVE-2018-16752
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-16752
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2018-18480
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-127143
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-16752
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-18480 // VULHUB: VHN-127143 // VULMON: CVE-2018-16752 // JVNDB: JVNDB-2018-011624 // CNNVD: CNNVD-201809-940 // NVD: CVE-2018-16752

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:CWE-1188

Trust: 1.0

problemtype:CWE-20

Trust: 0.9

sources: VULHUB: VHN-127143 // JVNDB: JVNDB-2018-011624 // NVD: CVE-2018-16752

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-940

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201809-940

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011624

PATCH
title:LW-N605Rurl:http://linknet-usa.com/main/product_info.php?products_id=35&language=en&osCsid=60520ab1a640096821f0168525af0541
Trust: 0.8
title:api.greynoise.iourl:https://github.com/GreyNoise-Intelligence/api.greynoise.io 
Trust: 0.1
title: - url:https://github.com/20142995/Goby 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-16752 // 
            
            
            
            JVNDB: JVNDB-2018-011624

EXTERNAL IDS
db:NVDid:CVE-2018-16752
Trust: 3.2
db:PACKETSTORMid:149297
Trust: 2.6
db:EXPLOIT-DBid:45351
Trust: 1.8
db:JVNDBid:JVNDB-2018-011624
Trust: 0.8
db:CNNVDid:CNNVD-201809-940
Trust: 0.7
db:EXPLOITALERTid:30853
Trust: 0.6
db:CNVDid:CNVD-2018-18480
Trust: 0.6
db:SEEBUGid:SSVID-97674
Trust: 0.1
db:VULHUBid:VHN-127143
Trust: 0.1
db:VULMONid:CVE-2018-16752
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-18480 // 
            
            
            
            VULHUB: VHN-127143 // 
            
            
            
            VULMON: CVE-2018-16752 // 
            
            
            
            JVNDB: JVNDB-2018-011624 // 
            
            
            
            CNNVD: CNNVD-201809-940 // 
            
            
            
            NVD: CVE-2018-16752

REFERENCES
url:http://packetstormsecurity.com/files/149297/lw-n605r-remote-code-execution.html
Trust: 2.7
url:https://www.exploit-db.com/exploits/45351/
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-16752
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-16752
Trust: 0.8
url:https://www.exploitalert.com/view-details.html?id=30853
Trust: 0.6
url:https://cwe.mitre.org/data/definitions/78.html
Trust: 0.1
url:https://cwe.mitre.org/data/definitions/1188.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/greynoise-intelligence/api.greynoise.io
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-18480 // 
            
            
            
            VULHUB: VHN-127143 // 
            
            
            
            VULMON: CVE-2018-16752 // 
            
            
            
            JVNDB: JVNDB-2018-011624 // 
            
            
            
            CNNVD: CNNVD-201809-940 // 
            
            
            
            NVD: CVE-2018-16752

SOURCES
db:CNVDid:CNVD-2018-18480
db:VULHUBid:VHN-127143
db:VULMONid:CVE-2018-16752
db:JVNDBid:JVNDB-2018-011624
db:CNNVDid:CNNVD-201809-940
db:NVDid:CVE-2018-16752

LAST UPDATE DATE
2024-11-23T23:08:35.089000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-18480date:2018-09-12T00:00:00
db:VULHUBid:VHN-127143date:2019-10-03T00:00:00
db:VULMONid:CVE-2018-16752date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-011624date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201809-940date:2019-10-23T00:00:00
db:NVDid:CVE-2018-16752date:2024-11-21T03:53:17.503

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-18480date:2018-09-12T00:00:00
db:VULHUBid:VHN-127143date:2018-09-20T00:00:00
db:VULMONid:CVE-2018-16752date:2018-09-20T00:00:00
db:JVNDBid:JVNDB-2018-011624date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201809-940date:2018-09-21T00:00:00
db:NVDid:CVE-2018-16752date:2018-09-20T20:29:00.817