Details of VAR-201810-0420

ID

VAR-201810-0420

CVE

CVE-2018-17868

TITLE

DASAN H660GW Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-010423

DESCRIPTION

DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. DASAN H660GW Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dasan H660GW is a modem device manufactured by Dasan Corporation in South Korea. Remote attackers can exploit this vulnerability to inject malicious scripts into web pages and execute the scripts in the user's browser

Trust: 1.71

sources: NVD: CVE-2018-17868 // JVNDB: JVNDB-2018-010423 // VULHUB: VHN-128370

AFFECTED PRODUCTS

vendor:	dasan	model:	h660gw	scope:	eq	version:	-	Trust: 1.6
vendor:	dasan	model:	h660gw	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2018-010423 // CNNVD: CNNVD-201810-036 // NVD: CVE-2018-17868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-17868
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-17868
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-036
value:	LOW
Trust: 0.6
VULHUB:	VHN-128370
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-17868
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-128370
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-17868
baseSeverity:	MEDIUM
baseScore:	4.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	1.7
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-128370 // JVNDB: JVNDB-2018-010423 // CNNVD: CNNVD-201810-036 // NVD: CVE-2018-17868

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-128370 // JVNDB: JVNDB-2018-010423 // NVD: CVE-2018-17868

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-036

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201810-036

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010423

PATCH

title:

Top Page

url:

http://www.dasannetworks.com/en/

Trust: 0.8

sources: JVNDB: JVNDB-2018-010423

EXTERNAL IDS

db:	NVD	id:	CVE-2018-17868	Trust: 2.5
db:	JVNDB	id:	JVNDB-2018-010423	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-036	Trust: 0.7
db:	VULHUB	id:	VHN-128370	Trust: 0.1

sources: VULHUB: VHN-128370 // JVNDB: JVNDB-2018-010423 // CNNVD: CNNVD-201810-036 // NVD: CVE-2018-17868

REFERENCES

url:	https://wojciechregula.blog/authenticated-rce-in-dasan-routers/	Trust: 2.5
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17868	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-17868	Trust: 0.8

sources: VULHUB: VHN-128370 // JVNDB: JVNDB-2018-010423 // CNNVD: CNNVD-201810-036 // NVD: CVE-2018-17868

SOURCES

db:	VULHUB	id:	VHN-128370
db:	JVNDB	id:	JVNDB-2018-010423
db:	CNNVD	id:	CNNVD-201810-036
db:	NVD	id:	CVE-2018-17868

LAST UPDATE DATE

2024-11-23T22:45:10.557000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-128370	date:	2018-11-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-010423	date:	2018-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201810-036	date:	2018-10-16T00:00:00
db:	NVD	id:	CVE-2018-17868	date:	2024-11-21T03:55:05.580

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-128370	date:	2018-10-01T00:00:00
db:	JVNDB	id:	JVNDB-2018-010423	date:	2018-12-13T00:00:00
db:	CNNVD	id:	CNNVD-201810-036	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-17868	date:	2018-10-01T23:29:00.843