Sign-up

ID

VAR-201811-1129


TITLE

Command execution vulnerability in K2 wireless router of Shanghai Feixun Data Communication Technology Co., Ltd.

Trust: 0.6

sources: CNVD: CNVD-2018-22139

DESCRIPTION

Shanghai Feixun Data Communication Technology Co., Ltd. is a technologically innovative enterprise that provides users with smart products and cloud services in the field of smart homes. The K2 wireless router of Shanghai Feixun Data Communication Technology Co., Ltd. has a command execution vulnerability. The vulnerability stems from the failure to filter the two parameters timeRebootEnablestatus and timeRebootrange. Attackers can use this vulnerability to execute arbitrary commands.

Trust: 0.6

sources: CNVD: CNVD-2018-22139

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-22139

AFFECTED PRODUCTS

vendor:feixun data communicationmodel:k2 wireless routerscope:eqversion:22.5.11.5

Trust: 0.6

sources: CNVD: CNVD-2018-22139

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2018-22139
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2018-22139
severity: MEDIUM
baseScore: 6.5
vectorString: AV:A/AC:H/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: HIGH
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 2.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2018-22139

PATCH

title:Command execution vulnerability in Pfeiffer K2 wireless routerurl:https://www.cnvd.org.cn/patchinfo/show/142957

Trust: 0.6

sources: CNVD: CNVD-2018-22139

EXTERNAL IDS

db:CNVDid:CNVD-2018-22139

Trust: 0.6

sources: CNVD: CNVD-2018-22139

SOURCES

db:CNVDid:CNVD-2018-22139

LAST UPDATE DATE

2022-05-04T08:36:54.996000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2018-22139date:2018-12-13T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2018-22139date:2018-11-25T00:00:00