Sign-up

ID

VAR-201812-0420


CVE

CVE-2018-14695


TITLE

Drobo 5N2 NAS Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-012247

DESCRIPTION

Incorrect access control in the /mysql/api/diags.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve diagnostic information via the "name" URL parameter. Drobo 5N2 NAS Contains an information disclosure vulnerability.Information may be obtained. Drobo5N2NAS is a network storage device (NAS) from Drobo Corporation of the United States. The device has functions such as data sharing, data backup, remote access, and disaster recovery. An access control error vulnerability exists in the /mysql/api/diags.php endpoint in Drobo5N2NAS version 4.0.5-13.28.96115

Trust: 2.25

sources: NVD: CVE-2018-14695 // JVNDB: JVNDB-2018-012247 // CNVD: CNVD-2019-05929 // VULHUB: VHN-124880

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05929

AFFECTED PRODUCTS

vendor:drobomodel:5n2scope:eqversion:4.0.5-13.28.96115

Trust: 2.4

vendor:drobomodel:5n2 nasscope:eqversion:4.0.5-13.28.96115

Trust: 0.6

sources: CNVD: CNVD-2019-05929 // JVNDB: JVNDB-2018-012247 // CNNVD: CNNVD-201812-041 // NVD: CVE-2018-14695

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14695
value: HIGH

Trust: 1.0

NVD: CVE-2018-14695
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-05929
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-041
value: MEDIUM

Trust: 0.6

VULHUB: VHN-124880
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14695
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05929
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124880
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14695
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05929 // VULHUB: VHN-124880 // JVNDB: JVNDB-2018-012247 // CNNVD: CNNVD-201812-041 // NVD: CVE-2018-14695

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-124880 // JVNDB: JVNDB-2018-012247 // NVD: CVE-2018-14695

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-041

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201812-041

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012247

PATCH
title:Drobo 5N2url:https://www.drobo-jp.com/products/pdr5n2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012247

EXTERNAL IDS
db:NVDid:CVE-2018-14695
Trust: 3.1
db:JVNDBid:JVNDB-2018-012247
Trust: 0.8
db:CNNVDid:CNNVD-201812-041
Trust: 0.7
db:CNVDid:CNVD-2019-05929
Trust: 0.6
db:VULHUBid:VHN-124880
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-05929 // 
            
            
            
            VULHUB: VHN-124880 // 
            
            
            
            JVNDB: JVNDB-2018-012247 // 
            
            
            
            CNNVD: CNNVD-201812-041 // 
            
            
            
            NVD: CVE-2018-14695

REFERENCES
url:https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14695
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14695
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-05929 // 
            
            
            
            VULHUB: VHN-124880 // 
            
            
            
            JVNDB: JVNDB-2018-012247 // 
            
            
            
            CNNVD: CNNVD-201812-041 // 
            
            
            
            NVD: CVE-2018-14695

SOURCES
db:CNVDid:CNVD-2019-05929
db:VULHUBid:VHN-124880
db:JVNDBid:JVNDB-2018-012247
db:CNNVDid:CNNVD-201812-041
db:NVDid:CVE-2018-14695

LAST UPDATE DATE
2024-11-23T22:30:10.683000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05929date:2019-03-03T00:00:00
db:VULHUBid:VHN-124880date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-012247date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-041date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14695date:2024-11-21T03:49:36.123

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05929date:2019-03-02T00:00:00
db:VULHUBid:VHN-124880date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-012247date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-041date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14695date:2018-12-03T22:29:00.230