Sign-up

ID

VAR-201812-0425


CVE

CVE-2018-14700


TITLE

Drobo 5N2 NAS Vulnerable to information disclosure from log files

Trust: 0.8

sources: JVNDB: JVNDB-2018-012252

DESCRIPTION

Incorrect access control in the /mysql/api/logfile.php endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve MySQL log files via the "name" URL parameter. Drobo 5N2 NAS Contains a vulnerability related to information disclosure from log files.Information may be obtained. Drobo5N2NAS is a network storage device (NAS) from Drobo Corporation of the United States. The device has functions such as data sharing, data backup, remote access, and disaster recovery. An access control error vulnerability exists in the /mysql/api/logfile.php endpoint in Drobo5N2NAS version 4.0.5-13.28.96115

Trust: 2.25

sources: NVD: CVE-2018-14700 // JVNDB: JVNDB-2018-012252 // CNVD: CNVD-2019-05934 // VULHUB: VHN-124886

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05934

AFFECTED PRODUCTS

vendor:drobomodel:5n2scope:eqversion:4.0.5-13.28.96115

Trust: 2.4

vendor:drobomodel:5n2 nasscope:eqversion:4.0.5-13.28.96115

Trust: 0.6

sources: CNVD: CNVD-2019-05934 // JVNDB: JVNDB-2018-012252 // CNNVD: CNNVD-201812-046 // NVD: CVE-2018-14700

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14700
value: HIGH

Trust: 1.0

NVD: CVE-2018-14700
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-05934
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-046
value: MEDIUM

Trust: 0.6

VULHUB: VHN-124886
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14700
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05934
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124886
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14700
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05934 // VULHUB: VHN-124886 // JVNDB: JVNDB-2018-012252 // CNNVD: CNNVD-201812-046 // NVD: CVE-2018-14700

PROBLEMTYPE DATA

problemtype:CWE-532

Trust: 1.9

sources: VULHUB: VHN-124886 // JVNDB: JVNDB-2018-012252 // NVD: CVE-2018-14700

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-046

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201812-046

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012252

PATCH
title:Drobo 5N2url:https://www.drobo-jp.com/products/pdr5n2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012252

EXTERNAL IDS
db:NVDid:CVE-2018-14700
Trust: 3.1
db:JVNDBid:JVNDB-2018-012252
Trust: 0.8
db:CNNVDid:CNNVD-201812-046
Trust: 0.7
db:CNVDid:CNVD-2019-05934
Trust: 0.6
db:VULHUBid:VHN-124886
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-05934 // 
            
            
            
            VULHUB: VHN-124886 // 
            
            
            
            JVNDB: JVNDB-2018-012252 // 
            
            
            
            CNNVD: CNNVD-201812-046 // 
            
            
            
            NVD: CVE-2018-14700

REFERENCES
url:https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14700
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14700
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-05934 // 
            
            
            
            VULHUB: VHN-124886 // 
            
            
            
            JVNDB: JVNDB-2018-012252 // 
            
            
            
            CNNVD: CNNVD-201812-046 // 
            
            
            
            NVD: CVE-2018-14700

SOURCES
db:CNVDid:CNVD-2019-05934
db:VULHUBid:VHN-124886
db:JVNDBid:JVNDB-2018-012252
db:CNNVDid:CNNVD-201812-046
db:NVDid:CVE-2018-14700

LAST UPDATE DATE
2024-11-23T22:12:12.457000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05934date:2019-03-03T00:00:00
db:VULHUBid:VHN-124886date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-012252date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-046date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14700date:2024-11-21T03:49:36.903

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05934date:2019-03-02T00:00:00
db:VULHUBid:VHN-124886date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-012252date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-046date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14700date:2018-12-03T22:29:00.433