Sign-up

ID

VAR-201812-0428


CVE

CVE-2018-14703


TITLE

Drobo 5N2 NAS Access control vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012255

DESCRIPTION

Incorrect access control in the /mysql/api/droboapp/data endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to retrieve the MySQL database root password. Drobo 5N2 NAS Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Drobo5N2NAS is a network storage device (NAS) from Drobo Corporation of the United States. The device has functions such as data sharing, data backup, remote access, and disaster recovery. An access control error vulnerability exists in the /mysql/api/droboapp/data endpoint in Drobo5N2NAS version 4.1.03.28.96115

Trust: 2.25

sources: NVD: CVE-2018-14703 // JVNDB: JVNDB-2018-012255 // CNVD: CNVD-2019-05918 // VULHUB: VHN-124889

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05918

AFFECTED PRODUCTS

vendor:drobomodel:5n2scope:eqversion:4.0.5-13.28.96115

Trust: 2.4

vendor:drobomodel:5n2 nasscope:eqversion:4.0.5-13.28.96115

Trust: 0.6

sources: CNVD: CNVD-2019-05918 // JVNDB: JVNDB-2018-012255 // CNNVD: CNNVD-201812-049 // NVD: CVE-2018-14703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14703
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-14703
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2019-05918
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201812-049
value: CRITICAL

Trust: 0.6

VULHUB: VHN-124889
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-14703
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05918
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124889
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14703
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05918 // VULHUB: VHN-124889 // JVNDB: JVNDB-2018-012255 // CNNVD: CNNVD-201812-049 // NVD: CVE-2018-14703

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-284

Trust: 0.9

sources: VULHUB: VHN-124889 // JVNDB: JVNDB-2018-012255 // NVD: CVE-2018-14703

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-049

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-201812-049

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012255

PATCH
title:Drobo 5N2url:https://www.drobo-jp.com/products/pdr5n2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012255

EXTERNAL IDS
db:NVDid:CVE-2018-14703
Trust: 3.1
db:JVNDBid:JVNDB-2018-012255
Trust: 0.8
db:CNNVDid:CNNVD-201812-049
Trust: 0.7
db:CNVDid:CNVD-2019-05918
Trust: 0.6
db:VULHUBid:VHN-124889
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-05918 // 
            
            
            
            VULHUB: VHN-124889 // 
            
            
            
            JVNDB: JVNDB-2018-012255 // 
            
            
            
            CNNVD: CNNVD-201812-049 // 
            
            
            
            NVD: CVE-2018-14703

REFERENCES
url:https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14703
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14703
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-05918 // 
            
            
            
            VULHUB: VHN-124889 // 
            
            
            
            JVNDB: JVNDB-2018-012255 // 
            
            
            
            CNNVD: CNNVD-201812-049 // 
            
            
            
            NVD: CVE-2018-14703

SOURCES
db:CNVDid:CNVD-2019-05918
db:VULHUBid:VHN-124889
db:JVNDBid:JVNDB-2018-012255
db:CNNVDid:CNNVD-201812-049
db:NVDid:CVE-2018-14703

LAST UPDATE DATE
2024-11-23T22:17:14.752000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05918date:2019-03-03T00:00:00
db:VULHUBid:VHN-124889date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2018-012255date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-049date:2019-10-23T00:00:00
db:NVDid:CVE-2018-14703date:2024-11-21T03:49:37.340

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05918date:2019-03-02T00:00:00
db:VULHUBid:VHN-124889date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-012255date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-049date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14703date:2018-12-03T22:29:00.560