Sign-up

ID

VAR-201812-0431


CVE

CVE-2018-14707


TITLE

Drobo 5N2 NAS Path traversal vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-012258

DESCRIPTION

Directory traversal in the Drobo Pix web application on Drobo 5N2 NAS version 4.0.5-13.28.96115 allows unauthenticated attackers to upload files to arbitrary locations. Drobo 5N2 NAS Contains a path traversal vulnerability.Information may be tampered with. Drobo5N2NAS is a network storage device (NAS) from Drobo Corporation of the United States. The device has functions such as data sharing, data backup, remote access, and disaster recovery. DroboPixWebapplication is one of the applications that provides mobile backup. A directory traversal vulnerability exists in the DroboPixWeb application in Drobo5N2NAS version 4.0.5-13.28.96115. An attacker could use this vulnerability to upload files to any location

Trust: 2.25

sources: NVD: CVE-2018-14707 // JVNDB: JVNDB-2018-012258 // CNVD: CNVD-2019-05921 // VULHUB: VHN-124893

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-05921

AFFECTED PRODUCTS

vendor:drobomodel:5n2scope:eqversion:4.0.5-13.28.96115

Trust: 2.4

vendor:drobomodel:5n2 nasscope:eqversion:4.0.5-13.28.96115

Trust: 0.6

sources: CNVD: CNVD-2019-05921 // JVNDB: JVNDB-2018-012258 // CNNVD: CNNVD-201812-052 // NVD: CVE-2018-14707

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-14707
value: HIGH

Trust: 1.0

NVD: CVE-2018-14707
value: HIGH

Trust: 0.8

CNVD: CNVD-2019-05921
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201812-052
value: HIGH

Trust: 0.6

VULHUB: VHN-124893
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-14707
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2019-05921
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-124893
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-14707
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2019-05921 // VULHUB: VHN-124893 // JVNDB: JVNDB-2018-012258 // CNNVD: CNNVD-201812-052 // NVD: CVE-2018-14707

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-124893 // JVNDB: JVNDB-2018-012258 // NVD: CVE-2018-14707

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201812-052

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201812-052

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-012258

PATCH
title:Drobo 5N2url:https://www.drobo-jp.com/products/pdr5n2.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-012258

EXTERNAL IDS
db:NVDid:CVE-2018-14707
Trust: 3.1
db:JVNDBid:JVNDB-2018-012258
Trust: 0.8
db:CNNVDid:CNNVD-201812-052
Trust: 0.7
db:CNVDid:CNVD-2019-05921
Trust: 0.6
db:VULHUBid:VHN-124893
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2019-05921 // 
            
            
            
            VULHUB: VHN-124893 // 
            
            
            
            JVNDB: JVNDB-2018-012258 // 
            
            
            
            CNNVD: CNNVD-201812-052 // 
            
            
            
            NVD: CVE-2018-14707

REFERENCES
url:https://blog.securityevaluators.com/call-me-a-doctor-new-vulnerabilities-in-drobo5n2-4f1d885df7fc
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2018-14707
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-14707
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-05921 // 
            
            
            
            VULHUB: VHN-124893 // 
            
            
            
            JVNDB: JVNDB-2018-012258 // 
            
            
            
            CNNVD: CNNVD-201812-052 // 
            
            
            
            NVD: CVE-2018-14707

SOURCES
db:CNVDid:CNVD-2019-05921
db:VULHUBid:VHN-124893
db:JVNDBid:JVNDB-2018-012258
db:CNNVDid:CNNVD-201812-052
db:NVDid:CVE-2018-14707

LAST UPDATE DATE
2024-11-23T22:06:27.334000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-05921date:2019-03-03T00:00:00
db:VULHUBid:VHN-124893date:2018-12-20T00:00:00
db:JVNDBid:JVNDB-2018-012258date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-052date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14707date:2024-11-21T03:49:37.980

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-05921date:2019-03-03T00:00:00
db:VULHUBid:VHN-124893date:2018-12-03T00:00:00
db:JVNDBid:JVNDB-2018-012258date:2019-01-31T00:00:00
db:CNNVDid:CNNVD-201812-052date:2018-12-04T00:00:00
db:NVDid:CVE-2018-14707date:2018-12-03T22:29:00.683