Sign-up

ID

VAR-201901-0726


CVE

CVE-2018-0676


TITLE

Multiple vulnerabilities in Panasonic BN-SDWBP3

Trust: 0.8

sources: JVNDB: JVNDB-2018-000122

DESCRIPTION

BN-SDWBP3 firmware version 1.0.9 and earlier allows an attacker on the same network segment to bypass authentication to access to the management screen and execute an arbitrary command via unspecified vectors. BN-SDWBP3 provided by Panasonic Corporation is a Wi-Fi Reader/Writer for SD Memory Cards. BN-SDWBP3 contains multiple vulnerabilities listed below. * Improper Authentication (CWE-287) - CVE-2018-0676 * OS Command Injection(CWE-78) - CVE-2018-0677 * Buffer Overflow (CWE-119) - CVE-2018-0678 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. - CVE-2018-0676 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary OS command. - CVE-2018-0677 * A user on the same LAN who can access the product as an administrative privilege may execute an arbitrary code or perform a denial-of-service (DoS) attack. - CVE-2018-0678. An authorization issue vulnerability exists in Panasonic BN-SDWBP3 with firmware version 1.0.9 and earlier

Trust: 1.71

sources: NVD: CVE-2018-0676 // JVNDB: JVNDB-2018-000122 // VULHUB: VHN-118878

AFFECTED PRODUCTS

vendor:panasonicmodel:bn-sdwbp3scope:lteversion:1.0.9

Trust: 1.0

vendor:panasonicmodel:bn-sdwbp3scope:lteversion:version 1.0.9

Trust: 0.8

sources: JVNDB: JVNDB-2018-000122 // NVD: CVE-2018-0676

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000122
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0676
value: HIGH

Trust: 1.0

IPA: JVNDB-2018-000122
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201901-265
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118878
value: MEDIUM

Trust: 0.1

IPA: JVNDB-2018-000122
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0676
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2018-000122
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-118878
severity: MEDIUM
baseScore: 5.8
vectorString: AV:A/AC:L/AU:N/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

IPA: JVNDB-2018-000122
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0676
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2018-000122
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-118878 // JVNDB: JVNDB-2018-000122 // JVNDB: JVNDB-2018-000122 // JVNDB: JVNDB-2018-000122 // CNNVD: CNNVD-201901-265 // NVD: CVE-2018-0676

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

problemtype:CWE-78

Trust: 0.8

problemtype:CWE-119

Trust: 0.8

sources: VULHUB: VHN-118878 // JVNDB: JVNDB-2018-000122 // NVD: CVE-2018-0676

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201901-265

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000122

PATCH
title:Panasonic Wi-Fi Card reader - App Storeurl:https://itunes.apple.com/us/app/wi-fikadorida/id859950047?l=ja&ls=1&mt=8
Trust: 0.8
title:Panasonic Wi-Fi Card reader - Google Playurl:https://play.google.com/store/apps/details?id=com.panasonic.avc.media.wifirw&hl=en_US
Trust: 0.8
title:Panasonic Corporation websiteurl:https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3
Trust: 0.8
title:Panasonic BN-SDWBP3 Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88448
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-000122 // 
            
            
            
            CNNVD: CNNVD-201901-265

EXTERNAL IDS
db:JVNid:JVN65082538
Trust: 2.5
db:NVDid:CVE-2018-0676
Trust: 2.5
db:JVNDBid:JVNDB-2018-000122
Trust: 1.4
db:CNNVDid:CNNVD-201901-265
Trust: 0.7
db:VULHUBid:VHN-118878
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118878 // 
            
            
            
            JVNDB: JVNDB-2018-000122 // 
            
            
            
            CNNVD: CNNVD-201901-265 // 
            
            
            
            NVD: CVE-2018-0676

REFERENCES
url:https://jvn.jp/en/jp/jvn65082538/index.html
Trust: 2.5
url:https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0678
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0676
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0677
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0676
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0677
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0678
Trust: 0.8
url:https://jvndb.jvn.jp/en/contents/2018/jvndb-2018-000122.html
Trust: 0.6
url:https://p3.support.panasonic.com/faq/show/5017?&site_domain=p3
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118878 // 
            
            
            
            JVNDB: JVNDB-2018-000122 // 
            
            
            
            CNNVD: CNNVD-201901-265 // 
            
            
            
            NVD: CVE-2018-0676

SOURCES
db:VULHUBid:VHN-118878
db:JVNDBid:JVNDB-2018-000122
db:CNNVDid:CNNVD-201901-265
db:NVDid:CVE-2018-0676

LAST UPDATE DATE
2024-11-23T22:00:09.237000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118878date:2019-02-11T00:00:00
db:JVNDBid:JVNDB-2018-000122date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-265date:2019-07-01T00:00:00
db:NVDid:CVE-2018-0676date:2024-11-21T03:38:43.257

SOURCES RELEASE DATE
db:VULHUBid:VHN-118878date:2019-01-09T00:00:00
db:JVNDBid:JVNDB-2018-000122date:2019-06-28T00:00:00
db:CNNVDid:CNNVD-201901-265date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0676date:2019-01-09T23:29:01.793