Sign-up

ID

VAR-201901-0739


CVE

CVE-2018-0635


TITLE

Multiple vulnerabilities in Aterm HC100RC

Trust: 0.8

sources: JVNDB: JVNDB-2018-000077

DESCRIPTION

Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary OS commands via filename parameter. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NECAtermHC100RC is a network camera from NEC. An operating system command injection vulnerability exists in NECAtermHC100RC using firmware version 1.0.1 and earlier. An attacker could exploit this vulnerability with the \342\200\230filename\342\200\231 parameter to execute any operating system command

Trust: 2.16

sources: NVD: CVE-2018-0635 // JVNDB: JVNDB-2018-000077 // CNVD: CNVD-2019-01107

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01107

AFFECTED PRODUCTS

vendor:necmodel:aterm hc100rcscope:lteversion:1.0.1

Trust: 1.0

vendor:necmodel:aterm hc100rcscope:lteversion:camera firmware ver1.0.1

Trust: 0.8

vendor:necmodel:aterm hc100rcscope:lteversion:<=1.0.1

Trust: 0.6

vendor:necmodel:aterm hc100rcscope:eqversion:1.0.1

Trust: 0.6

sources: CNVD: CNVD-2019-01107 // JVNDB: JVNDB-2018-000077 // CNNVD: CNNVD-201901-250 // NVD: CVE-2018-0635

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000077
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0635
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01107
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-250
value: CRITICAL

Trust: 0.6

IPA: JVNDB-2018-000077
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0635
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01107
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000077
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0635
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01107 // JVNDB: JVNDB-2018-000077 // JVNDB: JVNDB-2018-000077 // CNNVD: CNNVD-201901-250 // NVD: CVE-2018-0635

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.8

problemtype:CWE-119

Trust: 0.8

sources: JVNDB: JVNDB-2018-000077 // NVD: CVE-2018-0635

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-250

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201901-250

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000077

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NECAtermHC100RC Operating System Command Injection Vulnerability (CNVD-2019-01107)url:https://www.cnvd.org.cn/patchInfo/show/149867
Trust: 0.6
title:NEC Aterm HC100RC Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88434
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01107 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-250

EXTERNAL IDS
db:NVDid:CVE-2018-0635
Trust: 3.0
db:JVNid:JVN84825660
Trust: 2.4
db:JVNDBid:JVNDB-2018-000077
Trust: 0.8
db:CNVDid:CNVD-2019-01107
Trust: 0.6
db:CNNVDid:CNNVD-201901-250
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01107 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-250 // 
            
            
            
            NVD: CVE-2018-0635

REFERENCES
url:https://jvn.jp/en/jp/jvn84825660/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0635
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0638
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0639
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0640
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0641
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0634
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0635
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0636
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0637
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0637
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0638
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0639
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0640
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0641
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0634
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0636
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01107 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-250 // 
            
            
            
            NVD: CVE-2018-0635

SOURCES
db:CNVDid:CNVD-2019-01107
db:JVNDBid:JVNDB-2018-000077
db:CNNVDid:CNNVD-201901-250
db:NVDid:CVE-2018-0635

LAST UPDATE DATE
2024-11-23T21:37:45.522000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01107date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000077date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-250date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0635date:2024-11-21T03:38:38.063

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01107date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000077date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-250date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0635date:2019-01-09T23:29:00.903