Sign-up

ID

VAR-201901-0744


CVE

CVE-2018-0640


TITLE

Multiple vulnerabilities in Aterm HC100RC

Trust: 0.8

sources: JVNDB: JVNDB-2018-000077

DESCRIPTION

Buffer overflow in Aterm HC100RC Ver1.0.1 and earlier allows attacker with administrator rights to execute arbitrary code via netWizard.cgi date parameter, time parameter, and offset parameter. Aterm HC100RC provided by NEC Corporation contains multiple vulnerabilities listed below. * OS Command Injection (CWE-78) - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * Buffer Overflow (CWE-119) - CVE-2018-0640, CVE-2018-0641 Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.* A user who can access the product with administrative privileges may execute an arbitrary OS command. - CVE-2018-0634, CVE-2018-0635, CVE-2018-0636, CVE-2018-0637, CVE-2018-0638, CVE-2018-0639 * A user who can access the product with administrative privileges may execute an arbitrary code. - CVE-2018-0640, CVE-2018-0641. The NEC Aterm HC100RC is a network camera from NEC. A buffer overflow vulnerability exists in NEC Aterm HC100RC with firmware version 1.0.1 and earlier

Trust: 2.16

sources: NVD: CVE-2018-0640 // JVNDB: JVNDB-2018-000077 // CNVD: CNVD-2019-01294

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2019-01294

AFFECTED PRODUCTS

vendor:necmodel:aterm hc100rcscope:lteversion:1.0.1

Trust: 1.0

vendor:necmodel:aterm hc100rcscope:lteversion:camera firmware ver1.0.1

Trust: 0.8

vendor:necmodel:aterm hc100rcscope:lteversion:<=1.0.1

Trust: 0.6

vendor:necmodel:aterm hc100rcscope:eqversion:1.0.1

Trust: 0.6

sources: CNVD: CNVD-2019-01294 // JVNDB: JVNDB-2018-000077 // CNNVD: CNNVD-201901-289 // NVD: CVE-2018-0640

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2018-000077
value: MEDIUM

Trust: 1.6

nvd@nist.gov: CVE-2018-0640
value: HIGH

Trust: 1.0

CNVD: CNVD-2019-01294
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201901-289
value: MEDIUM

Trust: 0.6

IPA: JVNDB-2018-000077
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0640
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2019-01294
severity: MEDIUM
baseScore: 5.2
vectorString: AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 5.1
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IPA: JVNDB-2018-000077
baseSeverity: MEDIUM
baseScore: 6.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 1.6

nvd@nist.gov: CVE-2018-0640
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2019-01294 // JVNDB: JVNDB-2018-000077 // JVNDB: JVNDB-2018-000077 // CNNVD: CNNVD-201901-289 // NVD: CVE-2018-0640

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

problemtype:CWE-78

Trust: 0.8

sources: JVNDB: JVNDB-2018-000077 // NVD: CVE-2018-0640

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-289

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201901-289

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-000077

PATCH
title:NV18-011url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 0.8
title:Patch for NEC Aterm HC100RC Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/149895
Trust: 0.6
title:NEC Aterm HC100RC Buffer error vulnerability fixurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88472
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01294 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-289

EXTERNAL IDS
db:NVDid:CVE-2018-0640
Trust: 3.0
db:JVNid:JVN84825660
Trust: 2.4
db:JVNDBid:JVNDB-2018-000077
Trust: 0.8
db:CNVDid:CNVD-2019-01294
Trust: 0.6
db:CNNVDid:CNNVD-201901-289
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2019-01294 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-289 // 
            
            
            
            NVD: CVE-2018-0640

REFERENCES
url:https://jvn.jp/en/jp/jvn84825660/index.html
Trust: 2.4
url:https://jpn.nec.com/security-info/secinfo/nv18-011.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2018-0640
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0638
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0639
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0640
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0641
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0634
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0635
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0636
Trust: 0.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0637
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0637
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0638
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0639
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0641
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0634
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0635
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0636
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2019-01294 // 
            
            
            
            JVNDB: JVNDB-2018-000077 // 
            
            
            
            CNNVD: CNNVD-201901-289 // 
            
            
            
            NVD: CVE-2018-0640

SOURCES
db:CNVDid:CNVD-2019-01294
db:JVNDBid:JVNDB-2018-000077
db:CNNVDid:CNNVD-201901-289
db:NVDid:CVE-2018-0640

LAST UPDATE DATE
2024-11-23T21:37:45.475000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2019-01294date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000077date:2019-08-27T00:00:00
db:CNNVDid:CNNVD-201901-289date:2021-07-09T00:00:00
db:NVDid:CVE-2018-0640date:2024-11-21T03:38:38.710

SOURCES RELEASE DATE
db:CNVDid:CNVD-2019-01294date:2019-01-14T00:00:00
db:JVNDBid:JVNDB-2018-000077date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201901-289date:2019-01-10T00:00:00
db:NVDid:CVE-2018-0640date:2019-01-09T23:29:01.200