Details of VAR-201905-0835

ID

VAR-201905-0835

CVE

CVE-2018-19612

TITLE

Westermo DR-250 and DR-260 Router unrestricted upload vulnerability type vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015497

DESCRIPTION

The /uploadfile? functionality in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers allows remote users to upload malicious file types and execute ASP code. Westermo DR-250 and DR-260 The router contains a vulnerability related to unlimited uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WestermoDR-260 and others are products of Westermo, Sweden. The WestermoDR-260 is a DSL router. The WestermoDR-250 is a DSL router. The WestermoMR-260 is a 3G multimedia router. Westermo DR-260 etc. A security vulnerability exists in the /uploadfile? function in the Westermo DR-260, DR-250, and MR-260

Trust: 2.25

sources: NVD: CVE-2018-19612 // JVNDB: JVNDB-2018-015497 // CNVD: CNVD-2019-15900 // VULHUB: VHN-130289

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-15900

AFFECTED PRODUCTS

vendor:	westermo	model:	mr-260	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-250	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-260	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-250	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	dr-260	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	mr-260	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	dr-260 router	scope:	-	version:	-	Trust: 0.6
vendor:	westermo	model:	dr-250 router	scope:	-	version:	-	Trust: 0.6
vendor:	westermo	model:	mr-260 router	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-15900 // JVNDB: JVNDB-2018-015497 // NVD: CVE-2018-19612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19612
value:	HIGH
Trust: 1.0
NVD:	CVE-2018-19612
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-15900
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-995
value:	HIGH
Trust: 0.6
VULHUB:	VHN-130289
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19612
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-15900
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-130289
severity:	MEDIUM
baseScore:	6.5
vectorString:	AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19612
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-15900 // VULHUB: VHN-130289 // JVNDB: JVNDB-2018-015497 // CNNVD: CNNVD-201905-995 // NVD: CVE-2018-19612

PROBLEMTYPE DATA

problemtype:

CWE-434

Trust: 1.9

sources: VULHUB: VHN-130289 // JVNDB: JVNDB-2018-015497 // NVD: CVE-2018-19612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-995

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-201905-995

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015497

PATCH

title:

Top Page

url:

https://www.westermo.us/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015497

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19612	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-015497	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-995	Trust: 0.7
db:	CNVD	id:	CNVD-2019-15900	Trust: 0.6
db:	VULHUB	id:	VHN-130289	Trust: 0.1

sources: CNVD: CNVD-2019-15900 // VULHUB: VHN-130289 // JVNDB: JVNDB-2018-015497 // CNNVD: CNNVD-201905-995 // NVD: CVE-2018-19612

REFERENCES

url:	https://github.com/thewickerman/cve-disclosures/blob/master/cve-2018-19612.md	Trust: 3.1
url:	https://www.westermo.us/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19612	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19612	Trust: 0.8
url:	https://web.nvd.nist.gov//vuln/detail/cve-2018-19612	Trust: 0.6

sources: CNVD: CNVD-2019-15900 // VULHUB: VHN-130289 // JVNDB: JVNDB-2018-015497 // CNNVD: CNNVD-201905-995 // NVD: CVE-2018-19612

SOURCES

db:	CNVD	id:	CNVD-2019-15900
db:	VULHUB	id:	VHN-130289
db:	JVNDB	id:	JVNDB-2018-015497
db:	CNNVD	id:	CNNVD-201905-995
db:	NVD	id:	CVE-2018-19612

LAST UPDATE DATE

2024-11-23T22:12:01.613000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-15900	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-130289	date:	2019-05-28T00:00:00
db:	JVNDB	id:	JVNDB-2018-015497	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-995	date:	2019-05-29T00:00:00
db:	NVD	id:	CVE-2018-19612	date:	2024-11-21T03:58:16.853

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-15900	date:	2019-05-30T00:00:00
db:	VULHUB	id:	VHN-130289	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015497	date:	2019-06-10T00:00:00
db:	CNNVD	id:	CNNVD-201905-995	date:	2019-05-24T00:00:00
db:	NVD	id:	CVE-2018-19612	date:	2019-05-24T17:29:02.227