Details of VAR-201905-0837

ID

VAR-201905-0837

CVE

CVE-2018-19614

TITLE

Westermo DR-250 and DR-260 Router cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015493

DESCRIPTION

XSS exists in the /cmdexec/cmdexe?cmd= function in Westermo DR-250 Pre-5162 and DR-260 Pre-5162 routers. Westermo DR-250 and DR-260 The router contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. WestermoDR-260 and others are products of Westermo, Sweden. The WestermoDR-260 is a DSL router. The WestermoDR-250 is a DSL router. The WestermoMR-260 is a 3G multimedia router. A cross-site scripting vulnerability exists in the \342\200\230/cmdexec/cmdexe?cmd=\342\200\231 command console in the WestermoDR-260Router, WestermoDR-250Router, and WestermoMR-260Router (all firmware versions). The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code. Westermo DR-260 etc

Trust: 2.25

sources: NVD: CVE-2018-19614 // JVNDB: JVNDB-2018-015493 // CNVD: CNVD-2019-15543 // VULHUB: VHN-130291

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-15543

AFFECTED PRODUCTS

vendor:	westermo	model:	mr-260	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-250	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-260	scope:	eq	version:	*	Trust: 1.0
vendor:	westermo	model:	dr-250	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	dr-260	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	mr-260	scope:	-	version:	-	Trust: 0.8
vendor:	westermo	model:	dr-260 router	scope:	-	version:	-	Trust: 0.6
vendor:	westermo	model:	dr-250 router	scope:	-	version:	-	Trust: 0.6
vendor:	westermo	model:	mr-260 router	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-15543 // JVNDB: JVNDB-2018-015493 // NVD: CVE-2018-19614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-19614
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-19614
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2019-15543
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201905-977
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-130291
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-19614
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-15543
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-130291
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-19614
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-15543 // VULHUB: VHN-130291 // JVNDB: JVNDB-2018-015493 // CNNVD: CNNVD-201905-977 // NVD: CVE-2018-19614

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-130291 // JVNDB: JVNDB-2018-015493 // NVD: CVE-2018-19614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201905-977

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201905-977

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015493

PATCH

title:

Top Page

url:

https://www.westermo.us/

Trust: 0.8

sources: JVNDB: JVNDB-2018-015493

EXTERNAL IDS

db:	NVD	id:	CVE-2018-19614	Trust: 3.1
db:	JVNDB	id:	JVNDB-2018-015493	Trust: 0.8
db:	CNNVD	id:	CNNVD-201905-977	Trust: 0.7
db:	CNVD	id:	CNVD-2019-15543	Trust: 0.6
db:	VULHUB	id:	VHN-130291	Trust: 0.1

sources: CNVD: CNVD-2019-15543 // VULHUB: VHN-130291 // JVNDB: JVNDB-2018-015493 // CNNVD: CNNVD-201905-977 // NVD: CVE-2018-19614

REFERENCES

url:	https://github.com/thewickerman/cve-disclosures/blob/master/cve-2018-19614.md	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2018-19614	Trust: 2.0
url:	https://www.westermo.us/	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-19614	Trust: 0.8

sources: CNVD: CNVD-2019-15543 // VULHUB: VHN-130291 // JVNDB: JVNDB-2018-015493 // CNNVD: CNNVD-201905-977 // NVD: CVE-2018-19614

SOURCES

db:	CNVD	id:	CNVD-2019-15543
db:	VULHUB	id:	VHN-130291
db:	JVNDB	id:	JVNDB-2018-015493
db:	CNNVD	id:	CNNVD-201905-977
db:	NVD	id:	CVE-2018-19614

LAST UPDATE DATE

2024-11-23T23:08:24.679000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-15543	date:	2019-05-28T00:00:00
db:	VULHUB	id:	VHN-130291	date:	2019-05-24T00:00:00
db:	JVNDB	id:	JVNDB-2018-015493	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-977	date:	2019-05-27T00:00:00
db:	NVD	id:	CVE-2018-19614	date:	2024-11-21T03:58:17.163

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-15543	date:	2019-05-28T00:00:00
db:	VULHUB	id:	VHN-130291	date:	2019-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2018-015493	date:	2019-06-07T00:00:00
db:	CNNVD	id:	CNNVD-201905-977	date:	2019-05-23T00:00:00
db:	NVD	id:	CVE-2018-19614	date:	2019-05-23T20:29:00.233