Details of VAR-201906-0700

ID

VAR-201906-0700

CVE

CVE-2016-10760

TITLE

Seowon Intech Command injection vulnerability in routers

Trust: 0.8

sources: JVNDB: JVNDB-2016-009354

DESCRIPTION

On Seowon Intech routers, there is a Command Injection vulnerability in diagnostic.cgi via shell metacharacters in the ping_ipaddr parameter. Seowon Intech The router contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Seowon Intech routers are router products of Seowon Intech Company in South Korea. This vulnerability stems from the fact that the network system or product does not correctly filter special elements in the process of constructing executable commands from external input data. Attackers can exploit this vulnerability to execute illegal commands

Trust: 1.8

sources: NVD: CVE-2016-10760 // JVNDB: JVNDB-2016-009354 // VULHUB: VHN-89569 // VULMON: CVE-2016-10760

AFFECTED PRODUCTS

vendor:	seowonintech	model:	swr-300a	scope:	eq	version:	-	Trust: 1.0
vendor:	seowonintech	model:	swr-300b	scope:	eq	version:	-	Trust: 1.0
vendor:	seowonintech	model:	swr-300c	scope:	eq	version:	-	Trust: 1.0
vendor:	seowonintech	model:	swr-300bg	scope:	eq	version:	-	Trust: 1.0
vendor:	seowon intech	model:	swr-300a	scope:	-	version:	-	Trust: 0.8
vendor:	seowon intech	model:	swr-300b	scope:	-	version:	-	Trust: 0.8
vendor:	seowon intech	model:	swr-300bg	scope:	-	version:	-	Trust: 0.8
vendor:	seowon intech	model:	swr-300c	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2016-009354 // NVD: CVE-2016-10760

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10760
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2016-10760
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201906-403
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-89569
value:	HIGH
Trust: 0.1
VULMON:	CVE-2016-10760
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2016-10760
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-89569
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10760
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-89569 // VULMON: CVE-2016-10760 // JVNDB: JVNDB-2016-009354 // CNNVD: CNNVD-201906-403 // NVD: CVE-2016-10760

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-89569 // JVNDB: JVNDB-2016-009354 // NVD: CVE-2016-10760

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-403

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201906-403

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009354

PATCH

title:	Mobile Router (SWR-300A、SWR-300B、SWR-300C)	url:	http://www.seowonintech.co.kr/en/product/detail.asp?num=130&big_kind=B04&middle_kind=	Trust: 0.8
title:	Mobile Router (SWR-300BG)	url:	http://www.seowonintech.co.kr/jp/product/detail.asp?num=143&big_kind=B04&middle_kind=B04_07	Trust: 0.8

sources: JVNDB: JVNDB-2016-009354

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10760	Trust: 2.6
db:	JVNDB	id:	JVNDB-2016-009354	Trust: 0.8
db:	CNNVD	id:	CNNVD-201906-403	Trust: 0.7
db:	VULHUB	id:	VHN-89569	Trust: 0.1
db:	VULMON	id:	CVE-2016-10760	Trust: 0.1

sources: VULHUB: VHN-89569 // VULMON: CVE-2016-10760 // JVNDB: JVNDB-2016-009354 // CNNVD: CNNVD-201906-403 // NVD: CVE-2016-10760

REFERENCES

url:	https://ethical-hacker.org/en/seowonintech-remote-root/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10760	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10760	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/77.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-89569 // VULMON: CVE-2016-10760 // JVNDB: JVNDB-2016-009354 // CNNVD: CNNVD-201906-403 // NVD: CVE-2016-10760

SOURCES

db:	VULHUB	id:	VHN-89569
db:	VULMON	id:	CVE-2016-10760
db:	JVNDB	id:	JVNDB-2016-009354
db:	CNNVD	id:	CNNVD-201906-403
db:	NVD	id:	CVE-2016-10760

LAST UPDATE DATE

2024-11-23T21:37:14.176000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-89569	date:	2019-06-12T00:00:00
db:	VULMON	id:	CVE-2016-10760	date:	2019-06-12T00:00:00
db:	JVNDB	id:	JVNDB-2016-009354	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-403	date:	2019-06-13T00:00:00
db:	NVD	id:	CVE-2016-10760	date:	2024-11-21T02:44:41.013

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-89569	date:	2019-06-11T00:00:00
db:	VULMON	id:	CVE-2016-10760	date:	2019-06-11T00:00:00
db:	JVNDB	id:	JVNDB-2016-009354	date:	2019-06-20T00:00:00
db:	CNNVD	id:	CNNVD-201906-403	date:	2019-06-11T00:00:00
db:	NVD	id:	CVE-2016-10760	date:	2019-06-11T21:29:00.443