Details of VAR-201908-1119

ID

VAR-201908-1119

CVE

CVE-2016-10862

TITLE

Neet AirStream NAS Device cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-009467

DESCRIPTION

Neet AirStream NAS1.1 devices have a password of ifconfig for the root account. This cannot be changed via the configuration page. Neet AirStream NAS The device contains a cross-site request forgery vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Neet AirStream NAS1.1 is a wireless audio receiver. A vulnerability management issue vulnerability exists in Neet AirStream NAS 1.1. The vulnerability stems from the lack of an effective trust management mechanism in network systems or products. An attacker can attack an affected component with a default password or hard-coded password, hard-coded certificate, and so on. The vulnerability stems from the WEB application not adequately verifying that the request is from a trusted user. An attacker could exploit this vulnerability to send unexpected requests to the server through an affected client

Trust: 2.25

sources: NVD: CVE-2016-10862 // JVNDB: JVNDB-2016-009467 // CNVD: CNVD-2019-31339 // VULHUB: VHN-89681

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2019-31339

AFFECTED PRODUCTS

vendor:	neetcables	model:	airstream nas	scope:	eq	version:	1.1	Trust: 1.0
vendor:	neet	model:	airstream nas1.1	scope:	-	version:	-	Trust: 0.8
vendor:	neetcables	model:	neet airstream nas1.1	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2019-31339 // JVNDB: JVNDB-2016-009467 // NVD: CVE-2016-10862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-10862
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-10862
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2019-31339
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201908-593
value:	HIGH
Trust: 0.6
VULHUB:	VHN-89681
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2016-10862
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2019-31339
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-89681
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2016-10862
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2019-31339 // VULHUB: VHN-89681 // JVNDB: JVNDB-2016-009467 // CNNVD: CNNVD-201908-593 // NVD: CVE-2016-10862

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-89681 // JVNDB: JVNDB-2016-009467 // NVD: CVE-2016-10862

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201908-593

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201908-593

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-009467

PATCH

title:

Top Page

url:

http://www.neetcables.com/

Trust: 0.8

sources: JVNDB: JVNDB-2016-009467

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10862	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-009467	Trust: 0.8
db:	CNNVD	id:	CNNVD-201908-593	Trust: 0.7
db:	CNVD	id:	CNVD-2019-31339	Trust: 0.6
db:	VULHUB	id:	VHN-89681	Trust: 0.1

sources: CNVD: CNVD-2019-31339 // VULHUB: VHN-89681 // JVNDB: JVNDB-2016-009467 // CNNVD: CNNVD-201908-593 // NVD: CVE-2016-10862

REFERENCES

url:	https://www.pentestpartners.com/security-blog/a-neet-csrf-to-reverse-shell-in-wi-fi-music-streamer/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10862	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10862	Trust: 0.8

sources: CNVD: CNVD-2019-31339 // VULHUB: VHN-89681 // JVNDB: JVNDB-2016-009467 // CNNVD: CNNVD-201908-593 // NVD: CVE-2016-10862

SOURCES

db:	CNVD	id:	CNVD-2019-31339
db:	VULHUB	id:	VHN-89681
db:	JVNDB	id:	JVNDB-2016-009467
db:	CNNVD	id:	CNNVD-201908-593
db:	NVD	id:	CVE-2016-10862

LAST UPDATE DATE

2024-11-23T22:58:36.553000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2019-31339	date:	2019-09-14T00:00:00
db:	VULHUB	id:	VHN-89681	date:	2019-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2016-009467	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-593	date:	2019-08-21T00:00:00
db:	NVD	id:	CVE-2016-10862	date:	2024-11-21T02:44:55.933

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2019-31339	date:	2019-09-14T00:00:00
db:	VULHUB	id:	VHN-89681	date:	2019-08-08T00:00:00
db:	JVNDB	id:	JVNDB-2016-009467	date:	2019-08-16T00:00:00
db:	CNNVD	id:	CNNVD-201908-593	date:	2019-08-08T00:00:00
db:	NVD	id:	CVE-2016-10862	date:	2019-08-08T21:15:11.050