Sign-up

ID

VAR-201909-1376


CVE

CVE-2019-11327


TITLE

Topcon Positioning Net-G5 GNSS Receiver Path traversal vulnerability in device firmware

Trust: 0.8

sources: JVNDB: JVNDB-2019-009586

DESCRIPTION

An issue was discovered on Topcon Positioning Net-G5 GNSS Receiver devices with firmware 5.2.2. The web interface of the product has a local file inclusion vulnerability. An attacker with administrative privileges can craft a special URL to read arbitrary files from the device's files system. Topcon Positioning Net-G5 GNSS Receiver is a multi-frequency GNSS (Global Navigation Satellite System) receiver from Topcon, Japan

Trust: 1.71

sources: NVD: CVE-2019-11327 // JVNDB: JVNDB-2019-009586 // VULHUB: VHN-142962

AFFECTED PRODUCTS

vendor:topconmodel:net-g5scope:eqversion:5.2.2

Trust: 2.4

vendor:topconmodel:net-g5scope:eqversion: -

Trust: 0.6

sources: JVNDB: JVNDB-2019-009586 // CNNVD: CNNVD-201909-1004 // NVD: CVE-2019-11327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-11327
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-11327
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201909-1004
value: MEDIUM

Trust: 0.6

VULHUB: VHN-142962
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2019-11327
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-142962
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-11327
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2019-11327
baseSeverity: MEDIUM
baseScore: 4.9
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-142962 // JVNDB: JVNDB-2019-009586 // CNNVD: CNNVD-201909-1004 // NVD: CVE-2019-11327

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.9

sources: VULHUB: VHN-142962 // JVNDB: JVNDB-2019-009586 // NVD: CVE-2019-11327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201909-1004

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-201909-1004

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-009586

PATCH
title:NET-G5url:https://www.topconpositioning.com/gnss-and-network-solutions/gnss-network-solutions/net-g5
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2019-009586

EXTERNAL IDS
db:NVDid:CVE-2019-11327
Trust: 2.5
db:JVNDBid:JVNDB-2019-009586
Trust: 0.8
db:CNNVDid:CNNVD-201909-1004
Trust: 0.7
db:VULHUBid:VHN-142962
Trust: 0.1
sources:
            
            
            VULHUB: VHN-142962 // 
            
            
            
            JVNDB: JVNDB-2019-009586 // 
            
            
            
            CNNVD: CNNVD-201909-1004 // 
            
            
            
            NVD: CVE-2019-11327

REFERENCES
url:https://mezdanak.de/2019/06/21/iot-full-disclosure-topcon-positioning-net-g5-receiver/
Trust: 2.5
url:https://nvd.nist.gov/vuln/detail/cve-2019-11327
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-11327
Trust: 0.8
sources:
            
            
            VULHUB: VHN-142962 // 
            
            
            
            JVNDB: JVNDB-2019-009586 // 
            
            
            
            CNNVD: CNNVD-201909-1004 // 
            
            
            
            NVD: CVE-2019-11327

SOURCES
db:VULHUBid:VHN-142962
db:JVNDBid:JVNDB-2019-009586
db:CNNVDid:CNNVD-201909-1004
db:NVDid:CVE-2019-11327

LAST UPDATE DATE
2024-11-23T22:41:20.123000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-142962date:2019-09-23T00:00:00
db:JVNDBid:JVNDB-2019-009586date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-1004date:2019-09-30T00:00:00
db:NVDid:CVE-2019-11327date:2024-11-21T04:20:53.780

SOURCES RELEASE DATE
db:VULHUBid:VHN-142962date:2019-09-20T00:00:00
db:JVNDBid:JVNDB-2019-009586date:2019-09-25T00:00:00
db:CNNVDid:CNNVD-201909-1004date:2019-09-20T00:00:00
db:NVDid:CVE-2019-11327date:2019-09-20T19:15:11.610