Details of VAR-202006-1196

ID

VAR-202006-1196

CVE

CVE-2014-7173

TITLE

FarSite Communications FarLinX X25 Gateway operating system command injection vulnerability

Trust: 1.2

sources: CNVD: CNVD-2020-36280 // CNNVD: CNNVD-202006-038

DESCRIPTION

FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php. FarLinX X25 Gateway To OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. FarSite Communications FarLinX X25 Gateway is a gateway product of FarSite Communications in the UK. The product has a browser interface, online statistical information set, connection log records, active session display, and status change alerts. FarSite Communications FarLinX X25 Gateway 2014-09-25 and previous versions of sysSaveMonitorData.php file, fsx25MonProxy.php file, syseditdate.php file, iframeupload.php file and sysRestoreX25Cplt.php file have operating system command injection vulnerabilities, attackers can use Shell metacharacters use this vulnerability to inject commands

Trust: 2.16

sources: NVD: CVE-2014-7173 // JVNDB: JVNDB-2014-008947 // CNVD: CNVD-2020-36280

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2020-36280

AFFECTED PRODUCTS

vendor:	farsite	model:	farlinx x25 gateway	scope:	lte	version:	2014-09-25	Trust: 1.0
vendor:	farsite	model:	farlinx x25 gateway	scope:	eq	version:	2014/09/25	Trust: 0.8
vendor:	farsite	model:	communications farlinx gateway	scope:	eq	version:	x25<=2014-09-25	Trust: 0.6

sources: CNVD: CNVD-2020-36280 // JVNDB: JVNDB-2014-008947 // NVD: CVE-2014-7173

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7173
value:	CRITICAL
Trust: 1.0
NVD:	JVNDB-2014-008947
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2020-36280
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-202006-038
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2014-7173
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	JVNDB-2014-008947
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2020-36280
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-7173
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	JVNDB-2014-008947
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2020-36280 // JVNDB: JVNDB-2014-008947 // CNNVD: CNNVD-202006-038 // NVD: CVE-2014-7173

PROBLEMTYPE DATA

problemtype:

CWE-78

Trust: 1.8

sources: JVNDB: JVNDB-2014-008947 // NVD: CVE-2014-7173

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202006-038

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-202006-038

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-008947

PATCH

title:

FarLinX X25 Gateway

url:

https://www.farsite.com/TCP_IP_X.25_Gateway/FarLinX_X.25_gateway.php

Trust: 0.8

sources: JVNDB: JVNDB-2014-008947

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7173	Trust: 3.0
db:	JVNDB	id:	JVNDB-2014-008947	Trust: 0.8
db:	CNVD	id:	CNVD-2020-36280	Trust: 0.6
db:	NSFOCUS	id:	47173	Trust: 0.6
db:	CNNVD	id:	CNNVD-202006-038	Trust: 0.6

sources: CNVD: CNVD-2020-36280 // JVNDB: JVNDB-2014-008947 // CNNVD: CNNVD-202006-038 // NVD: CVE-2014-7173

REFERENCES

url:	https://www.justanotherhacker.com/2016/09/jahx164_-_farlinx_x25_gateway_multiple_vulnerabilities.html	Trust: 3.0
url:	https://nvd.nist.gov/vuln/detail/cve-2014-7173	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7173	Trust: 0.8
url:	http://www.nsfocus.net/vulndb/47173	Trust: 0.6

sources: CNVD: CNVD-2020-36280 // JVNDB: JVNDB-2014-008947 // CNNVD: CNNVD-202006-038 // NVD: CVE-2014-7173

SOURCES

db:	CNVD	id:	CNVD-2020-36280
db:	JVNDB	id:	JVNDB-2014-008947
db:	CNNVD	id:	CNNVD-202006-038
db:	NVD	id:	CVE-2014-7173

LAST UPDATE DATE

2024-11-23T22:33:25.773000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2020-36280	date:	2020-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-008947	date:	2020-06-25T00:00:00
db:	CNNVD	id:	CNNVD-202006-038	date:	2020-07-17T00:00:00
db:	NVD	id:	CVE-2014-7173	date:	2024-11-21T02:16:27.413

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2020-36280	date:	2020-07-06T00:00:00
db:	JVNDB	id:	JVNDB-2014-008947	date:	2020-06-25T00:00:00
db:	CNNVD	id:	CNNVD-202006-038	date:	2020-06-01T00:00:00
db:	NVD	id:	CVE-2014-7173	date:	2020-06-01T17:15:11.837