Details of VAR-202207-1948

ID

VAR-202207-1948

CVE

CVE-2022-36293

TITLE

nintendo Wi-Fi network adapter WAP-001 Multiple vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2022-000056

DESCRIPTION

Buffer overflow vulnerability in Nintendo Wi-Fi Network Adaptor WAP-001 All versions allows an attacker with an administrative privilege to execute arbitrary code via unspecified vectors. None

Trust: 1.62

sources: NVD: CVE-2022-36293 // JVNDB: JVNDB-2022-000056

IOT TAXONOMY

category:

['network device']

sub_category:

Wi-Fi network adaptor

Trust: 0.1

sources: OTHER: None

AFFECTED PRODUCTS

vendor:	nintendo	model:	wi-fi network adaptor wap 001	scope:	eq	version:	*	Trust: 1.0
vendor:	任天堂株式会社	model:	ニンテンドー wi-fi ネットワークアダプタ wap-001	scope:	eq	version:	-	Trust: 0.8
vendor:	任天堂株式会社	model:	ニンテンドー wi-fi ネットワークアダプタ wap-001	scope:	eq	version:	nintendo wi-fi network adapter wap-001 all s	Trust: 0.8

sources: JVNDB: JVNDB-2022-000056 // NVD: CVE-2022-36293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2022-36293
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-202207-2799
value:	HIGH
Trust: 0.6

IPA:	JVNDB-2022-000056
severity:	MEDIUM
baseScore:	5.2
vectorString:	AV:A/AC:L/AU:S/C:P/I:P/A:P
accessVector:	ADJACENT NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

nvd@nist.gov:	CVE-2022-36293
baseSeverity:	HIGH
baseScore:	7.2
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.2
impactScore:	5.9
version:	3.1
Trust: 1.0
IPA:	JVNDB-2022-000056
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2022-000056 // CNNVD: CNNVD-202207-2799 // NVD: CVE-2022-36293

PROBLEMTYPE DATA

problemtype:	CWE-120	Trust: 1.0
problemtype:	OS Command injection (CWE-78) [IPA evaluation ]	Trust: 0.8
problemtype:	Buffer error (CWE-119) [IPA evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-000056 // NVD: CVE-2022-36293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202207-2799

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202207-2799

PATCH

title:

nintendo Wi-Fi USB Connector" and "Nintendo Wi-Fi Request to stop using "Network Adapter"

url:

https://www.nintendo.co.jp/support/information/2022/0720.html

Trust: 0.8

sources: JVNDB: JVNDB-2022-000056

EXTERNAL IDS

db:	NVD	id:	CVE-2022-36293	Trust: 3.3
db:	JVN	id:	JVN17625382	Trust: 2.4
db:	JVNDB	id:	JVNDB-2022-000056	Trust: 1.4
db:	CNNVD	id:	CNNVD-202207-2799	Trust: 0.6
db:	OTHER	id:	NONE	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-000056 // CNNVD: CNNVD-202207-2799 // NVD: CVE-2022-36293

REFERENCES

url:	https://www.nintendo.co.jp/support/information/2022/0720.html	Trust: 1.6
url:	https://jvn.jp/en/jp/jvn17625382/index.html	Trust: 1.6
url:	https://jvn.jp/jp/jvn17625382/index.html	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36381	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2022-36293	Trust: 0.8
url:	https://jvndb.jvn.jp/en/contents/2022/jvndb-2022-000056.html	Trust: 0.6
url:	https://cxsecurity.com/cveshow/cve-2022-36293/	Trust: 0.6
url:	https://ieeexplore.ieee.org/abstract/document/10769424	Trust: 0.1

sources: OTHER: None // JVNDB: JVNDB-2022-000056 // CNNVD: CNNVD-202207-2799 // NVD: CVE-2022-36293

SOURCES

db:	OTHER	id:	-
db:	JVNDB	id:	JVNDB-2022-000056
db:	CNNVD	id:	CNNVD-202207-2799
db:	NVD	id:	CVE-2022-36293

LAST UPDATE DATE

2025-01-30T20:47:28.285000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2022-000056	date:	2024-06-14T07:26:00
db:	CNNVD	id:	CNNVD-202207-2799	date:	2022-08-19T00:00:00
db:	NVD	id:	CVE-2022-36293	date:	2022-08-18T11:57:13.680

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2022-000056	date:	2022-07-29T00:00:00
db:	CNNVD	id:	CNNVD-202207-2799	date:	2022-07-29T00:00:00
db:	NVD	id:	CVE-2022-36293	date:	2022-08-16T08:15:09.093