Vulnerabilites related to I-O DATA DEVICE, INC. - WN-G300R3
CVE-2017-2283 (GCVE-0-2017-2283)
Vulnerability from cvelistv5
Published
2017-08-02 16:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Use of Hard-coded Credentials
Summary
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Version: firmware version 1.0.2 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T15:57:02",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51410509",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2283",
"datePublished": "2017-08-02T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:05.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2141 (GCVE-0-2017-2141)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- OS Command Injection
Summary
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Version: firmware Ver.1.03 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2141",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2142 (GCVE-0-2017-2142)
Vulnerability from cvelistv5
Published
2017-04-28 16:00
Modified
2024-08-05 13:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Buffer Overflow
Summary
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Version: firmware Ver.1.03 and earlier |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2142",
"datePublished": "2017-04-28T16:00:00",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-08-05T13:48:03.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2018-000007
Vulnerability from jvndb
Published
2018-02-06 14:22
Modified
2018-04-11 11:51
Severity ?
Summary
Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
Details
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78).
Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ► | Type | URL |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"dc:date": "2018-04-11T11:51+09:00",
"dcterms:issued": "2018-02-06T14:22+09:00",
"dcterms:modified": "2018-04-11T11:51+09:00",
"description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"sec:cpe": [
{
"#text": "cpe:/h:i-o_data_device:bx-vp1",
"@product": "BX-VP1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx1",
"@product": "GV-NTX1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx2",
"@product": "GV-NTX2",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-a",
"@product": "HDL-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-ah",
"@product": "HDL-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gt",
"@product": "HDL-GT Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gtr",
"@product": "HDL-GTR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-t",
"@product": "HDL-T Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr",
"@product": "HDL-XR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2u",
"@product": "HDL-XR2U Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
"@product": "HDL-XR2UW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xrw",
"@product": "HDL-XRW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xv",
"@product": "HDL-XV Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xvw",
"@product": "HDL-XVW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-a",
"@product": "HDL2-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-ah",
"@product": "HDL2-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hfas1",
"@product": "HFAS1 Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hls-c",
"@product": "HLS-C Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-a",
"@product": "HVL-A series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-at",
"@product": "HVL-AT series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-ata",
"@product": "HVL-ATA series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-s",
"@product": "HVL-S Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
"@product": "WHG-AC1750/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750a",
"@product": "WHG-AC1750/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napga",
"@product": "WHG-NAPG/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napgal",
"@product": "WHG-NAPG/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
"@product": "WN-AC1167DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
"@product": "WN-AC1300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
"@product": "WN-AC1600DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583rk",
"@product": "WN-AC583RK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583trk",
"@product": "WN-AC583TRK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
"@product": "WN-AG300DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
"@product": "WN-AG750DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
"@product": "WN-AX1167GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300ex",
"@product": "WN-G300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r",
"@product": "WN-G300R",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r3",
"@product": "WN-G300R3",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300sr",
"@product": "WN-G300SR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-gx300gr",
"@product": "WN-GX300GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167f",
"@product": "WNPR1167F",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167g",
"@product": "WNPR1167G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1750g",
"@product": "WNPR1750G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr2600g",
"@product": "WNPR2600G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
"@id": "JVN#36048131",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}