Search
Find a vulnerability
Search criteria
7 vulnerabilities found for WN-G300R3 by I-O DATA DEVICE, INC.
JVNDB-2018-000007
Vulnerability from jvndb - Published: 2018-02-06 14:22 - Updated:2018-04-11 11:51
Severity
Summary
Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injection
Details
"MagicalFinder" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate "MagicalFinder" contain an OS command injection vulnerability (CWE-78).
Taizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| Type | URL | |
|---|---|---|
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"dc:date": "2018-04-11T11:51+09:00",
"dcterms:issued": "2018-02-06T14:22+09:00",
"dcterms:modified": "2018-04-11T11:51+09:00",
"description": "\"MagicalFinder\" provided by I-O DATA DEVICE, INC. is a IP address setting tool to for I-O DATA network devices such as routers, network cameras, strages, etc. Multiple I-O DATA network devices that incorporate \"MagicalFinder\" contain an OS command injection vulnerability (CWE-78).\r\n\r\nTaizo Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2018/JVNDB-2018-000007.html",
"sec:cpe": [
{
"#text": "cpe:/h:i-o_data_device:bx-vp1",
"@product": "BX-VP1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx1",
"@product": "GV-NTX1",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:gv-ntx2",
"@product": "GV-NTX2",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-a",
"@product": "HDL-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-ah",
"@product": "HDL-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gt",
"@product": "HDL-GT Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-gtr",
"@product": "HDL-GTR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-t",
"@product": "HDL-T Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr",
"@product": "HDL-XR Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2u",
"@product": "HDL-XR2U Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xr2uw",
"@product": "HDL-XR2UW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xrw",
"@product": "HDL-XRW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xv",
"@product": "HDL-XV Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl-xvw",
"@product": "HDL-XVW Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-a",
"@product": "HDL2-A Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hdl2-ah",
"@product": "HDL2-AH Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hfas1",
"@product": "HFAS1 Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hls-c",
"@product": "HLS-C Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-a",
"@product": "HVL-A series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-at",
"@product": "HVL-AT series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-ata",
"@product": "HVL-ATA series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:hvl-s",
"@product": "HVL-S Series",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750%2fal",
"@product": "WHG-AC1750/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-ac1750a",
"@product": "WHG-AC1750/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napga",
"@product": "WHG-NAPG/A",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:whg-napgal",
"@product": "WHG-NAPG/AL",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1167dgr",
"@product": "WN-AC1167DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1300ex",
"@product": "WN-AC1300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac1600dgr",
"@product": "WN-AC1600DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583rk",
"@product": "WN-AC583RK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ac583trk",
"@product": "WN-AC583TRK",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag300dgr",
"@product": "WN-AG300DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ag750dgr",
"@product": "WN-AG750DGR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-ax1167gr",
"@product": "WN-AX1167GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300ex",
"@product": "WN-G300EX",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r",
"@product": "WN-G300R",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300r3",
"@product": "WN-G300R3",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-g300sr",
"@product": "WN-G300SR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wn-gx300gr",
"@product": "WN-GX300GR",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167f",
"@product": "WNPR1167F",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1167g",
"@product": "WNPR1167G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr1750g",
"@product": "WNPR1750G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
},
{
"#text": "cpe:/h:i-o_data_device:wnpr2600g",
"@product": "WNPR2600G",
"@vendor": "I-O DATA DEVICE, INC.",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "5.2",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"@version": "2.0"
},
{
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2018-000007",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN36048131/index.html",
"@id": "JVN#36048131",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2018-0512",
"@id": "CVE-2018-0512",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-78",
"@title": "OS Command Injection(CWE-78)"
}
],
"title": "Multiple I-O DATA network devices incorporating \"MagicalFinder\" vulnerable to OS command injection"
}
CVE-2017-2283 (GCVE-0-2017-2283)
Vulnerability from nvd – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
Severity
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN51410509/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware version 1.0.2 and earlier
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51410509",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2283",
"datePublished": "2017-08-02T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2142 (GCVE-0-2017-2142)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN81024552/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware Ver.1.03 and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2142",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2141 (GCVE-0-2017-2141)
Vulnerability from nvd – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN81024552/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware Ver.1.03 and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2141",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2283 (GCVE-0-2017-2283)
Vulnerability from cvelistv5 – Published: 2017-08-02 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.
Severity
No CVSS data available.
CWE
- Use of Hard-coded Credentials
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN51410509/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware version 1.0.2 and earlier
|
Date Public
2017-08-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:05.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware version 1.0.2 and earlier"
}
]
}
],
"datePublic": "2017-08-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Use of Hard-coded Credentials",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-02T15:57:02.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#51410509",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware version 1.0.2 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use of Hard-coded Credentials"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#51410509",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN51410509/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2283",
"datePublished": "2017-08-02T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:05.199Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2141 (GCVE-0-2017-2141)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- OS Command Injection
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN81024552/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware Ver.1.03 and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "WN-G300R3 firmware 1.03 and earlier allows attackers with administrator rights to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2141",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2142 (GCVE-0-2017-2142)
Vulnerability from cvelistv5 – Published: 2017-04-28 16:00 – Updated: 2024-08-05 13:48
VLAI
Summary
Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors.
Severity
No CVSS data available.
CWE
- Buffer Overflow
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://jvn.jp/en/jp/JVN81024552/index.html | third-party-advisoryx_refsource_JVN |
| http://www.iodata.jp/support/information/2017/wn-… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| I-O DATA DEVICE, INC. | WN-G300R3 |
Affected:
firmware Ver.1.03 and earlier
|
Date Public
2017-04-28 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:48:03.578Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WN-G300R3",
"vendor": "I-O DATA DEVICE, INC.",
"versions": [
{
"status": "affected",
"version": "firmware Ver.1.03 and earlier"
}
]
}
],
"datePublic": "2017-04-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Buffer Overflow",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-28T15:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#81024552",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-2142",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WN-G300R3",
"version": {
"version_data": [
{
"version_value": "firmware Ver.1.03 and earlier"
}
]
}
}
]
},
"vendor_name": "I-O DATA DEVICE, INC."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows remote attackers to execute arbitrary OS commands via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#81024552",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN81024552/index.html"
},
{
"name": "http://www.iodata.jp/support/information/2017/wn-g300r3/",
"refsource": "MISC",
"url": "http://www.iodata.jp/support/information/2017/wn-g300r3/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-2142",
"datePublished": "2017-04-28T16:00:00.000Z",
"dateReserved": "2016-12-01T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:48:03.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}