Search
Find a vulnerability
Search criteria
2 vulnerabilities found for WRTR-304GN-304TW-UPSC by SECOM
CVE-2024-10118 (GCVE-0-2024-10118)
Vulnerability from nvd – Published: 2024-10-18 04:03 – Updated: 2024-10-18 16:46 Unsupported When Assigned
VLAI
Title
SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
Summary
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SECOM | WRTR-304GN-304TW-UPSC |
Affected:
0
|
|
| secom | wrtr-304gn-304tw-upsc_firmware |
Affected:
v02
cpe:2.3:o:secom:wrtr-304gn-304tw-upsc_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-10-18 03:51
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:secom:wrtr-304gn-304tw-upsc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wrtr-304gn-304tw-upsc_firmware",
"vendor": "secom",
"versions": [
{
"status": "affected",
"version": "v02"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:41:41.105343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:46:48.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WRTR-304GN-304TW-UPSC",
"vendor": "SECOM",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-10-18T03:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.\u003c/span\u003e"
}
],
"value": "SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T04:03:58.106Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product is no longer in surport. Please retire affected device.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product is no longer in surport. Please retire affected device."
}
],
"source": {
"advisory": "TVN-202410016",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "SECOM WRTR-304GN-304TW-UPSC - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-10118",
"datePublished": "2024-10-18T04:03:58.106Z",
"dateReserved": "2024-10-18T02:54:42.209Z",
"dateUpdated": "2024-10-18T16:46:48.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-10118 (GCVE-0-2024-10118)
Vulnerability from cvelistv5 – Published: 2024-10-18 04:03 – Updated: 2024-10-18 16:46 Unsupported When Assigned
VLAI
Title
SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
Summary
SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html | third-party-advisory |
| https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html | third-party-advisory |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| SECOM | WRTR-304GN-304TW-UPSC |
Affected:
0
|
|
| secom | wrtr-304gn-304tw-upsc_firmware |
Affected:
v02
cpe:2.3:o:secom:wrtr-304gn-304tw-upsc_firmware:*:*:*:*:*:*:*:* |
Date Public
2024-10-18 03:51
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:secom:wrtr-304gn-304tw-upsc_firmware:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "wrtr-304gn-304tw-upsc_firmware",
"vendor": "secom",
"versions": [
{
"status": "affected",
"version": "v02"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-10118",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-18T16:41:41.105343Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T16:46:48.733Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "WRTR-304GN-304TW-UPSC",
"vendor": "SECOM",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2024-10-18T03:51:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eSECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device.\u003c/span\u003e"
}
],
"value": "SECOM WRTR-304GN-304TW-UPSC does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-18T04:03:58.106Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/tw/cp-132-8154-69fa5-1.html"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://www.twcert.org.tw/en/cp-139-8155-c1ea6-2.html"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe product is no longer in surport. Please retire affected device.\u003c/span\u003e\n\n\u003cbr\u003e"
}
],
"value": "The product is no longer in surport. Please retire affected device."
}
],
"source": {
"advisory": "TVN-202410016",
"discovery": "EXTERNAL"
},
"tags": [
"unsupported-when-assigned"
],
"title": "SECOM WRTR-304GN-304TW-UPSC - OS Command Injection",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2024-10118",
"datePublished": "2024-10-18T04:03:58.106Z",
"dateReserved": "2024-10-18T02:54:42.209Z",
"dateUpdated": "2024-10-18T16:46:48.733Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}