Search criteria
10 vulnerabilities found for oaklouds_portal by hgiga
CVE-2023-25909 (GCVE-0-2023-25909)
Vulnerability from nvd – Published: 2023-03-27 00:00 – Updated: 2025-02-19 15:46
VLAI?
Title
HGiga Inc. OAKlouds - Arbitrary File Upload
Summary
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGIGA INC. | HGiga OAKlouds |
Affected:
2
Affected: 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:45:52.592717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:46:34.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGiga OAKlouds",
"vendor": "HGIGA INC.",
"versions": [
{
"status": "affected",
"version": "2"
},
{
"status": "affected",
"version": "3"
}
]
}
],
"datePublic": "2023-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "- Update OAKlouds-layout-2.0 to OAKlouds-layout-2.0-10\n- Update OAKlouds-layout-3.0 to OAKlouds-layout-3.0-10"
}
],
"source": {
"advisory": "TVN-202303001",
"discovery": "EXTERNAL"
},
"title": "HGiga Inc. OAKlouds - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-25909",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-02-16T00:00:00.000Z",
"dateUpdated": "2025-02-19T15:46:34.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38118 (GCVE-0-2022-38118)
Vulnerability from nvd – Published: 2022-08-30 04:25 – Updated: 2024-09-16 17:29
VLAI?
Title
HGiga OAKlouds - SQL Injection
Summary
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
Severity ?
8.8 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"OAKlouds-mol_metting-2.0"
],
"product": "OAKlouds",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-mol_metting-2.0-163",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"OAKlouds-mol_metting-3.0"
],
"product": "OAKlouds",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-mol_metting-3.0-163",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OAKlouds Portal website\u2019s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T14:51:14",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
],
"solutions": [
{
"lang": "en",
"value": "OAKlouds-mol_metting-2.0 update version to OAKlouds-mol_metting-2.0-164\nOAKlouds-mol_metting-3.0 update version to OAKlouds-mol_metting-3.0-164"
}
],
"source": {
"advisory": "TVN-202208003",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:05:00.000Z",
"ID": "CVE-2022-38118",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds",
"version": {
"version_data": [
{
"platform": "OAKlouds-mol_metting-2.0",
"version_affected": "\u003c=",
"version_value": "OAKlouds-mol_metting-2.0-163"
},
{
"platform": "OAKlouds-mol_metting-3.0",
"version_affected": "\u003c=",
"version_value": "OAKlouds-mol_metting-3.0-163"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OAKlouds Portal website\u2019s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"name": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
]
},
"solution": [
{
"lang": "en",
"value": "OAKlouds-mol_metting-2.0 update version to OAKlouds-mol_metting-2.0-164\nOAKlouds-mol_metting-3.0 update version to OAKlouds-mol_metting-3.0-164"
}
],
"source": {
"advisory": "TVN-202208003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-38118",
"datePublished": "2022-08-30T04:25:28.204191Z",
"dateReserved": "2022-08-10T00:00:00",
"dateUpdated": "2024-09-16T17:29:10.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37913 (GCVE-0-2021-37913)
Vulnerability from nvd – Published: 2021-09-15 19:10 – Updated: 2024-09-16 17:18
VLAI?
Title
HGiga OAKlouds - Command Injection-2
Summary
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKlouds OAKSv2 |
Affected:
OAKlouds-network 2.0 , ≤ OAKlouds-network-2.0-2
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKlouds OAKSv2",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-2.0-2",
"status": "affected",
"version": "OAKlouds-network 2.0",
"versionType": "custom"
}
]
},
{
"product": "OAKlouds OAKSv3",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-3.0-2",
"status": "affected",
"version": "OAKlouds-network 3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:25",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108010",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - Command Injection-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:00:00.000Z",
"ID": "CVE-2021-37913",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - Command Injection-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds OAKSv2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 2.0",
"version_value": "OAKlouds-network-2.0-2"
}
]
}
},
{
"product_name": "OAKlouds OAKSv3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 3.0",
"version_value": "OAKlouds-network-3.0-2"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37913",
"datePublished": "2021-09-15T19:10:25.840309Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-16T17:18:49.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37912 (GCVE-0-2021-37912)
Vulnerability from nvd – Published: 2021-09-15 19:10 – Updated: 2024-09-17 01:06
VLAI?
Title
HGiga OAKlouds - Command Injection-1
Summary
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKlouds OAKSv2 |
Affected:
OAKlouds-network 2.0 , ≤ OAKlouds-network-2.0-2
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKlouds OAKSv2",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-2.0-2",
"status": "affected",
"version": "OAKlouds-network 2.0",
"versionType": "custom"
}
]
},
{
"product": "OAKlouds OAKSv3",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-3.0-2",
"status": "affected",
"version": "OAKlouds-network 3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108009",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - Command Injection-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:00:00.000Z",
"ID": "CVE-2021-37912",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - Command Injection-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds OAKSv2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 2.0",
"version_value": "OAKlouds-network-2.0-2"
}
]
}
},
{
"product_name": "OAKlouds OAKSv3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 3.0",
"version_value": "OAKlouds-network-3.0-2"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37912",
"datePublished": "2021-09-15T19:10:24.238885Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-17T01:06:08.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22850 (GCVE-0-2021-22850)
Vulnerability from nvd – Published: 2021-01-19 10:05 – Updated: 2024-09-17 01:16
VLAI?
Title
HGiga OAKloud Portal - Security Misconfiguration
Summary
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
Severity ?
5.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKSv20 OAKlouds-document_v3 |
Affected:
2.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKSv20 OAKlouds-document_v3",
"vendor": "HGiga",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "OAKSv30 OAKlouds-document_v3",
"vendor": "HGiga",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"datePublic": "2021-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T10:05:34",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact HGiga Inc. for corresponding measures."
}
],
"source": {
"advisory": "TVN-202101004",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKloud Portal - Security Misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-01-19T08:53:00.000Z",
"ID": "CVE-2021-22850",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKloud Portal - Security Misconfiguration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKSv20 OAKlouds-document_v3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "OAKSv30 OAKlouds-document_v3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"name": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact HGiga Inc. for corresponding measures."
}
],
"source": {
"advisory": "TVN-202101004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-22850",
"datePublished": "2021-01-19T10:05:35.059886Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:16:31.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-25909 (GCVE-0-2023-25909)
Vulnerability from cvelistv5 – Published: 2023-03-27 00:00 – Updated: 2025-02-19 15:46
VLAI?
Title
HGiga Inc. OAKlouds - Arbitrary File Upload
Summary
HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service.
Severity ?
9.8 (Critical)
CWE
- CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| HGIGA INC. | HGiga OAKlouds |
Affected:
2
Affected: 3 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:32:12.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-25909",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-19T15:45:52.592717Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-19T15:46:34.848Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "HGiga OAKlouds",
"vendor": "HGIGA INC.",
"versions": [
{
"status": "affected",
"version": "2"
},
{
"status": "affected",
"version": "3"
}
]
}
],
"datePublic": "2023-03-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "HGiga OAKlouds file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary command or disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434: Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-27T00:00:00.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-6973-45872-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "- Update OAKlouds-layout-2.0 to OAKlouds-layout-2.0-10\n- Update OAKlouds-layout-3.0 to OAKlouds-layout-3.0-10"
}
],
"source": {
"advisory": "TVN-202303001",
"discovery": "EXTERNAL"
},
"title": "HGiga Inc. OAKlouds - Arbitrary File Upload",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2023-25909",
"datePublished": "2023-03-27T00:00:00.000Z",
"dateReserved": "2023-02-16T00:00:00.000Z",
"dateUpdated": "2025-02-19T15:46:34.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38118 (GCVE-0-2022-38118)
Vulnerability from cvelistv5 – Published: 2022-08-30 04:25 – Updated: 2024-09-16 17:29
VLAI?
Title
HGiga OAKlouds - SQL Injection
Summary
OAKlouds Portal website’s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service.
Severity ?
8.8 (High)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.706Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"platforms": [
"OAKlouds-mol_metting-2.0"
],
"product": "OAKlouds",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-mol_metting-2.0-163",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"platforms": [
"OAKlouds-mol_metting-3.0"
],
"product": "OAKlouds",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-mol_metting-3.0-163",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "OAKlouds Portal website\u2019s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-16T14:51:14",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
],
"solutions": [
{
"lang": "en",
"value": "OAKlouds-mol_metting-2.0 update version to OAKlouds-mol_metting-2.0-164\nOAKlouds-mol_metting-3.0 update version to OAKlouds-mol_metting-3.0-164"
}
],
"source": {
"advisory": "TVN-202208003",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2022-08-30T04:05:00.000Z",
"ID": "CVE-2022-38118",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - SQL Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds",
"version": {
"version_data": [
{
"platform": "OAKlouds-mol_metting-2.0",
"version_affected": "\u003c=",
"version_value": "OAKlouds-mol_metting-2.0-163"
},
{
"platform": "OAKlouds-mol_metting-3.0",
"version_affected": "\u003c=",
"version_value": "OAKlouds-mol_metting-3.0-163"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OAKlouds Portal website\u2019s Meeting Room has insufficient validation for user input. A remote attacker with general user privilege can perform SQL-injection to access, modify, delete database, perform system operations and disrupt service."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-6461-25c4b-1.html"
},
{
"name": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/0a893178-5c64-4f1c-87f1-95cbf1e17c87"
}
]
},
"solution": [
{
"lang": "en",
"value": "OAKlouds-mol_metting-2.0 update version to OAKlouds-mol_metting-2.0-164\nOAKlouds-mol_metting-3.0 update version to OAKlouds-mol_metting-3.0-164"
}
],
"source": {
"advisory": "TVN-202208003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2022-38118",
"datePublished": "2022-08-30T04:25:28.204191Z",
"dateReserved": "2022-08-10T00:00:00",
"dateUpdated": "2024-09-16T17:29:10.368Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37913 (GCVE-0-2021-37913)
Vulnerability from cvelistv5 – Published: 2021-09-15 19:10 – Updated: 2024-09-16 17:18
VLAI?
Title
HGiga OAKlouds - Command Injection-2
Summary
The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKlouds OAKSv2 |
Affected:
OAKlouds-network 2.0 , ≤ OAKlouds-network-2.0-2
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.925Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKlouds OAKSv2",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-2.0-2",
"status": "affected",
"version": "OAKlouds-network 2.0",
"versionType": "custom"
}
]
},
{
"product": "OAKlouds OAKSv3",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-3.0-2",
"status": "affected",
"version": "OAKlouds-network 3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:25",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108010",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - Command Injection-2",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:00:00.000Z",
"ID": "CVE-2021-37913",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - Command Injection-2"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds OAKSv2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 2.0",
"version_value": "OAKlouds-network-2.0-2"
}
]
}
},
{
"product_name": "OAKlouds OAKSv3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 3.0",
"version_value": "OAKlouds-network-3.0-2"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the IPv6 Gateway parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5092-f88e2-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108010",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37913",
"datePublished": "2021-09-15T19:10:25.840309Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-16T17:18:49.201Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-37912 (GCVE-0-2021-37912)
Vulnerability from cvelistv5 – Published: 2021-09-15 19:10 – Updated: 2024-09-17 01:06
VLAI?
Title
HGiga OAKlouds - Command Injection-1
Summary
The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in.
Severity ?
9.8 (Critical)
CWE
- CWE-78 - OS Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKlouds OAKSv2 |
Affected:
OAKlouds-network 2.0 , ≤ OAKlouds-network-2.0-2
(custom)
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKlouds OAKSv2",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-2.0-2",
"status": "affected",
"version": "OAKlouds-network 2.0",
"versionType": "custom"
}
]
},
{
"product": "OAKlouds OAKSv3",
"vendor": "HGiga",
"versions": [
{
"lessThanOrEqual": "OAKlouds-network-3.0-2",
"status": "affected",
"version": "OAKlouds-network 3.0",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 OS Command Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-15T19:10:24",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108009",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKlouds - Command Injection-1",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-09-15T19:00:00.000Z",
"ID": "CVE-2021-37912",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKlouds - Command Injection-1"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKlouds OAKSv2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 2.0",
"version_value": "OAKlouds-network-2.0-2"
}
]
}
},
{
"product_name": "OAKlouds OAKSv3",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "OAKlouds-network 3.0",
"version_value": "OAKlouds-network-3.0-2"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The HGiga OAKlouds mobile portal does not filter special characters of the Ethernet number parameter of the network interface card setting page. Remote attackers can use this vulnerability to perform command injection and execute arbitrary commands in the system without logging in."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-5091-7e0c5-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "Update OAKlouds OAKSv2 to version OAKlouds-network-2.0-3\nUpdate OAKlouds OAKSv3 to version OAKlouds-network-2.0-3"
}
],
"source": {
"advisory": "TVN-202108009",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-37912",
"datePublished": "2021-09-15T19:10:24.238885Z",
"dateReserved": "2021-08-02T00:00:00",
"dateUpdated": "2024-09-17T01:06:08.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-22850 (GCVE-0-2021-22850)
Vulnerability from cvelistv5 – Published: 2021-01-19 10:05 – Updated: 2024-09-17 01:16
VLAI?
Title
HGiga OAKloud Portal - Security Misconfiguration
Summary
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions.
Severity ?
5.3 (Medium)
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| HGiga | OAKSv20 OAKlouds-document_v3 |
Affected:
2.0
|
|||||||
|
|||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:51:07.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "OAKSv20 OAKlouds-document_v3",
"vendor": "HGiga",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "OAKSv30 OAKlouds-document_v3",
"vendor": "HGiga",
"versions": [
{
"status": "affected",
"version": "3.0"
}
]
}
],
"datePublic": "2021-01-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-01-19T10:05:34",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
],
"solutions": [
{
"lang": "en",
"value": "Contact HGiga Inc. for corresponding measures."
}
],
"source": {
"advisory": "TVN-202101004",
"discovery": "EXTERNAL"
},
"title": "HGiga OAKloud Portal - Security Misconfiguration",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-01-19T08:53:00.000Z",
"ID": "CVE-2021-22850",
"STATE": "PUBLIC",
"TITLE": "HGiga OAKloud Portal - Security Misconfiguration"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "OAKSv20 OAKlouds-document_v3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "2.0"
}
]
}
},
{
"product_name": "OAKSv30 OAKlouds-document_v3",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "3.0"
}
]
}
}
]
},
"vendor_name": "HGiga"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "HGiga EIP product lacks ineffective access control in certain pages that allow attackers to access database or perform privileged functions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-732 Incorrect Permission Assignment for Critical Resource"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4326-3d9d2-1.html"
},
{
"name": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef",
"refsource": "MISC",
"url": "https://www.chtsecurity.com/news/eb024200-7cf9-4c58-a063-c451dbc9daef"
}
]
},
"solution": [
{
"lang": "en",
"value": "Contact HGiga Inc. for corresponding measures."
}
],
"source": {
"advisory": "TVN-202101004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-22850",
"datePublished": "2021-01-19T10:05:35.059886Z",
"dateReserved": "2021-01-06T00:00:00",
"dateUpdated": "2024-09-17T01:16:31.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}