Search
Find a vulnerability
Search criteria
4 vulnerabilities found for wf800hp_firmware by aterm
CVE-2016-1168 (GCVE-0-2016-1168)
Vulnerability from nvd – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN07818796/index.html | third-party-advisoryx_refsource_JVN |
| http://jpn.nec.com/security-info/secinfo/nv16-004.html | x_refsource_CONFIRM |
Date Public
2016-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-01T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000035",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"name": "http://jpn.nec.com/security-info/secinfo/nv16-004.html",
"refsource": "CONFIRM",
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1168",
"datePublished": "2016-04-01T14:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8361 (GCVE-0-2014-8361)
Vulnerability from nvd – Published: 2015-05-01 00:00 – Updated: 2025-10-21 23:56Summary
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
},
{
"tags": [
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
},
{
"name": "74330",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74330"
},
{
"name": "37169",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"name": "JVN#47580234",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN47580234/index.html"
},
{
"name": "JVN#67456944",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67456944/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"tags": [
"x_transferred"
],
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-8361",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:57:55.692724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:56:01.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-18T00:00:00.000Z",
"value": "CVE-2014-8361 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T21:35:13.232Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
},
{
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
},
{
"url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
},
{
"name": "74330",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/74330"
},
{
"name": "37169",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"name": "JVN#47580234",
"tags": [
"third-party-advisory"
],
"url": "http://jvn.jp/en/jp/JVN47580234/index.html"
},
{
"name": "JVN#67456944",
"tags": [
"third-party-advisory"
],
"url": "http://jvn.jp/en/jp/JVN67456944/index.html"
},
{
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8361",
"datePublished": "2015-05-01T00:00:00.000Z",
"dateReserved": "2014-10-20T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:56:01.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1168 (GCVE-0-2016-1168)
Vulnerability from cvelistv5 – Published: 2016-04-01 14:00 – Updated: 2024-08-05 22:48
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035 | third-party-advisoryx_refsource_JVNDB |
| http://jvn.jp/en/jp/JVN07818796/index.html | third-party-advisoryx_refsource_JVN |
| http://jpn.nec.com/security-info/secinfo/nv16-004.html | x_refsource_CONFIRM |
Date Public
2016-03-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVNDB-2016-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-01T14:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVNDB-2016-000035",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-1168",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP devices with firmware 1.0.17 and earlier allows remote attackers to hijack the authentication of arbitrary users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVNDB-2016-000035",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000035"
},
{
"name": "JVN#07818796",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN07818796/index.html"
},
{
"name": "http://jpn.nec.com/security-info/secinfo/nv16-004.html",
"refsource": "CONFIRM",
"url": "http://jpn.nec.com/security-info/secinfo/nv16-004.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-1168",
"datePublished": "2016-04-01T14:00:00.000Z",
"dateReserved": "2015-12-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:48:13.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8361 (GCVE-0-2014-8361)
Vulnerability from cvelistv5 – Published: 2015-05-01 00:00 – Updated: 2025-10-21 23:56Summary
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023.
Severity
9.8 (Critical)
SSVC
Exploitation: active
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
10 references
Date Public
2015-04-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:47.756Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
},
{
"tags": [
"x_transferred"
],
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
},
{
"name": "74330",
"tags": [
"vdb-entry",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74330"
},
{
"name": "37169",
"tags": [
"exploit",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"name": "JVN#47580234",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN47580234/index.html"
},
{
"name": "JVN#67456944",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN67456944/index.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"tags": [
"x_transferred"
],
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2014-8361",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T21:57:55.692724Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-09-18",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:56:01.609Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2014-8361"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-18T00:00:00.000Z",
"value": "CVE-2014-8361 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in the wild through 2023."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-05T21:35:13.232Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.zerodayinitiative.com/advisories/ZDI-15-155/"
},
{
"url": "http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
},
{
"url": "http://packetstormsecurity.com/files/132090/Realtek-SDK-Miniigd-UPnP-SOAP-Command-Execution.html"
},
{
"name": "74330",
"tags": [
"vdb-entry"
],
"url": "http://www.securityfocus.com/bid/74330"
},
{
"name": "37169",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/37169/"
},
{
"name": "JVN#47580234",
"tags": [
"third-party-advisory"
],
"url": "http://jvn.jp/en/jp/JVN47580234/index.html"
},
{
"name": "JVN#67456944",
"tags": [
"third-party-advisory"
],
"url": "http://jvn.jp/en/jp/JVN67456944/index.html"
},
{
"url": "https://sensorstechforum.com/hinatabot-cve-2014-8361-ddos/"
},
{
"url": "https://web.archive.org/web/20150909230440/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8361",
"datePublished": "2015-05-01T00:00:00.000Z",
"dateReserved": "2014-10-20T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:56:01.609Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}