Search

Find a vulnerability

Search criteria

    11 vulnerabilities by Hyundai

    CVE-2025-55618 (GCVE-0-2025-55618)

    Vulnerability from nvd – Published: 2025-08-27 00:00 – Updated: 2026-07-05 01:10
    VLAI
    Summary
    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T20:26:47.040027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:27:40.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:10:22.865Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/MatJosephs/CVEs/tree/main/CVE-2025-55618"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-55618",
        "datePublished": "2025-08-27T00:00:00.000Z",
        "dateReserved": "2025-08-13T00:00:00.000Z",
        "dateUpdated": "2026-07-05T01:10:22.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-39373 (GCVE-0-2023-39373)

    Vulnerability from nvd – Published: 2023-09-03 14:45 – Updated: 2024-09-27 15:37
    VLAI
    Title
    Hyundai car CWE-294: Authentication Bypass by Capture-replay
    Summary
     A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Impacted products
    Vendor Product Version
    Hyundai model (2017) Unknown: model (2017) , < model (2018) (custom)
    Create a notification for this product.
    Date Public
    2023-09-03 13:42
    Credits
    Osher Assor
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T14:35:00.620958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:37:25.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "model (2017)",
              "vendor": " Hyundai",
              "versions": [
                {
                  "lessThan": "model (2018)",
                  "status": "unknown",
                  "version": "model (2017)",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Osher Assor"
            }
          ],
          "datePublic": "2023-09-03T13:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\u00a0A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-03T14:45:13.160Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "advisory": "ILVN-2023-0130",
            "discovery": "UNKNOWN"
          },
          "title": " Hyundai car CWE-294: Authentication Bypass by Capture-replay ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2023-39373",
        "datePublished": "2023-09-03T14:45:13.160Z",
        "dateReserved": "2023-07-30T10:41:13.579Z",
        "dateUpdated": "2024-09-27T15:37:25.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6054 (GCVE-0-2017-6054)

    Vulnerability from nvd – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Hyundai Motor America Blue Link Affected: Hyundai Motor America Blue Link
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
              },
              {
                "name": "98033",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98033"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hyundai Motor America Blue Link",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hyundai Motor America Blue Link"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
            },
            {
              "name": "98033",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98033"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hyundai Motor America Blue Link",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hyundai Motor America Blue Link"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
                },
                {
                  "name": "98033",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98033"
                },
                {
                  "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
                  "refsource": "MISC",
                  "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6054",
        "datePublished": "2017-04-26T14:00:00.000Z",
        "dateReserved": "2017-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6052 (GCVE-0-2017-6052)

    Vulnerability from nvd – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Hyundai Motor America Blue Link Affected: Hyundai Motor America Blue Link
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
              },
              {
                "name": "98033",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98033"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hyundai Motor America Blue Link",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hyundai Motor America Blue Link"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
            },
            {
              "name": "98033",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98033"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hyundai Motor America Blue Link",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hyundai Motor America Blue Link"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-300"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
                },
                {
                  "name": "98033",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98033"
                },
                {
                  "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
                  "refsource": "MISC",
                  "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6052",
        "datePublished": "2017-04-26T14:00:00.000Z",
        "dateReserved": "2017-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-55618 (GCVE-0-2025-55618)

    Vulnerability from cvelistv5 – Published: 2025-08-27 00:00 – Updated: 2026-07-05 01:10
    VLAI
    Summary
    In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 7.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "LOW",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-55618",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-27T20:26:47.040027Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-27T20:27:40.936Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T01:10:22.865Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/MatJosephs/CVEs/tree/main/CVE-2025-55618"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2025-55618",
        "datePublished": "2025-08-27T00:00:00.000Z",
        "dateReserved": "2025-08-13T00:00:00.000Z",
        "dateUpdated": "2026-07-05T01:10:22.865Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-39373 (GCVE-0-2023-39373)

    Vulnerability from cvelistv5 – Published: 2023-09-03 14:45 – Updated: 2024-09-27 15:37
    VLAI
    Title
    Hyundai car CWE-294: Authentication Bypass by Capture-replay
    Summary
     A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-294 - Authentication Bypass by Capture-replay
    Assigner
    Impacted products
    Vendor Product Version
    Hyundai model (2017) Unknown: model (2017) , < model (2018) (custom)
    Create a notification for this product.
    Date Public
    2023-09-03 13:42
    Credits
    Osher Assor
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T18:10:20.421Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-39373",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-27T14:35:00.620958Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-27T15:37:25.930Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "model (2017)",
              "vendor": " Hyundai",
              "versions": [
                {
                  "lessThan": "model (2018)",
                  "status": "unknown",
                  "version": "model (2017)",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Osher Assor"
            }
          ],
          "datePublic": "2023-09-03T13:42:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\u003c/span\u003e\n\n\u003cbr\u003e"
                }
              ],
              "value": "\n\u00a0A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay.\n\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.4,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "CWE-294 Authentication Bypass by Capture-replay",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-09-03T14:45:13.160Z",
            "orgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
            "shortName": "INCD"
          },
          "references": [
            {
              "url": "https://www.gov.il/en/Departments/faq/cve_advisories"
            }
          ],
          "source": {
            "advisory": "ILVN-2023-0130",
            "discovery": "UNKNOWN"
          },
          "title": " Hyundai car CWE-294: Authentication Bypass by Capture-replay ",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a57ee1ae-c9c1-4f40-aa7b-cf10760fde3f",
        "assignerShortName": "INCD",
        "cveId": "CVE-2023-39373",
        "datePublished": "2023-09-03T14:45:13.160Z",
        "dateReserved": "2023-07-30T10:41:13.579Z",
        "dateUpdated": "2024-09-27T15:37:25.930Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6052 (GCVE-0-2017-6052)

    Vulnerability from cvelistv5 – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Hyundai Motor America Blue Link Affected: Hyundai Motor America Blue Link
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.753Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
              },
              {
                "name": "98033",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98033"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hyundai Motor America Blue Link",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hyundai Motor America Blue Link"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-300",
                  "description": "CWE-300",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
            },
            {
              "name": "98033",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98033"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6052",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hyundai Motor America Blue Link",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hyundai Motor America Blue Link"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-300"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
                },
                {
                  "name": "98033",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98033"
                },
                {
                  "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
                  "refsource": "MISC",
                  "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6052",
        "datePublished": "2017-04-26T14:00:00.000Z",
        "dateReserved": "2017-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.753Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-6054 (GCVE-0-2017-6054)

    Vulnerability from cvelistv5 – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
    VLAI
    Summary
    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a Hyundai Motor America Blue Link Affected: Hyundai Motor America Blue Link
    Date Public
    2017-04-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T15:18:49.799Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
              },
              {
                "name": "98033",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/98033"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Hyundai Motor America Blue Link",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "Hyundai Motor America Blue Link"
                }
              ]
            }
          ],
          "datePublic": "2017-04-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-321",
                  "description": "CWE-321",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-04-27T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
            },
            {
              "name": "98033",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/98033"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "ID": "CVE-2017-6054",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Hyundai Motor America Blue Link",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "Hyundai Motor America Blue Link"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-321"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
                },
                {
                  "name": "98033",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/98033"
                },
                {
                  "name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
                  "refsource": "MISC",
                  "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2017-6054",
        "datePublished": "2017-04-26T14:00:00.000Z",
        "dateReserved": "2017-02-16T00:00:00.000Z",
        "dateUpdated": "2024-08-05T15:18:49.799Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    VAR-201704-1010

    Vulnerability from variot - Updated: 2025-04-20 23:27

    A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. Blue Link Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. HyundaiMotorBlueLink is a new car from Hyundai Motor. A security bypass vulnerability exists in HyundaiMotorAmericaBlueLink 3.9.5 and 3.9.4. An information disclosure vulnerability 2. A security-bypass vulnerability An attacker may leverage these issues to gain sensitive information and bypass certain security restrictions and perform unauthorized actions. Blue Link version 3.9.5 and 3.9.4 are vulnerable

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1010",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "hyundaiusa",
            "version": "3.9.5"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "hyundaiusa",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hyundai motor america",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hyundai motor america",
            "version": "3.9.5"
          },
          {
            "model": "motor america blue link",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hyundai",
            "version": "3.9.5"
          },
          {
            "model": "motor america blue link",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hyundai",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hyundai",
            "version": "3.9.5"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hyundai",
            "version": "3.9.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "blue link",
            "version": "3.9.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "blue link",
            "version": "3.9.5"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:hyundaiusa:blue_link",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Will Hatzer and Arjun Kumar working with Rapid7.",
        "sources": [
          {
            "db": "BID",
            "id": "98033"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6052",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CVE-2017-6052",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "CNVD-2017-06731",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "ADJACENT_NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 5.5,
                "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb",
                "impactScore": 4.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "HIGH",
                "attackVector": "ADJACENT",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 3.7,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "exploitabilityScore": 1.2,
                "id": "CVE-2017-6052",
                "impactScore": 2.5,
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6052",
                "trust": 1.0,
                "value": "LOW"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6052",
                "trust": 0.8,
                "value": "Low"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-06731",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1451",
                "trust": 0.6,
                "value": "LOW"
              },
              {
                "author": "IVD",
                "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb",
                "trust": 0.2,
                "value": "LOW"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. Blue Link Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. HyundaiMotorBlueLink is a new car from Hyundai Motor. A security bypass vulnerability exists in HyundaiMotorAmericaBlueLink 3.9.5 and 3.9.4. An information disclosure vulnerability\n2. A security-bypass vulnerability\nAn attacker may leverage these issues to  gain sensitive information and bypass  certain security restrictions and perform unauthorized actions. \nBlue Link version 3.9.5  and 3.9.4 are vulnerable",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6052",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-115-03",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "98033",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "FAA671C0-1526-4BB8-9B04-B94BCCE92BDB",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "id": "VAR-201704-1010",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:25.992000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Blue Link",
            "trust": 0.8,
            "url": "https://www.hyundaiusa.com/bluelink/index.aspx"
          },
          {
            "title": "HyundaiMotorAmericaBlueLink Security Bypass Vulnerability Patch",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/93816"
          },
          {
            "title": "Hyundai Motor America Blue Link Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69680"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-noinfo",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-300",
            "trust": 1.0
          },
          {
            "problemtype": "CWE-264",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-03"
          },
          {
            "trust": 1.6,
            "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
          },
          {
            "trust": 1.6,
            "url": "http://www.securityfocus.com/bid/98033"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6052"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6052"
          },
          {
            "trust": 0.3,
            "url": "https://www.hyundaiusa.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-16T00:00:00",
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "date": "2017-04-27T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "date": "2017-04-25T00:00:00",
            "db": "BID",
            "id": "98033"
          },
          {
            "date": "2017-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "date": "2017-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "date": "2017-04-26T14:59:00.160000",
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-16T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          },
          {
            "date": "2017-05-02T00:10:00",
            "db": "BID",
            "id": "98033"
          },
          {
            "date": "2017-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003614"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6052"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote or local",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hyundai Motor America Blue Link Security Bypass Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-06731"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control issues",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1451"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201704-1011

    Vulnerability from variot - Updated: 2025-04-20 23:27

    A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201704-1011",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "hyundaiusa",
            "version": "3.9.5"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "hyundaiusa",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hyundai motor america",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "hyundai motor america",
            "version": "3.9.5"
          },
          {
            "model": "motor america blue link",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hyundai",
            "version": "3.9.5"
          },
          {
            "model": "motor america blue link",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "hyundai",
            "version": "3.9.4"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hyundai",
            "version": "3.9.5"
          },
          {
            "model": "blue link",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "hyundai",
            "version": "3.9.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "blue link",
            "version": "3.9.4"
          },
          {
            "model": null,
            "scope": "eq",
            "trust": 0.2,
            "vendor": "blue link",
            "version": "3.9.5"
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/a:hyundaiusa:blue_link",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Will Hatzer and Arjun Kumar working with Rapid7.",
        "sources": [
          {
            "db": "BID",
            "id": "98033"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2017-6054",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 5.0,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2017-6054",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2017-05788",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "IVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 5.0,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 10.0,
                "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
                "impactScore": 2.9,
                "integrityImpact": "NONE",
                "severity": "MEDIUM",
                "trust": 0.2,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.9 [IVD]"
              }
            ],
            "cvssV3": [
              {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 7.5,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "exploitabilityScore": 3.9,
                "id": "CVE-2017-6054",
                "impactScore": 3.6,
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "trust": 1.8,
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.0"
              }
            ],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2017-6054",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2017-6054",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2017-05788",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201704-1450",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "IVD",
                "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
                "trust": 0.2,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          }
        ],
        "trust": 2.61
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2017-6054",
            "trust": 3.5
          },
          {
            "db": "ICS CERT",
            "id": "ICSA-17-115-03",
            "trust": 2.7
          },
          {
            "db": "BID",
            "id": "98033",
            "trust": 2.5
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788",
            "trust": 0.8
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615",
            "trust": 0.8
          },
          {
            "db": "IVD",
            "id": "7EE1BC97-3498-4BD2-9FF2-84847959EE44",
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "id": "VAR-201704-1011",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          }
        ],
        "trust": 1.8
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "ICS",
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          },
          {
            "category": [
              "ICS"
            ],
            "sub_category": null,
            "trust": 0.2
          }
        ],
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          }
        ]
      },
      "last_update_date": "2025-04-20T23:27:25.956000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Blue Link",
            "trust": 0.8,
            "url": "https://www.hyundaiusa.com/bluelink/index.aspx"
          },
          {
            "title": "HyundaiMotorAmericaBlueLink Patch for Sensitive Information Disclosure Vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/93017"
          },
          {
            "title": "Hyundai Motor America Blue Link Security vulnerabilities",
            "trust": 0.6,
            "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69679"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-798",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-321",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 2.7,
            "url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-03"
          },
          {
            "trust": 2.2,
            "url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
          },
          {
            "trust": 2.2,
            "url": "http://www.securityfocus.com/bid/98033"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6054"
          },
          {
            "trust": 0.8,
            "url": "https://nvd.nist.gov/vuln/detail/cve-2017-6054"
          },
          {
            "trust": 0.3,
            "url": "https://www.hyundaiusa.com/"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "db": "BID",
            "id": "98033"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-02T00:00:00",
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "date": "2017-05-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "date": "2017-04-25T00:00:00",
            "db": "BID",
            "id": "98033"
          },
          {
            "date": "2017-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "date": "2017-04-27T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "date": "2017-04-26T14:59:00.207000",
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2017-05-02T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          },
          {
            "date": "2017-05-02T00:10:00",
            "db": "BID",
            "id": "98033"
          },
          {
            "date": "2017-05-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2017-003615"
          },
          {
            "date": "2019-10-17T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          },
          {
            "date": "2025-04-20T01:37:25.860000",
            "db": "NVD",
            "id": "CVE-2017-6054"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability",
        "sources": [
          {
            "db": "IVD",
            "id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2017-05788"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "trust management problem",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201704-1450"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-200112-0191

    Vulnerability from variot - Updated: 2025-04-03 22:39

    SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections. It is manufactured by Hyundai Networks. When installed, the router does not prompt the user to change the password. Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-200112-0191",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "ha-120 dsl router",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "speedxess",
            "version": "*"
          },
          {
            "model": "ha-120 dsl router",
            "scope": null,
            "trust": 0.6,
            "vendor": "speedxess",
            "version": null
          },
          {
            "model": "ha-120 hase-120-1101",
            "scope": null,
            "trust": 0.3,
            "vendor": "hyundai",
            "version": null
          }
        ],
        "sources": [
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "This vulnerability was announced in a WOWHACKER Security Advisory on December 04, 2001.",
        "sources": [
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          }
        ],
        "trust": 0.9
      },
      "cve": "CVE-2001-1538",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2001-1538",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.0,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "VULHUB",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "VHN-4339",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.1,
                "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2001-1538",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-200112-234",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "VULHUB",
                "id": "VHN-4339",
                "trust": 0.1,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SpeedXess HA-120 DSL router has a default administrative password of \"speedxess\", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections.  It is manufactured by Hyundai Networks. \nWhen installed, the router does not prompt the user to change the password.  Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          },
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          }
        ],
        "trust": 1.26
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "BID",
            "id": "3617",
            "trust": 2.0
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538",
            "trust": 1.7
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234",
            "trust": 0.7
          },
          {
            "db": "BUGTRAQ",
            "id": "20011203 SPEEDXESS HASE-120 ROUTER DEFAULT PASSWORD",
            "trust": 0.6
          },
          {
            "db": "XF",
            "id": "7655",
            "trust": 0.6
          },
          {
            "db": "VULHUB",
            "id": "VHN-4339",
            "trust": 0.1
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "id": "VAR-200112-0191",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          }
        ],
        "trust": 0.01
      },
      "last_update_date": "2025-04-03T22:39:10.362000Z",
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "NVD-CWE-Other",
            "trust": 1.0
          }
        ],
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 1.7,
            "url": "http://www.securityfocus.com/bid/3617"
          },
          {
            "trust": 1.7,
            "url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html"
          },
          {
            "trust": 1.7,
            "url": "http://www.iss.net/security_center/static/7655.php"
          }
        ],
        "sources": [
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2001-12-31T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "date": "2001-12-04T00:00:00",
            "db": "BID",
            "id": "3617"
          },
          {
            "date": "2001-12-31T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "date": "2001-12-31T05:00:00",
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2008-09-05T00:00:00",
            "db": "VULHUB",
            "id": "VHN-4339"
          },
          {
            "date": "2001-12-04T00:00:00",
            "db": "BID",
            "id": "3617"
          },
          {
            "date": "2005-10-20T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          },
          {
            "date": "2025-04-03T01:03:51.193000",
            "db": "NVD",
            "id": "CVE-2001-1538"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SpeedXess HA-120 Router default management password vulnerability",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          }
        ],
        "trust": 0.6
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Configuration Error",
        "sources": [
          {
            "db": "BID",
            "id": "3617"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-200112-234"
          }
        ],
        "trust": 0.9
      }
    }