Search

Find a vulnerability

Search criteria

    6 vulnerabilities by GAIN Electronic Co. Ltd

    CVE-2018-17923 (GCVE-0-2018-17923)

    Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-16 16:27
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - IMPROPER AUTHENTICATION CWE-287
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "IMPROPER AUTHENTICATION CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER AUTHENTICATION CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17923",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:27:58.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17921 (GCVE-0-2018-17921)

    Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17921",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17921",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:32.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17903 (GCVE-0-2018-17903)

    Vulnerability from nvd – Published: 2018-10-24 22:00 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
    Severity
    No CVSS data available.
    CWE
    • CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17903",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:10.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17903 (GCVE-0-2018-17903)

    Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-16 18:09
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery.
    Severity
    No CVSS data available.
    CWE
    • CWE-294 - AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.639Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-294",
                  "description": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17903",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command forgery."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "AUTHENTICATION BYPASS BY CAPTURE-REPLAY CWE-294"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17903",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T18:09:10.678Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17921 (GCVE-0-2018-17921)

    Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-17 01:46
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - IMPROPER ACCESS CONTROL CWE-284
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.624Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "IMPROPER ACCESS CONTROL CWE-284",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17921",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that may allow an attacker to force-pair the device without human interaction."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER ACCESS CONTROL CWE-284"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17921",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:46:32.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-17923 (GCVE-0-2018-17923)

    Vulnerability from cvelistv5 – Published: 2018-10-24 22:00 – Updated: 2024-09-16 16:27
    VLAI
    Summary
    SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it.
    Severity
    No CVSS data available.
    CWE
    • CWE-287 - IMPROPER AUTHENTICATION CWE-287
    Assigner
    References
    Impacted products
    Vendor Product Version
    GAIN Electronic Co. Ltd SAGA1-L8B Affected: All firmware versions prior to A0.10
    Create a notification for this product.
    Date Public
    2018-10-23 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
              },
              {
                "name": "105729",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/105729"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAGA1-L8B",
              "vendor": "GAIN Electronic Co. Ltd",
              "versions": [
                {
                  "status": "affected",
                  "version": "All firmware versions prior to A0.10"
                }
              ]
            }
          ],
          "datePublic": "2018-10-23T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-287",
                  "description": "IMPROPER AUTHENTICATION CWE-287",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-26T09:57:01.000Z",
            "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
            "shortName": "icscert"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
            },
            {
              "name": "105729",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/105729"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "ics-cert@hq.dhs.gov",
              "DATE_PUBLIC": "2018-10-23T00:00:00",
              "ID": "CVE-2018-17923",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAGA1-L8B",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "All firmware versions prior to A0.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "GAIN Electronic Co. Ltd"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to an attack that an attacker with physical access to the product may able to reprogram it."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "IMPROPER AUTHENTICATION CWE-287"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02",
                  "refsource": "MISC",
                  "url": "https://ics-cert.us-cert.gov/advisories/ICSA-18-296-02"
                },
                {
                  "name": "105729",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/105729"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
        "assignerShortName": "icscert",
        "cveId": "CVE-2018-17923",
        "datePublished": "2018-10-24T22:00:00.000Z",
        "dateReserved": "2018-10-02T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:27:58.179Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }