Search

Find a vulnerability

Search criteria

    9 vulnerabilities by antlabs

    VAR-201504-0521

    Vulnerability from variot - Updated: 2025-04-13 23:39

    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. ANTlabs Made InnGate Is Visitor Based Network ( Network for hotel guests, etc. ) It is a gateway device for operating. InnGate Multiple models and multiple versions of firmware could allow a remote attacker to improperly configure rsync There is a vulnerability that allows reading and writing to the device file system without authentication through the daemon. Inappropriate default permissions (CWE-276) - CVE-2015-0932 InnGate Included in the firmware rsync Is not configured properly, it is possible to read and write to the entire device file system without authentication. Therefore, a remote attacker may be able to view or tamper with any file on the file system of the device. For more information, Cylance, Inc. of blog post It is written in. Inappropriate default permissions (CWE-276) https://cwe.mitre.org/data/definitions/276.html blog post http://blog.cylance.com/spear-team-cve-2015-0932A remote attacker may be able to view or alter any file on the file system of the device. ANTlabs InnGate firmware has any file read and write vulnerabilities. Multiple ANTlabs products are prone to an arbitrary file-access vulnerability

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201504-0521",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inngate ig 3.01 e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3.10 e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3100",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3.10 g",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3.00 e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3.02 e",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": "inngate ig 3101",
            "scope": "eq",
            "trust": 1.0,
            "vendor": "antlabs",
            "version": "*"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3100"
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3101"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.00 e-series"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.01 e-series"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.01 g-series"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.02 e-series"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.10 e-series"
          },
          {
            "model": "inngate",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "3.10 g-series"
          },
          {
            "model": "inngate ig",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3100"
          },
          {
            "model": "inngate ig",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3101"
          },
          {
            "model": "inngate inngate e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.00"
          },
          {
            "model": "inngate inngate e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.01"
          },
          {
            "model": "inngate inngate e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.02"
          },
          {
            "model": "inngate inngate e",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": "inngate inngate g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.01"
          },
          {
            "model": "inngate and inngate g",
            "scope": "eq",
            "trust": 0.6,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": "inngate ig 3.10 e",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.00 e",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.02 e",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3101",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.10 g",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3100",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.01 e",
            "scope": null,
            "trust": 0.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate g-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.100"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.100"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.020"
          },
          {
            "model": "inngate g-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.010"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.010"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "3.000"
          },
          {
            "model": "ig",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "31010"
          },
          {
            "model": "ig",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "31000"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "BID",
            "id": "73356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3100",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Justin W. Clarke of Cylance Inc.",
        "sources": [
          {
            "db": "BID",
            "id": "73356"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-0932",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-0932",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "acInsufInfo": null,
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "NVD",
                "availabilityImpact": "COMPLETE",
                "availabilityRequirement": "NOT DEFINED",
                "baseScore": 10.0,
                "collateralDamagePotential": "NOT DEFINED",
                "confidentialityImpact": "COMPLETE",
                "confidentialityRequirement": "NOT DEFINED",
                "enviromentalScore": 6.2,
                "exploitability": "FUNCTIONAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-0932",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "integrityRequirement": "NOT DEFINED",
                "obtainAllPrivilege": null,
                "obtainOtherPrivilege": null,
                "obtainUserPrivilege": null,
                "remediationLevel": "OFFICIAL FIX",
                "reportConfidence": "CONFIRMED",
                "severity": "HIGH",
                "targetDistribution": "MEDIUM",
                "trust": 0.8,
                "userInteractionRequired": null,
                "vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "COMPLETE",
                "baseScore": 10.0,
                "confidentialityImpact": "COMPLETE",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-02234",
                "impactScore": 10.0,
                "integrityImpact": "COMPLETE",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "NVD",
                "id": "CVE-2015-0932",
                "trust": 1.6,
                "value": "HIGH"
              },
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-0932",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-02234",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201504-070",
                "trust": 0.6,
                "value": "CRITICAL"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873. ANTlabs Made InnGate Is Visitor Based Network ( Network for hotel guests, etc. ) It is a gateway device for operating. InnGate Multiple models and multiple versions of firmware could allow a remote attacker to improperly configure rsync There is a vulnerability that allows reading and writing to the device file system without authentication through the daemon. Inappropriate default permissions (CWE-276) - CVE-2015-0932 InnGate Included in the firmware rsync Is not configured properly, it is possible to read and write to the entire device file system without authentication. Therefore, a remote attacker may be able to view or tamper with any file on the file system of the device. For more information, Cylance, Inc. of blog post It is written in. Inappropriate default permissions (CWE-276) https://cwe.mitre.org/data/definitions/276.html blog post http://blog.cylance.com/spear-team-cve-2015-0932A remote attacker may be able to view or alter any file on the file system of the device. ANTlabs InnGate firmware has any file read and write vulnerabilities. Multiple ANTlabs products are prone to an arbitrary file-access vulnerability",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          },
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "BID",
            "id": "73356"
          }
        ],
        "trust": 3.15
      },
      "exploit_availability": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "reference": "https://www.kb.cert.org/vuls/id/930956",
            "trust": 0.8,
            "type": "unknown"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          }
        ]
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "NVD",
            "id": "CVE-2015-0932",
            "trust": 4.1
          },
          {
            "db": "CERT/CC",
            "id": "VU#930956",
            "trust": 4.1
          },
          {
            "db": "JVN",
            "id": "JVNVU91373232",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070",
            "trust": 0.6
          },
          {
            "db": "BID",
            "id": "73356",
            "trust": 0.3
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "BID",
            "id": "73356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "id": "VAR-201504-0521",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          }
        ],
        "trust": 1.454166675
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:39:06.915000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "ANTlabs Security Advisory",
            "trust": 0.8,
            "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
          },
          {
            "title": "\\302\\240ANTlabs InnGate firmware patch for arbitrary file read and write vulnerabilities",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/57092"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-264",
            "trust": 1.8
          },
          {
            "problemtype": "CWE-Other",
            "trust": 0.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.5,
            "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026itemid=133"
          },
          {
            "trust": 3.5,
            "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
          },
          {
            "trust": 3.5,
            "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
          },
          {
            "trust": 3.3,
            "url": "http://www.kb.cert.org/vuls/id/930956"
          },
          {
            "trust": 1.4,
            "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0932"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0932"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu91373232/index.html"
          },
          {
            "trust": 0.3,
            "url": "http://www.antlabs.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "BID",
            "id": "73356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "db": "BID",
            "id": "73356"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "date": "2015-04-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "date": "2015-03-26T00:00:00",
            "db": "BID",
            "id": "73356"
          },
          {
            "date": "2015-03-31T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "date": "2015-04-05T01:59:01.163000",
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-03-26T00:00:00",
            "db": "CERT/CC",
            "id": "VU#930956"
          },
          {
            "date": "2015-04-09T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-02234"
          },
          {
            "date": "2015-03-26T00:00:00",
            "db": "BID",
            "id": "73356"
          },
          {
            "date": "2015-04-08T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-001968"
          },
          {
            "date": "2015-04-07T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-0932"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Multiple ANTlabs InnGate models allow unauthenticated read/write to filesystem",
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#930956"
          }
        ],
        "trust": 0.8
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "permissions and access control",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201504-070"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201507-0145

    Vulnerability from variot - Updated: 2025-04-13 23:14

    Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A cross-site scripting vulnerability exists in the index-login.ant file in the ANTlabs InnGate firmware for several ANTlabs devices. If the user can be tempted to click on an XSS injection link. A remote attacker could exploit this vulnerability to obtain a user credential administrator panel. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0145",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inngate ig 3.01 e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.10 e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ssg 4",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate sg 4",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.10 m",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3100",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.01"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": "inngate m-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3100"
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3101"
          },
          {
            "model": "inngate 3.00 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.01 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.01 g-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.02 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.10 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.10 g-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "sg 4",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ssg 4",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ssg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "4"
          },
          {
            "model": "sg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "4"
          },
          {
            "model": "ig3100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3100",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.00_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.01_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.01_g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.02_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.10_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.10_g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_sg_4",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ssg_4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devesh Logendran",
        "sources": [
          {
            "db": "BID",
            "id": "75560"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2850",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CVE-2015-2850",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 1.8,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              },
              {
                "accessComplexity": "MEDIUM",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "NONE",
                "baseScore": 4.3,
                "confidentialityImpact": "NONE",
                "exploitabilityScore": 8.6,
                "id": "CNVD-2015-04403",
                "impactScore": 2.9,
                "integrityImpact": "PARTIAL",
                "severity": "MEDIUM",
                "trust": 0.6,
                "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2850",
                "trust": 1.0,
                "value": "MEDIUM"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2850",
                "trust": 0.8,
                "value": "Medium"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-04403",
                "trust": 0.6,
                "value": "MEDIUM"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201507-161",
                "trust": 0.6,
                "value": "MEDIUM"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A cross-site scripting vulnerability exists in the index-login.ant file in the ANTlabs InnGate firmware for several ANTlabs devices. If the user can be tempted to click on an XSS injection link. A remote attacker could exploit this vulnerability to obtain a user credential administrator panel. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          },
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "BID",
            "id": "75560"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#485324",
            "trust": 4.1
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "75560",
            "trust": 0.9
          },
          {
            "db": "JVN",
            "id": "JVNVU92209185",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "id": "VAR-201507-0145",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          }
        ],
        "trust": 1.35
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:14:31.840000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)",
            "trust": 0.8,
            "url": "http://www.antlabs.com/advisory-sql-injection-reflected-cross-site-scripting-vulnerabilities/"
          },
          {
            "title": "Patch for ANTlabs InnGate Firmware Cross-Site Scripting Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/60654"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-79",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.kb.cert.org/vuls/id/485324"
          },
          {
            "trust": 0.8,
            "url": "about vulnerability notes"
          },
          {
            "trust": 0.8,
            "url": "contact us about this vulnerability"
          },
          {
            "trust": 0.8,
            "url": "provide a vendor statement"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2850"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92209185"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2850"
          },
          {
            "trust": 0.3,
            "url": "http://www.antlabs.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-07-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "date": "2015-07-06T00:00:00",
            "db": "BID",
            "id": "75560"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "date": "2015-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "date": "2015-07-07T14:59:00.980000",
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-07-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "date": "2015-07-06T00:00:00",
            "db": "BID",
            "id": "75560"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003475"
          },
          {
            "date": "2015-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2850"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ANTlabs InnGate Firmware Cross-Site Scripting Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04403"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "XSS",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-161"
          }
        ],
        "trust": 0.6
      }
    }

    VAR-201507-0144

    Vulnerability from variot - Updated: 2025-04-13 23:14

    SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database

    Show details on source website

    {
      "@context": {
        "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
        "affected_products": {
          "@id": "https://www.variotdbs.pl/ref/affected_products"
        },
        "configurations": {
          "@id": "https://www.variotdbs.pl/ref/configurations"
        },
        "credits": {
          "@id": "https://www.variotdbs.pl/ref/credits"
        },
        "cvss": {
          "@id": "https://www.variotdbs.pl/ref/cvss/"
        },
        "description": {
          "@id": "https://www.variotdbs.pl/ref/description/"
        },
        "exploit_availability": {
          "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
        },
        "external_ids": {
          "@id": "https://www.variotdbs.pl/ref/external_ids/"
        },
        "iot": {
          "@id": "https://www.variotdbs.pl/ref/iot/"
        },
        "iot_taxonomy": {
          "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
        },
        "patch": {
          "@id": "https://www.variotdbs.pl/ref/patch/"
        },
        "problemtype_data": {
          "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
        },
        "references": {
          "@id": "https://www.variotdbs.pl/ref/references/"
        },
        "sources": {
          "@id": "https://www.variotdbs.pl/ref/sources/"
        },
        "sources_release_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
        },
        "sources_update_date": {
          "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
        },
        "threat_type": {
          "@id": "https://www.variotdbs.pl/ref/threat_type/"
        },
        "title": {
          "@id": "https://www.variotdbs.pl/ref/title/"
        },
        "type": {
          "@id": "https://www.variotdbs.pl/ref/type/"
        }
      },
      "@id": "https://www.variotdbs.pl/vuln/VAR-201507-0144",
      "affected_products": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "model": "inngate ig 3.01 e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.10 e",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ssg 4",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate sg 4",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3.10 m",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate ig 3100",
            "scope": "eq",
            "trust": 1.6,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.01"
          },
          {
            "model": "inngate e-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": "inngate m-series",
            "scope": "eq",
            "trust": 0.9,
            "vendor": "antlabs",
            "version": "3.10"
          },
          {
            "model": null,
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3100"
          },
          {
            "model": "ig 3100",
            "scope": "eq",
            "trust": 0.8,
            "vendor": "antlabs",
            "version": "model 3101"
          },
          {
            "model": "inngate 3.00 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.01 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.01 g-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.02 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.10 e-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "inngate 3.10 g-series",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "sg 4",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ssg 4",
            "scope": null,
            "trust": 0.8,
            "vendor": "antlabs",
            "version": null
          },
          {
            "model": "ssg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "4"
          },
          {
            "model": "sg",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "4"
          },
          {
            "model": "ig3100",
            "scope": "eq",
            "trust": 0.3,
            "vendor": "antlabs",
            "version": "0"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "configurations": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/configurations#",
          "children": {
            "@container": "@list"
          },
          "cpe_match": {
            "@container": "@list"
          },
          "data": {
            "@container": "@list"
          },
          "nodes": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "CVE_data_version": "4.0",
            "nodes": [
              {
                "cpe_match": [
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3100",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.00_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.01_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.01_g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.02_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.10_e",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ig_3.10_g",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_sg_4",
                    "vulnerable": true
                  },
                  {
                    "cpe22Uri": "cpe:/h:antlabs:inngate_ssg_4",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          }
        ]
      },
      "credits": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/credits#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "Devesh Logendran",
        "sources": [
          {
            "db": "BID",
            "id": "75560"
          }
        ],
        "trust": 0.3
      },
      "cve": "CVE-2015-2849",
      "cvss": {
        "@context": {
          "cvssV2": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
          },
          "cvssV3": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
          },
          "severity": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/cvss/severity#"
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            },
            "@id": "https://www.variotdbs.pl/ref/sources"
          }
        },
        "data": [
          {
            "cvssV2": [
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "nvd@nist.gov",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CVE-2015-2849",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 1.8,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "author": "CNVD",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "exploitabilityScore": 10.0,
                "id": "CNVD-2015-04404",
                "impactScore": 6.4,
                "integrityImpact": "PARTIAL",
                "severity": "HIGH",
                "trust": 0.6,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              }
            ],
            "cvssV3": [],
            "severity": [
              {
                "author": "nvd@nist.gov",
                "id": "CVE-2015-2849",
                "trust": 1.0,
                "value": "HIGH"
              },
              {
                "author": "NVD",
                "id": "CVE-2015-2849",
                "trust": 0.8,
                "value": "High"
              },
              {
                "author": "CNVD",
                "id": "CNVD-2015-04404",
                "trust": 0.6,
                "value": "HIGH"
              },
              {
                "author": "CNNVD",
                "id": "CNNVD-201507-160",
                "trust": 0.6,
                "value": "HIGH"
              }
            ]
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "description": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/description#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter. ANTlabs InnGate is a gateway device designed for operating corporate guest/visitor networks. Multiple InnGate models have been confirmed to be vulnerable to SQL injection and cross-site scripting attacks. ANTlabs InnGate firmware on IG 3100 is a firmware used by ANTlabs in Singapore for devices such as the IG 3100 gateway. A remote attacker can execute arbitrary queries on the underlying database. According to ANTLabs, only HTTPS connections are vulnerable to this type of attack. \nExploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database",
        "sources": [
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          },
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "BID",
            "id": "75560"
          }
        ],
        "trust": 3.15
      },
      "external_ids": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#485324",
            "trust": 4.1
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849",
            "trust": 3.3
          },
          {
            "db": "BID",
            "id": "75560",
            "trust": 0.9
          },
          {
            "db": "JVN",
            "id": "JVNVU92209185",
            "trust": 0.8
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474",
            "trust": 0.8
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404",
            "trust": 0.6
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160",
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "id": "VAR-201507-0144",
      "iot": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": true,
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          }
        ],
        "trust": 1.35
      },
      "iot_taxonomy": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "category": [
              "Network device"
            ],
            "sub_category": null,
            "trust": 0.6
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          }
        ]
      },
      "last_update_date": "2025-04-13T23:14:31.805000Z",
      "patch": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/patch#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "title": "Advisory: SQL Injection and Reflected Cross Site Scripting Vulnerabilities (CVE-201502849 and CVE-2015-2850)",
            "trust": 0.8,
            "url": "http://www.antlabs.com/advisory-sql-injection-reflected-cross-site-scripting-vulnerabilities/"
          },
          {
            "title": "Patch for ANTlabs InnGate Firmware SQL Injection Vulnerability",
            "trust": 0.6,
            "url": "https://www.cnvd.org.cn/patchInfo/show/60652"
          }
        ],
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          }
        ]
      },
      "problemtype_data": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "problemtype": "CWE-89",
            "trust": 1.8
          }
        ],
        "sources": [
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "references": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/references#",
          "data": {
            "@container": "@list"
          },
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": [
          {
            "trust": 3.3,
            "url": "http://www.kb.cert.org/vuls/id/485324"
          },
          {
            "trust": 0.8,
            "url": "about vulnerability notes"
          },
          {
            "trust": 0.8,
            "url": "contact us about this vulnerability"
          },
          {
            "trust": 0.8,
            "url": "provide a vendor statement"
          },
          {
            "trust": 0.8,
            "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2849"
          },
          {
            "trust": 0.8,
            "url": "http://jvn.jp/vu/jvnvu92209185"
          },
          {
            "trust": 0.8,
            "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-2849"
          },
          {
            "trust": 0.3,
            "url": "http://www.antlabs.com/"
          }
        ],
        "sources": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "sources": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "BID",
            "id": "75560"
          },
          {
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "sources_release_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-07-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "date": "2015-07-06T00:00:00",
            "db": "BID",
            "id": "75560"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "date": "2015-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "date": "2015-07-07T14:59:00.090000",
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "sources_update_date": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
          "data": {
            "@container": "@list"
          }
        },
        "data": [
          {
            "date": "2015-07-06T00:00:00",
            "db": "CERT/CC",
            "id": "VU#485324"
          },
          {
            "date": "2015-07-13T00:00:00",
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "date": "2015-07-06T00:00:00",
            "db": "BID",
            "id": "75560"
          },
          {
            "date": "2015-07-10T00:00:00",
            "db": "JVNDB",
            "id": "JVNDB-2015-003474"
          },
          {
            "date": "2015-07-08T00:00:00",
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          },
          {
            "date": "2025-04-12T10:46:40.837000",
            "db": "NVD",
            "id": "CVE-2015-2849"
          }
        ]
      },
      "threat_type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "remote",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          }
        ],
        "trust": 0.6
      },
      "title": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/title#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "ANTlabs InnGate Firmware SQL Injection Vulnerability",
        "sources": [
          {
            "db": "CNVD",
            "id": "CNVD-2015-04404"
          },
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          }
        ],
        "trust": 1.2
      },
      "type": {
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/type#",
          "sources": {
            "@container": "@list",
            "@context": {
              "@vocab": "https://www.variotdbs.pl/ref/sources#"
            }
          }
        },
        "data": "SQL injection",
        "sources": [
          {
            "db": "CNNVD",
            "id": "CNNVD-201507-160"
          }
        ],
        "trust": 0.6
      }
    }

    CVE-2015-2850 (GCVE-0-2015-2850)

    Vulnerability from nvd – Published: 2015-07-07 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/485324 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#485324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/485324"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-07-07T11:57:03.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#485324",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2850",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#485324",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/485324"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2850",
        "datePublished": "2015-07-07T14:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2849 (GCVE-0-2015-2849)

    Vulnerability from nvd – Published: 2015-07-07 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/485324 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#485324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/485324"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-07-07T11:57:03.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#485324",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#485324",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/485324"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2849",
        "datePublished": "2015-07-07T14:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0932 (GCVE-0-2015-0932)

    Vulnerability from nvd – Published: 2015-04-05 01:00 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
              },
              {
                "name": "VU#930956",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/930956"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-05T01:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
            },
            {
              "name": "VU#930956",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/930956"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-0932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/",
                  "refsource": "MISC",
                  "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
                },
                {
                  "name": "VU#930956",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/930956"
                },
                {
                  "name": "http://blog.cylance.com/spear-team-cve-2015-0932",
                  "refsource": "MISC",
                  "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
                },
                {
                  "name": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133",
                  "refsource": "CONFIRM",
                  "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-0932",
        "datePublished": "2015-04-05T01:00:00.000Z",
        "dateReserved": "2015-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2850 (GCVE-0-2015-2850)

    Vulnerability from cvelistv5 – Published: 2015-07-07 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/485324 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.963Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#485324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/485324"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-07-07T11:57:03.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#485324",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2850",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#485324",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/485324"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2850",
        "datePublished": "2015-07-07T14:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.963Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-2849 (GCVE-0-2015-2849)

    Vulnerability from cvelistv5 – Published: 2015-07-07 14:00 – Updated: 2024-08-06 05:24
    VLAI
    Summary
    SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.kb.cert.org/vuls/id/485324 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2015-07-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T05:24:38.940Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "VU#485324",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/485324"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-07-07T11:57:03.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "name": "VU#485324",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/485324"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-2849",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "VU#485324",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/485324"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-2849",
        "datePublished": "2015-07-07T14:00:00.000Z",
        "dateReserved": "2015-04-03T00:00:00.000Z",
        "dateUpdated": "2024-08-06T05:24:38.940Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0932 (GCVE-0-2015-0932)

    Vulnerability from cvelistv5 – Published: 2015-04-05 01:00 – Updated: 2024-08-06 04:26
    VLAI
    Summary
    The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2015-03-26 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.469Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
              },
              {
                "name": "VU#930956",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/930956"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2015-03-26T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-05T01:57:01.000Z",
            "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
            "shortName": "certcc"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
            },
            {
              "name": "VU#930956",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/930956"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cert@cert.org",
              "ID": "CVE-2015-0932",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, InnGate 3.01 E, InnGate 3.02 E, InnGate 3.10 E, InnGate 3.01 G, and InnGate 3.10 G devices does not require authentication for rsync sessions, which allows remote attackers to read or write to arbitrary files via TCP traffic on port 873."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/",
                  "refsource": "MISC",
                  "url": "http://www.wired.com/2015/03/big-vulnerability-hotel-wi-fi-router-puts-guests-risk/"
                },
                {
                  "name": "VU#930956",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/930956"
                },
                {
                  "name": "http://blog.cylance.com/spear-team-cve-2015-0932",
                  "refsource": "MISC",
                  "url": "http://blog.cylance.com/spear-team-cve-2015-0932"
                },
                {
                  "name": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133",
                  "refsource": "CONFIRM",
                  "url": "http://www.antlabs.com/index.php?option=com_content\u0026view=article\u0026id=195:rsync-remote-file-system-access-vulnerability-cve-2015-0932\u0026catid=54:advisories\u0026Itemid=133"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "assignerShortName": "certcc",
        "cveId": "CVE-2015-0932",
        "datePublished": "2015-04-05T01:00:00.000Z",
        "dateReserved": "2015-01-10T00:00:00.000Z",
        "dateUpdated": "2024-08-06T04:26:11.469Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }