Search
Find a vulnerability
Search criteria
9 vulnerabilities by hyundai
CVE-2025-55618 (GCVE-0-2025-55618)
Vulnerability from nvd – Published: 2025-08-27 00:00 – Updated: 2025-08-27 20:27
VLAI
Summary
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T20:26:47.040027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:27:40.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:03:03.420Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://hyundai.com"
},
{
"url": "https://github.com/MatJosephs/CVEs/tree/main/CVE-2025-55618"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-55618",
"datePublished": "2025-08-27T00:00:00.000Z",
"dateReserved": "2025-08-13T00:00:00.000Z",
"dateUpdated": "2025-08-27T20:27:40.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6054 (GCVE-0-2017-6054)
Vulnerability from nvd – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
VLAI
Summary
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/98033 | vdb-entryx_refsource_BID |
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Hyundai Motor America Blue Link |
Affected:
Hyundai Motor America Blue Link
|
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hyundai Motor America Blue Link",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hyundai Motor America Blue Link"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyundai Motor America Blue Link",
"version": {
"version_data": [
{
"version_value": "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98033"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6054",
"datePublished": "2017-04-26T14:00:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6052 (GCVE-0-2017-6052)
Vulnerability from nvd – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
VLAI
Summary
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/98033 | vdb-entryx_refsource_BID |
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Hyundai Motor America Blue Link |
Affected:
Hyundai Motor America Blue Link
|
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hyundai Motor America Blue Link",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hyundai Motor America Blue Link"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyundai Motor America Blue Link",
"version": {
"version_data": [
{
"version_value": "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98033"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6052",
"datePublished": "2017-04-26T14:00:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-55618 (GCVE-0-2025-55618)
Vulnerability from cvelistv5 – Published: 2025-08-27 00:00 – Updated: 2025-08-27 20:27
VLAI
Summary
In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-55618",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-27T20:26:47.040027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:27:40.936Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Hyundai Navigation App STD5W.EUR.HMC.230516.afa908d, an attacker can inject HTML payloads in the profile name field in navigation app which then get rendered."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-27T20:03:03.420Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://hyundai.com"
},
{
"url": "https://github.com/MatJosephs/CVEs/tree/main/CVE-2025-55618"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2025-55618",
"datePublished": "2025-08-27T00:00:00.000Z",
"dateReserved": "2025-08-13T00:00:00.000Z",
"dateUpdated": "2025-08-27T20:27:40.936Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6054 (GCVE-0-2017-6054)
Vulnerability from cvelistv5 – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
VLAI
Summary
A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/98033 | vdb-entryx_refsource_BID |
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Hyundai Motor America Blue Link |
Affected:
Hyundai Motor America Blue Link
|
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.799Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hyundai Motor America Blue Link",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hyundai Motor America Blue Link"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6054",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyundai Motor America Blue Link",
"version": {
"version_data": [
{
"version_value": "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-321"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98033"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6054",
"datePublished": "2017-04-26T14:00:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.799Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-6052 (GCVE-0-2017-6052)
Vulnerability from cvelistv5 – Published: 2017-04-26 14:00 – Updated: 2024-08-05 15:18
VLAI
Summary
A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints.
Severity
No CVSS data available.
CWE
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03 | x_refsource_MISC |
| http://www.securityfocus.com/bid/98033 | vdb-entryx_refsource_BID |
| https://community.rapid7.com/community/infosec/bl… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | Hyundai Motor America Blue Link |
Affected:
Hyundai Motor America Blue Link
|
Date Public
2017-04-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T15:18:49.753Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Hyundai Motor America Blue Link",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Hyundai Motor America Blue Link"
}
]
}
],
"datePublic": "2017-04-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-300",
"description": "CWE-300",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-04-27T09:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/98033"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2017-6052",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Hyundai Motor America Blue Link",
"version": {
"version_data": [
{
"version_value": "Hyundai Motor America Blue Link"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-300"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-17-115-03"
},
{
"name": "98033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/98033"
},
{
"name": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed",
"refsource": "MISC",
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2017-6052",
"datePublished": "2017-04-26T14:00:00.000Z",
"dateReserved": "2017-02-16T00:00:00.000Z",
"dateUpdated": "2024-08-05T15:18:49.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-201704-1010
Vulnerability from variot - Updated: 2025-04-20 23:27A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. Blue Link Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. HyundaiMotorBlueLink is a new car from Hyundai Motor. A security bypass vulnerability exists in HyundaiMotorAmericaBlueLink 3.9.5 and 3.9.4. An information disclosure vulnerability 2. A security-bypass vulnerability An attacker may leverage these issues to gain sensitive information and bypass certain security restrictions and perform unauthorized actions. Blue Link version 3.9.5 and 3.9.4 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blue link",
"scope": "eq",
"trust": 1.6,
"vendor": "hyundaiusa",
"version": "3.9.5"
},
{
"model": "blue link",
"scope": "eq",
"trust": 1.6,
"vendor": "hyundaiusa",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.8,
"vendor": "hyundai motor america",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.8,
"vendor": "hyundai motor america",
"version": "3.9.5"
},
{
"model": "motor america blue link",
"scope": "eq",
"trust": 0.6,
"vendor": "hyundai",
"version": "3.9.5"
},
{
"model": "motor america blue link",
"scope": "eq",
"trust": 0.6,
"vendor": "hyundai",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.3,
"vendor": "hyundai",
"version": "3.9.5"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.3,
"vendor": "hyundai",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "blue link",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "blue link",
"version": "3.9.5"
}
],
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hyundaiusa:blue_link",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Hatzer and Arjun Kumar working with Rapid7.",
"sources": [
{
"db": "BID",
"id": "98033"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6052",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2017-6052",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2017-06731",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "HIGH",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"exploitabilityScore": 1.2,
"id": "CVE-2017-6052",
"impactScore": 2.5,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6052",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2017-6052",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2017-06731",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1451",
"trust": 0.6,
"value": "LOW"
},
{
"author": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb",
"trust": 0.2,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. Communication channel endpoints are not verified, which may allow a remote attacker to access or influence communications between the identified endpoints. Blue Link Contains vulnerabilities related to authorization, permissions, and access control.Information may be obtained and information may be altered. HyundaiMotorBlueLink is a new car from Hyundai Motor. A security bypass vulnerability exists in HyundaiMotorAmericaBlueLink 3.9.5 and 3.9.4. An information disclosure vulnerability\n2. A security-bypass vulnerability\nAn attacker may leverage these issues to gain sensitive information and bypass certain security restrictions and perform unauthorized actions. \nBlue Link version 3.9.5 and 3.9.4 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6052"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6052",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-115-03",
"trust": 3.3
},
{
"db": "BID",
"id": "98033",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-06731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614",
"trust": 0.8
},
{
"db": "IVD",
"id": "FAA671C0-1526-4BB8-9B04-B94BCCE92BDB",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"id": "VAR-201704-1010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
}
]
},
"last_update_date": "2025-04-20T23:27:25.992000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Blue Link",
"trust": 0.8,
"url": "https://www.hyundaiusa.com/bluelink/index.aspx"
},
{
"title": "HyundaiMotorAmericaBlueLink Security Bypass Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93816"
},
{
"title": "Hyundai Motor America Blue Link Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69680"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-300",
"trust": 1.0
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-03"
},
{
"trust": 1.6,
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/98033"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6052"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6052"
},
{
"trust": 0.3,
"url": "https://www.hyundaiusa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"date": "2017-04-25T00:00:00",
"db": "BID",
"id": "98033"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"date": "2017-04-26T14:59:00.160000",
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-06731"
},
{
"date": "2017-05-02T00:10:00",
"db": "BID",
"id": "98033"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003614"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1451"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6052"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hyundai Motor America Blue Link Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "faa671c0-1526-4bb8-9b04-b94bcce92bdb"
},
{
"db": "CNVD",
"id": "CNVD-2017-06731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1451"
}
],
"trust": 0.6
}
}
VAR-201704-1011
Vulnerability from variot - Updated: 2025-04-20 23:27A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201704-1011",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "blue link",
"scope": "eq",
"trust": 1.6,
"vendor": "hyundaiusa",
"version": "3.9.5"
},
{
"model": "blue link",
"scope": "eq",
"trust": 1.6,
"vendor": "hyundaiusa",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.8,
"vendor": "hyundai motor america",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.8,
"vendor": "hyundai motor america",
"version": "3.9.5"
},
{
"model": "motor america blue link",
"scope": "eq",
"trust": 0.6,
"vendor": "hyundai",
"version": "3.9.5"
},
{
"model": "motor america blue link",
"scope": "eq",
"trust": 0.6,
"vendor": "hyundai",
"version": "3.9.4"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.3,
"vendor": "hyundai",
"version": "3.9.5"
},
{
"model": "blue link",
"scope": "eq",
"trust": 0.3,
"vendor": "hyundai",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "blue link",
"version": "3.9.4"
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "blue link",
"version": "3.9.5"
}
],
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:hyundaiusa:blue_link",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Will Hatzer and Arjun Kumar working with Rapid7.",
"sources": [
{
"db": "BID",
"id": "98033"
}
],
"trust": 0.3
},
"cve": "CVE-2017-6054",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2017-6054",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2017-05788",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2017-6054",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-6054",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2017-6054",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2017-05788",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201704-1450",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44",
"trust": 0.2,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai Motor America Blue Link 3.9.5 and 3.9.4. The application uses a hard-coded decryption password to protect sensitive user information. HyundaiMotorAmericaBlueLink is a remote wireless remote control device for use in cars. An attacker could exploit this vulnerability to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-6054"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-6054",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-17-115-03",
"trust": 2.7
},
{
"db": "BID",
"id": "98033",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2017-05788",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615",
"trust": 0.8
},
{
"db": "IVD",
"id": "7EE1BC97-3498-4BD2-9FF2-84847959EE44",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"id": "VAR-201704-1011",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
}
],
"trust": 1.8
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
}
]
},
"last_update_date": "2025-04-20T23:27:25.956000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Blue Link",
"trust": 0.8,
"url": "https://www.hyundaiusa.com/bluelink/index.aspx"
},
{
"title": "HyundaiMotorAmericaBlueLink Patch for Sensitive Information Disclosure Vulnerabilities",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/93017"
},
{
"title": "Hyundai Motor America Blue Link Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=69679"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-798",
"trust": 1.8
},
{
"problemtype": "CWE-321",
"trust": 1.0
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-17-115-03"
},
{
"trust": 2.2,
"url": "https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/98033"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-6054"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-6054"
},
{
"trust": 0.3,
"url": "https://www.hyundaiusa.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"db": "BID",
"id": "98033"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-02T00:00:00",
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"date": "2017-05-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"date": "2017-04-25T00:00:00",
"db": "BID",
"id": "98033"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"date": "2017-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"date": "2017-04-26T14:59:00.207000",
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-05-02T00:00:00",
"db": "CNVD",
"id": "CNVD-2017-05788"
},
{
"date": "2017-05-02T00:10:00",
"db": "BID",
"id": "98033"
},
{
"date": "2017-05-31T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-003615"
},
{
"date": "2019-10-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201704-1450"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-6054"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hyundai Motor America Blue Link Sensitive Information Disclosure Vulnerability",
"sources": [
{
"db": "IVD",
"id": "7ee1bc97-3498-4bd2-9ff2-84847959ee44"
},
{
"db": "CNVD",
"id": "CNVD-2017-05788"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201704-1450"
}
],
"trust": 0.6
}
}
VAR-200112-0191
Vulnerability from variot - Updated: 2025-04-03 22:39SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections. It is manufactured by Hyundai Networks. When installed, the router does not prompt the user to change the password. Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200112-0191",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ha-120 dsl router",
"scope": "eq",
"trust": 1.0,
"vendor": "speedxess",
"version": "*"
},
{
"model": "ha-120 dsl router",
"scope": null,
"trust": 0.6,
"vendor": "speedxess",
"version": null
},
{
"model": "ha-120 hase-120-1101",
"scope": null,
"trust": 0.3,
"vendor": "hyundai",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced in a WOWHACKER Security Advisory on December 04, 2001.",
"sources": [
{
"db": "BID",
"id": "3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
}
],
"trust": 0.9
},
"cve": "CVE-2001-1538",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2001-1538",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4339",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2001-1538",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200112-234",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4339",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4339"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SpeedXess HA-120 DSL router has a default administrative password of \"speedxess\", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections. It is manufactured by Hyundai Networks. \nWhen installed, the router does not prompt the user to change the password. Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1538"
},
{
"db": "BID",
"id": "3617"
},
{
"db": "VULHUB",
"id": "VHN-4339"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3617",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2001-1538",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20011203 SPEEDXESS HASE-120 ROUTER DEFAULT PASSWORD",
"trust": 0.6
},
{
"db": "XF",
"id": "7655",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4339",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4339"
},
{
"db": "BID",
"id": "3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"id": "VAR-200112-0191",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4339"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:39:10.362000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3617"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7655.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4339"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4339"
},
{
"db": "BID",
"id": "3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-4339"
},
{
"date": "2001-12-04T00:00:00",
"db": "BID",
"id": "3617"
},
{
"date": "2001-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"date": "2001-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4339"
},
{
"date": "2001-12-04T00:00:00",
"db": "BID",
"id": "3617"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200112-234"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2001-1538"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SpeedXess HA-120 Router default management password vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "3617"
},
{
"db": "CNNVD",
"id": "CNNVD-200112-234"
}
],
"trust": 0.9
}
}