Find a vulnerability
Search criteria
6 vulnerabilities by ravpower
VAR-201801-1485
Vulnerability from variot - Updated: 2024-11-23 23:08RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. RAVPower FileHub Contains an information disclosure vulnerability.Information may be obtained. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. A security vulnerability exists in the RAVPowerFileHub2.000.056 version
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1485",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "filehub",
"scope": "eq",
"trust": 3.0,
"vendor": "ravpower",
"version": "2.000.056"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ravpower:filehub_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
}
]
},
"cve": "CVE-2018-5319",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5319",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-03107",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-135350",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5319",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5319",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2018-5319",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2018-03107",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-916",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135350",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request. RAVPower FileHub Contains an information disclosure vulnerability.Information may be obtained. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. A security vulnerability exists in the RAVPowerFileHub2.000.056 version",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5319"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-135350",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135350"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOIT-DB",
"id": "43856",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-5319",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-03107",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146069",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-135350",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"id": "VAR-201801-1485",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
}
]
},
"last_update_date": "2024-11-23T23:08:47.538000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ravpower.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135350"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.exploit-db.com/exploits/43856/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5319"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5319"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"db": "VULHUB",
"id": "VHN-135350"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"date": "2018-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-135350"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"date": "2018-01-24T15:29:01.217000",
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-03107"
},
{
"date": "2018-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-135350"
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001596"
},
{
"date": "2018-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-916"
},
{
"date": "2024-11-21T04:08:34.907000",
"db": "NVD",
"id": "CVE-2018-5319"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "RAVPower FileHub Vulnerable to information disclosure",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001596"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-916"
}
],
"trust": 0.6
}
}
VAR-201801-1392
Vulnerability from variot - Updated: 2024-11-23 23:02An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. RAVPower Filehub Contains path traversal vulnerabilities and unsafe uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. HTTPServer is one of the HTTP servers. A remote code execution vulnerability exists in RAVPowerFilehub. The HTTP Server in RAVPower Filehub version 2.000.056 has a path traversal vulnerability
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "filehub",
"scope": "eq",
"trust": 3.0,
"vendor": "ravpower",
"version": "2.000.056"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
},
{
"db": "NVD",
"id": "CVE-2018-5997"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ravpower:filehub_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
}
]
},
"cve": "CVE-2018-5997",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2018-5997",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-02999",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-136029",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-5997",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-5997",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-5997",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-02999",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-975",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-136029",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2018-5997",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "VULMON",
"id": "CVE-2018-5997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
},
{
"db": "NVD",
"id": "CVE-2018-5997"
}
]
},
"description": {
"_id": null,
"data": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root. RAVPower Filehub Contains path traversal vulnerabilities and unsafe uploads of dangerous types of files.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. RAVPowerFileHub is a versatile digital device from RAVPower Corporation of the United States. The device also has features such as a card reader, USB storage, and a NAS file server. HTTPServer is one of the HTTP servers. A remote code execution vulnerability exists in RAVPowerFilehub. The HTTP Server in RAVPower Filehub version 2.000.056 has a path traversal vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "VULMON",
"id": "CVE-2018-5997"
}
],
"trust": 2.34
},
"exploit_availability": {
"_id": null,
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-136029",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=43871",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "VULMON",
"id": "CVE-2018-5997"
}
]
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2018-5997",
"trust": 3.2
},
{
"db": "EXPLOIT-DB",
"id": "43871",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02999",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "146073",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-136029",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5997",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "VULMON",
"id": "CVE-2018-5997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
},
{
"db": "NVD",
"id": "CVE-2018-5997"
}
]
},
"id": "VAR-201801-1392",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "VULHUB",
"id": "VHN-136029"
}
],
"trust": 1.325
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
}
]
},
"last_update_date": "2024-11-23T23:02:13.672000Z",
"patch": {
"_id": null,
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.ravpower.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
},
{
"problemtype": "CWE-434",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "NVD",
"id": "CVE-2018-5997"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 3.3,
"url": "https://www.exploit-db.com/exploits/43871/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5997"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5997"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/434.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02999"
},
{
"db": "VULHUB",
"id": "VHN-136029"
},
{
"db": "VULMON",
"id": "CVE-2018-5997"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
},
{
"db": "NVD",
"id": "CVE-2018-5997"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02999",
"ident": null
},
{
"db": "VULHUB",
"id": "VHN-136029",
"ident": null
},
{
"db": "VULMON",
"id": "CVE-2018-5997",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001580",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201801-975",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2018-5997",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2018-02-08T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02999",
"ident": null
},
{
"date": "2018-01-25T00:00:00",
"db": "VULHUB",
"id": "VHN-136029",
"ident": null
},
{
"date": "2018-01-25T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5997",
"ident": null
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001580",
"ident": null
},
{
"date": "2018-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-975",
"ident": null
},
{
"date": "2018-01-25T17:29:00.303000",
"db": "NVD",
"id": "CVE-2018-5997",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2018-02-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02999",
"ident": null
},
{
"date": "2018-02-12T00:00:00",
"db": "VULHUB",
"id": "VHN-136029",
"ident": null
},
{
"date": "2018-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5997",
"ident": null
},
{
"date": "2018-02-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001580",
"ident": null
},
{
"date": "2018-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-975",
"ident": null
},
{
"date": "2024-11-21T04:09:51.103000",
"db": "NVD",
"id": "CVE-2018-5997",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "RAVPower Filehub Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001580"
}
],
"trust": 0.8
},
"type": {
"_id": null,
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-975"
}
],
"trust": 0.6
}
}
CVE-2018-5997 (GCVE-0-2018-5997)
Vulnerability from nvd – Published: 2018-01-25 17:00 – Updated: 2024-08-05 05:47- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43871/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43871/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-25T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43871/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43871",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43871/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5997",
"datePublished": "2018-01-25T17:00:00.000Z",
"dateReserved": "2018-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5319 (GCVE-0-2018-5319)
Vulnerability from nvd – Published: 2018-01-24 15:00 – Updated: 2024-08-05 05:33- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43856/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43856/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43856/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43856",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43856/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5319",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2018-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5997 (GCVE-0-2018-5997)
Vulnerability from cvelistv5 – Published: 2018-01-25 17:00 – Updated: 2024-08-05 05:47- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43871/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43871/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-24T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-25T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43871",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43871/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the HTTP Server in RAVPower Filehub 2.000.056. Due to an unrestricted upload feature and a path traversal vulnerability, it is possible to upload a file on a filesystem with root privileges: this will lead to remote code execution as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43871",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43871/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5997",
"datePublished": "2018-01-25T17:00:00.000Z",
"dateReserved": "2018-01-22T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.209Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5319 (GCVE-0-2018-5319)
Vulnerability from cvelistv5 – Published: 2018-01-24 15:00 – Updated: 2024-08-05 05:33- n/a
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/43856/ | exploitx_refsource_EXPLOIT-DB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:33:43.812Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "43856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43856/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-01-23T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-24T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "43856",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43856/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-5319",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "RAVPower FileHub 2.000.056 allows remote users to steal sensitive information via a crafted HTTP request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "43856",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43856/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-5319",
"datePublished": "2018-01-24T15:00:00.000Z",
"dateReserved": "2018-01-09T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:33:43.812Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}