Find a vulnerability
Search criteria
9 vulnerabilities by systech
VAR-201604-0295
Vulnerability from variot - Updated: 2025-04-12 23:22flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remotely authenticated user 5066 ( alias dnsmasq) An arbitrary command may be executed via a parameter. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. The vulnerability is constructed with root privileges and runs arbitrary commands with the '5066' parameter in the POST request of the flu.cgi file. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syslink sl-1000 modular gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "systech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "systech",
"version": "01a.8"
},
{
"model": "syslink sl-1000 m2m modular gateway \u003c01a.8",
"scope": null,
"trust": 0.6,
"vendor": "systech",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:systech:syslink_sl-1000_modular_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:systech:syslink_sl-1000_modular_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Faynberg , Jeremy Allen of Carve Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2332",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "CVE-2016-2332",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02644",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"id": "VHN-91151",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2016-2332",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2332",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2332",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2016-02644",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-549",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91151",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter. Supplementary information : CWE Vulnerability type by CWE-77: Improper Neutralization of Special Elements used in a Command ( Command injection ) Has been identified. http://cwe.mitre.org/data/definitions/77.htmlBy a remotely authenticated user 5066 ( alias dnsmasq) An arbitrary command may be executed via a parameter. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. The vulnerability is constructed with root privileges and runs arbitrary commands with the \u00275066\u0027 parameter in the POST request of the flu.cgi file. A hard-coded password authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2332"
},
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "VULHUB",
"id": "VHN-91151"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2016-2332",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU98139587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02644",
"trust": 0.6
},
{
"db": "BID",
"id": "87337",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91151",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"id": "VAR-201604-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
}
]
},
"last_update_date": "2025-04-12T23:22:09.641000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SysLINK M2M Gateway",
"trust": 0.8,
"url": "http://www.systech.com/syslink-m2m-modular-gateway"
},
{
"title": "Patch for SystechSysLINKM2MModularGateway Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74842"
},
{
"title": "Systech SysLINK SL-1000 M2M Modular Gateway Fixes for command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61233"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-77",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/822980"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2332"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2332"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98139587/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"db": "VULHUB",
"id": "VHN-91151"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"date": "2016-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91151"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"date": "2016-04-25T18:59:03.230000",
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02644"
},
{
"date": "2016-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-91151"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002409"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-549"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2332"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK M2M Modular Gateway contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-549"
}
],
"trust": 0.6
}
}
VAR-201604-0296
Vulnerability from variot - Updated: 2025-04-12 23:22SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers' installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. The SysLINK SL-1000 M2M (Machine-to-Machine) Modular Gateway contains multiple vulnerabilities. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic. Systech SysLINK SL-1000 M2M ((Machine-to-Machine) Modular Gateway is a router product of Systech Corporation of the United States that provides DHCP, NAT, VPN and firewall functions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0296",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syslink sl-1000 modular gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "systech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "systech",
"version": "01a.8"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:systech:syslink_sl-1000_modular_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:systech:syslink_sl-1000_modular_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Faynberg , Jeremy Allen of Carve Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2333",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2333",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91152",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2333",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2333",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2016-2333",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-550",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-91152",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers\u0027 installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation. The SysLINK SL-1000 M2M (Machine-to-Machine) Modular Gateway contains multiple vulnerabilities. A hard-coded password authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic. Systech SysLINK SL-1000 M2M ((Machine-to-Machine) Modular Gateway is a router product of Systech Corporation of the United States that provides DHCP, NAT, VPN and firewall functions",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2333"
},
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "VULHUB",
"id": "VHN-91152"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2016-2333",
"trust": 2.8
},
{
"db": "JVN",
"id": "JVNVU98139587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550",
"trust": 0.7
},
{
"db": "BID",
"id": "87337",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91152",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "VULHUB",
"id": "VHN-91152"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"id": "VAR-201604-0296",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-91152"
}
],
"trust": 0.7666666999999999
},
"last_update_date": "2025-04-12T23:22:09.608000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SysLINK M2M Gateway",
"trust": 0.8,
"url": "http://www.systech.com/syslink-m2m-modular-gateway"
},
{
"title": "Systech SysLINK SL-1000 M2M Modular Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61234"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/822980"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2333"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98139587/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2333"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "VULHUB",
"id": "VHN-91152"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "VULHUB",
"id": "VHN-91152"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91152"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"date": "2016-04-25T18:59:04.183000",
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-05-04T00:00:00",
"db": "VULHUB",
"id": "VHN-91152"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002410"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-550"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2333"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK M2M Modular Gateway contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-550"
}
],
"trust": 0.6
}
}
VAR-201604-0294
Vulnerability from variot - Updated: 2025-04-12 23:22The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. In addition, JVNVU#98139587 Then CWE-259 It is published as CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlAccess may be obtained by a third party. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. Permissions exist in the web interface of SystechSysLINKSL-1000M2MModularGateway using firmware prior to 01A.8. Obtain a vulnerability in which the program uses hard-coded passwords and does not alert administrators to changes. A hard-coded password authentication-bypass vulnerability 2. A command-injection vulnerability 3. A hard-coded cryptographic key vulnerability Attackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0294",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "syslink sl-1000 modular gateway",
"scope": "eq",
"trust": 1.6,
"vendor": "systech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": null,
"trust": 0.8,
"vendor": "systech",
"version": null
},
{
"model": "syslink sl-1000 m2m modular gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "systech",
"version": "01a.8"
},
{
"model": "syslink sl-1000 m2m modular gateway \u003c01a.8",
"scope": null,
"trust": 0.6,
"vendor": "systech",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:systech:syslink_sl-1000_modular_gateway",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:systech:syslink_sl-1000_modular_gateway_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Roman Faynberg , Jeremy Allen of Carve Systems",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
},
"cve": "CVE-2016-2331",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2016-2331",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02643",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-91150",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2016-2331",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2016-2331",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2016-2331",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2016-02643",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-548",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-91150",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors. In addition, JVNVU#98139587 Then CWE-259 It is published as CWE-259: Use of Hard-coded Password http://cwe.mitre.org/data/definitions/259.htmlAccess may be obtained by a third party. SystechSysLINKSL-1000M2M (Machine-to-Machine) ModularGateway is a router product from Systech, USA that provides DHCP, NAT, VPN and firewall functions. Permissions exist in the web interface of SystechSysLINKSL-1000M2MModularGateway using firmware prior to 01A.8. Obtain a vulnerability in which the program uses hard-coded passwords and does not alert administrators to changes. A hard-coded password authentication-bypass vulnerability\n2. A command-injection vulnerability\n3. A hard-coded cryptographic key vulnerability\nAttackers can exploit these issues to bypass authentication mechanisms, to execute arbitrary commands in context of the affected application and to read and modify intercepted traffic",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2331"
},
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "VULHUB",
"id": "VHN-91150"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2016-2331",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU98139587",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02643",
"trust": 0.6
},
{
"db": "BID",
"id": "87337",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-91150",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"id": "VAR-201604-0294",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
}
]
},
"last_update_date": "2025-04-12T23:22:09.571000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SysLINK M2M Gateway",
"trust": 0.8,
"url": "http://www.systech.com/syslink-m2m-modular-gateway"
},
{
"title": "SystechSysLINKM2MModularGateway permission to obtain patch for vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/74841"
},
{
"title": "Systech SysLINK SL-1000 M2M Modular Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61232"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/822980"
},
{
"trust": 1.4,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2331"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2331"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu98139587/index.html"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#822980"
},
{
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"db": "VULHUB",
"id": "VHN-91150"
},
{
"db": "BID",
"id": "87337"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"date": "2016-04-25T00:00:00",
"db": "VULHUB",
"id": "VHN-91150"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"date": "2016-04-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"date": "2016-04-25T18:59:02.310000",
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-22T00:00:00",
"db": "CERT/CC",
"id": "VU#822980"
},
{
"date": "2016-04-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02643"
},
{
"date": "2016-05-31T00:00:00",
"db": "VULHUB",
"id": "VHN-91150"
},
{
"date": "2016-04-22T00:00:00",
"db": "BID",
"id": "87337"
},
{
"date": "2016-05-06T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002408"
},
{
"date": "2016-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-548"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2016-2331"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SysLINK M2M Modular Gateway contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#822980"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-548"
}
],
"trust": 0.6
}
}
CVE-2016-2333 (GCVE-0-2016-2333)
Vulnerability from nvd – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers\u0027 installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers\u0027 installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2333",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2332 (GCVE-0-2016-2332)
Vulnerability from nvd – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2332",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2331 (GCVE-0-2016-2331)
Vulnerability from nvd – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2331",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2333 (GCVE-0-2016-2333)
Vulnerability from cvelistv5 – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers\u0027 installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2333",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 use the same hardcoded encryption key across different customers\u0027 installations, which allows attackers to defeat cryptographic protection mechanisms by leveraging knowledge of this key from another installation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2333",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2331 (GCVE-0-2016-2331)
Vulnerability from cvelistv5 – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 has a default password, which makes it easier for remote attackers to obtain access via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2331",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2332 (GCVE-0-2016-2332)
Vulnerability from cvelistv5 – Published: 2016-04-25 18:00 – Updated: 2024-08-05 23:24- n/a
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/822980 | third-party-advisoryx_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:48.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-04-25T17:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "VU#822980",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/822980"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2016-2332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with firmware before 01A.8 allows remote authenticated users to execute arbitrary commands via the 5066 (aka dnsmasq) parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#822980",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/822980"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2016-2332",
"datePublished": "2016-04-25T18:00:00.000Z",
"dateReserved": "2016-02-12T00:00:00.000Z",
"dateUpdated": "2024-08-05T23:24:48.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}