CVE-2015-6023 (GCVE-0-2015-6023)

Vulnerability from cvelistv5 – Published: 2017-02-09 15:00 – Updated: 2024-08-06 07:06

Summary

Severity ?

No CVSS data available.

CWE

Assigner

certcc

References

URL

Tags

	https://www.exploit-db.com/exploits/39762/	exploitx_refsource_EXPLOIT-DB
	http://seclists.org/fulldisclosure/2016/May/18	mailing-listx_refsource_FULLDISC
	http://packetstormsecurity.com/files/136901/NetCo…	x_refsource_MISC
	http://www.securityfocus.com/archive/1/538297/100…	mailing-listx_refsource_BUGTRAQ
	http://seclists.org/fulldisclosure/2016/May/13	mailing-listx_refsource_FULLDISC
	http://www.securityfocus.com/archive/1/538263/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/bid/96383	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:06:35.214Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "39762",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/39762/"
          },
          {
            "name": "20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/May/18"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
          },
          {
            "name": "20160505 Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
          },
          {
            "name": "20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2016/May/13"
          },
          {
            "name": "20160503 NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
          },
          {
            "name": "96383",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/96383"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2016-05-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "39762",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/39762/"
        },
        {
          "name": "20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/May/18"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
        },
        {
          "name": "20160505 Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
        },
        {
          "name": "20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2016/May/13"
        },
        {
          "name": "20160503 NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
        },
        {
          "name": "96383",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/96383"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6023",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39762",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/39762/"
            },
            {
              "name": "20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/May/18"
            },
            {
              "name": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
            },
            {
              "name": "20160505 Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
            },
            {
              "name": "20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2016/May/13"
            },
            {
              "name": "20160503 NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
            },
            {
              "name": "96383",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/96383"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2015-6023",
    "datePublished": "2017-02-09T15:00:00",
    "dateReserved": "2015-08-14T00:00:00",
    "dateUpdated": "2024-08-06T07:06:35.214Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-6023\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2017-02-09T15:59:00.300\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.\"},{\"lang\":\"es\",\"value\":\"ping.cgi en routers wireless NetCommWireless HSPA 3G10WVE con firmware en versiones anteriores a 3G10WVE-L101-S306ETS-C01_R05 permite a atacantes remotos eludir las restricciones de acceso previstas a trav\u00e9s de una solicitud directa. NOTA: Este problema puede ser combinado con CVE-2015-6024 para ejecutar comandos arbitrarios.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BD52297-1031-4917-8221-C4EBFE83EF4A\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87C2314F-46CA-4625-97CE-336CE885FC41\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/May/13\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/May/18\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/538263/100/0/threaded\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/538297/100/0/threaded\",\"source\":\"cret@cert.org\"},{\"url\":\"http://www.securityfocus.com/bid/96383\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/39762/\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/May/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2016/May/18\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/538263/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/538297/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/96383\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.exploit-db.com/exploits/39762/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2016-02892

Vulnerability from cnvd - Published: 2016-05-10

Title

HELP NetCommWireless HSPA 3G10WVE安全绕过漏洞

Description

HELP NetCommWireless HSPA 3G10WVE是阿联酋HELP公司的一款无线路由器产品。 HELP NetCommWireless HSPA 3G10WVE存在身份验证绕过漏洞，允许远程攻击者可利用该漏洞提交特殊请求，未授权访问设备。

Severity

高

Patch Name

HELP NetCommWireless HSPA 3G10WVE安全绕过漏洞的补丁

Patch Description

HELP NetCommWireless HSPA 3G10WVE是阿联酋HELP公司的一款无线路由器产品。 HELP NetCommWireless HSPA 3G10WVE存在身份验证绕过漏洞，允许远程攻击者可利用该漏洞提交特殊请求，未授权访问设备。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： http://www.netcommwireless.com/

Reference

https://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html

Impacted products

Name
HELP NetCommWireless HSPA 3G10WVE

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6023"
    }
  },
  "description": "HELP NetCommWireless HSPA 3G10WVE\u662f\u963f\u8054\u914bHELP\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nHELP NetCommWireless HSPA 3G10WVE\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u8bbe\u5907\u3002",
  "discovererName": "Bhadresh Patel",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttp://www.netcommwireless.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-02892",
  "openTime": "2016-05-10",
  "patchDescription": "HELP NetCommWireless HSPA 3G10WVE\u662f\u963f\u8054\u914bHELP\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\nHELP NetCommWireless HSPA 3G10WVE\u5b58\u5728\u8eab\u4efd\u9a8c\u8bc1\u7ed5\u8fc7\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63d0\u4ea4\u7279\u6b8a\u8bf7\u6c42\uff0c\u672a\u6388\u6743\u8bbf\u95ee\u8bbe\u5907\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "HELP NetCommWireless HSPA 3G10WVE\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "HELP NetCommWireless HSPA 3G10WVE"
  },
  "referenceLink": "https://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html",
  "serverity": "\u9ad8",
  "submitTime": "2016-05-07",
  "title": "HELP NetCommWireless HSPA 3G10WVE\u5b89\u5168\u7ed5\u8fc7\u6f0f\u6d1e"
}

FKIE_CVE-2015-6023

Vulnerability from fkie_nvd - Published: 2017-02-09 15:59 - Updated: 2025-04-20 01:37

Severity ?

7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Summary

References

URL	Tags
cret@cert.org	http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
cret@cert.org	http://seclists.org/fulldisclosure/2016/May/13	Exploit, Mailing List, Third Party Advisory
cret@cert.org	http://seclists.org/fulldisclosure/2016/May/18	Mailing List, Third Party Advisory
cret@cert.org	http://www.securityfocus.com/archive/1/538263/100/0/threaded
cret@cert.org	http://www.securityfocus.com/archive/1/538297/100/0/threaded
cret@cert.org	http://www.securityfocus.com/bid/96383	Third Party Advisory, VDB Entry
cret@cert.org	https://www.exploit-db.com/exploits/39762/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/May/13	Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2016/May/18	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/538263/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/538297/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/96383	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/39762/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	netcommwireless	hspa_3g10wve_firmware	3g10wve-l101-s306ets-c01_r03
	netcommwireless	hspa_3g10wve	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BD52297-1031-4917-8221-C4EBFE83EF4A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "87C2314F-46CA-4625-97CE-336CE885FC41",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."
    },
    {
      "lang": "es",
      "value": "ping.cgi en routers wireless NetCommWireless HSPA 3G10WVE con firmware en versiones anteriores a 3G10WVE-L101-S306ETS-C01_R05 permite a atacantes remotos eludir las restricciones de acceso previstas a trav\u00e9s de una solicitud directa. NOTA: Este problema puede ser combinado con CVE-2015-6024 para ejecutar comandos arbitrarios."
    }
  ],
  "id": "CVE-2015-6023",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-02-09T15:59:00.300",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/13"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/18"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
    },
    {
      "source": "cret@cert.org",
      "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96383"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39762/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2016/May/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/96383"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/39762/"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201702-0312

Vulnerability from variot - Updated: 2025-04-20 23:20

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. This may lead to further attacks. NetCommWireless Wireless Router 3G10WVE-L101-S306ETS-C01_R03 is vulnerable; other versions may also be affected. Title: ====

NetCommWireless HSPA 3G10WVE Wireless Router \x96 Multiple vulnerabilities

Credit:

Name: Bhadresh Patel Company/affiliation: HelpAG Website: www.helpag.com

CVE:

CVE-2015-6023, CVE-2016-6024

Date:

03-05-2016 (dd/mm/yyyy)

Vendor:

NetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet.

Products and services: Wireless 3G/4G broadband devices Custom engineered technologies Broadband communication devices

Customers: Telecommunications carriers Internet Service Providers System Integrators Channel partners Enterprise customers

Product:

HSPA 3G10WVE is a wireless router

It integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel & get instant access to 3G internet connection. Featuring voice port which means that one can stay connected using the internet & phone. If one need a flexible internet connection for his business or at home; this is the perfect solution.

Report-Timeline:

03-09-2015: Vendor notification 08-09-2015: Vendor Response/Feedback 02-05-2016: Vendor Fix/Patch 03-05-2016: Public Disclosure

Affected Software Version:

3G10WVE-L101-S306ETS-C01_R03

Exploitation-Technique:

Remote

Severity Rating (CVSS):

10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Details:

Below listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network.

1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023 2) Command injection vulnerability - CVE-2016-6024

Vulnerable module/page/application: ping.cgi

Vulnerable parameter: DIA_IPADDRESS

Proof Of Concept:

PoC URL: http(s):///ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd

PoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk

Patched/Fixed Firmware and notes:

ftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin

NOTE: Verified only by Vendor

Credits:

Bhadresh Patel Senior Security Analyst HelpAG (www.helpag.com)

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201702-0312",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hspa 3g10wve",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "netcommwireless",
        "version": "3g10wve-l101-s306ets-c01_r03"
      },
      {
        "model": "netcommwireless hspa 3g10wve",
        "scope": null,
        "trust": 0.8,
        "vendor": "netcomm",
        "version": null
      },
      {
        "model": "netcommwireless hspa 3g10wve",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "netcomm",
        "version": "3g10wve-l101-s306ets-c01_r05"
      },
      {
        "model": "netcommwireless hspa 3g10wve",
        "scope": null,
        "trust": 0.6,
        "vendor": "help",
        "version": null
      },
      {
        "model": "wireless hspa 3g10wve-l101-s306ets",
        "scope": null,
        "trust": 0.3,
        "vendor": "netcomm",
        "version": null
      },
      {
        "model": "wireless hspa 3g10wve-l101-s306ets",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "netcomm",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "BID",
        "id": "96383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/h:netcommwireless:hspa_3g10wve",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:netcommwireless:hspa_3g10wve_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Bhadresh Patel.",
    "sources": [
      {
        "db": "BID",
        "id": "96383"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-6023",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2015-6023",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "SINGLE",
            "author": "CNVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 8.0,
            "id": "CNVD-2016-02892",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-83984",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 3.9,
            "id": "CVE-2015-6023",
            "impactScore": 3.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-6023",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-6023",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2016-02892",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201605-127",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-83984",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2015-6023",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands. HELPNetCommWirelessHSPA3G10WVE is a wireless router product from HELP of the United Arab Emirates. This may lead to further attacks. \nNetCommWireless  Wireless Router 3G10WVE-L101-S306ETS-C01_R03 is vulnerable; other versions may also be affected. Title:\n====\n\nNetCommWireless HSPA 3G10WVE Wireless Router \\x96 Multiple vulnerabilities\n\nCredit:\n======\n\nName: Bhadresh Patel\nCompany/affiliation: HelpAG\nWebsite: www.helpag.com\n\nCVE:\n=====\n\nCVE-2015-6023, CVE-2016-6024\n\nDate:\n====\n\n03-05-2016 (dd/mm/yyyy)\n\nVendor:\n======\n\nNetComm Wireless is a leading developer and supplier of high performance communication devices that connect businesses and people to the internet. \n\nProducts and services:\nWireless 3G/4G broadband devices\nCustom engineered technologies\nBroadband communication devices\n\nCustomers:\nTelecommunications carriers\nInternet Service Providers\nSystem Integrators\nChannel partners\nEnterprise customers\n\nProduct:\n=======\n\nHSPA 3G10WVE is a wireless router\n\nIt integrates a wireless LAN, HSPA module and voice gateway into one stylish unit. Insert an active HSPA SIM Card into the slot on the rear panel \u0026 get instant access to 3G internet connection. Featuring voice port which means that one can stay connected using the internet \u0026 phone. If one need a flexible internet connection for his business or at home; this is the perfect solution. \n\nReport-Timeline:\n============\n03-09-2015: Vendor notification\n08-09-2015: Vendor Response/Feedback\n02-05-2016: Vendor Fix/Patch\n03-05-2016: Public Disclosure\n\nAffected Software Version:\n=============\n\n3G10WVE-L101-S306ETS-C01_R03\n\n\nExploitation-Technique:\n===================\n\nRemote\n\n\nSeverity Rating (CVSS):\n===================\n\n10.0 (Critical) (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)\n\n\nDetails:\n=======\n\nBelow listed vulnerabilities enable an anonymous unauthorized attacker to gain access of network troubleshooting page (ping.cgi) on wireless router and inject commands to compromise full system/network. \n\n1) Bypass authentication and gain unauthorized access vulnerability - CVE-2015-6023\n2) Command injection vulnerability - CVE-2016-6024\n\nVulnerable module/page/application: ping.cgi\n\nVulnerable parameter: DIA_IPADDRESS\n\nProof Of Concept:\n================\n\nPoC URL: http(s)://\u003cvictim_IP\u003e/ping.cgi?DIA_IPADDRESS=4.2.2.2;cat%20/etc/passwd\n\nPoC Video: https://www.youtube.com/watch?v=FS43MRG7RDk\n\nPatched/Fixed Firmware and notes:\n==========================\n\nftp://files.planetnetcomm.com/3G10WVE/3G10WVE-L101-S306ETS-C01_R05.bin\n\nNOTE: Verified only by Vendor\n\n\n\nCredits:\n=======\n\nBhadresh Patel\nSenior Security Analyst\nHelpAG (www.helpag.com)\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "BID",
        "id": "96383"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "db": "PACKETSTORM",
        "id": "136901"
      }
    ],
    "trust": 2.7
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-83984",
        "trust": 0.1,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=39762",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-6023",
        "trust": 3.6
      },
      {
        "db": "PACKETSTORM",
        "id": "136901",
        "trust": 3.3
      },
      {
        "db": "EXPLOIT-DB",
        "id": "39762",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "96383",
        "trust": 1.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892",
        "trust": 0.6
      },
      {
        "db": "SEEBUG",
        "id": "SSVID-91441",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "db": "BID",
        "id": "96383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "PACKETSTORM",
        "id": "136901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "id": "VAR-201702-0312",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      }
    ],
    "trust": 1.53333335
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      }
    ]
  },
  "last_update_date": "2025-04-20T23:20:06.742000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.netcommwireless.com/"
      },
      {
        "title": "HELPNetCommWirelessHSPA3G10WVE Security Bypass Vulnerability Patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/75437"
      },
      {
        "title": "NetCommWireless HSPA 3G10WVE Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=61450"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.2,
        "url": "http://packetstormsecurity.com/files/136901/netcommwireless-hspa-3g10wve-authentication-bypass-code-execution.html"
      },
      {
        "trust": 2.1,
        "url": "http://seclists.org/fulldisclosure/2016/may/18"
      },
      {
        "trust": 1.9,
        "url": "https://www.exploit-db.com/exploits/39762/"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2016/may/13"
      },
      {
        "trust": 1.3,
        "url": "http://www.securityfocus.com/bid/96383"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
      },
      {
        "trust": 1.2,
        "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6023"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6023"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/538297/100/0/threaded"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/538263/100/0/threaded"
      },
      {
        "trust": 0.3,
        "url": "http://www.netcommwireless.com/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/284.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.helpag.com)"
      },
      {
        "trust": 0.1,
        "url": "https://www.youtube.com/watch?v=fs43mrg7rdk"
      },
      {
        "trust": 0.1,
        "url": "https://www.helpag.com"
      },
      {
        "trust": 0.1,
        "url": "http://www.etisalat.ae/nrd/en/generic/3.5g_router.jsp"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-6024"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "db": "BID",
        "id": "96383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "PACKETSTORM",
        "id": "136901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "db": "BID",
        "id": "96383"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "db": "PACKETSTORM",
        "id": "136901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "date": "2017-02-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "date": "2017-02-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "date": "2017-02-09T00:00:00",
        "db": "BID",
        "id": "96383"
      },
      {
        "date": "2017-03-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "date": "2016-05-03T23:16:49",
        "db": "PACKETSTORM",
        "id": "136901"
      },
      {
        "date": "2016-05-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "date": "2017-02-09T15:59:00.300000",
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-05-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2016-02892"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-83984"
      },
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULMON",
        "id": "CVE-2015-6023"
      },
      {
        "date": "2017-03-07T04:04:00",
        "db": "BID",
        "id": "96383"
      },
      {
        "date": "2017-03-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      },
      {
        "date": "2017-02-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      },
      {
        "date": "2025-04-20T01:37:25.860000",
        "db": "NVD",
        "id": "CVE-2015-6023"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "136901"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "NetCommWireless HSPA 3G10WVE Wireless Router Of firmware  ping.cgi Vulnerable to access restrictions",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007391"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201605-127"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-6023

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-6023

Aliases

CVE-2015-6023

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-6023",
    "description": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.",
    "id": "GSD-2015-6023",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-6023"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-6023"
      ],
      "details": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.",
      "id": "GSD-2015-6023",
      "modified": "2023-12-13T01:20:04.377372Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cert@cert.org",
        "ID": "CVE-2015-6023",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "39762",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/39762/"
          },
          {
            "name": "20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/May/18"
          },
          {
            "name": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
          },
          {
            "name": "20160505 Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
          },
          {
            "name": "20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2016/May/13"
          },
          {
            "name": "20160503 NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
          },
          {
            "name": "96383",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/96383"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:netcommwireless:hspa_3g10wve_firmware:3g10wve-l101-s306ets-c01_r03:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:netcommwireless:hspa_3g10wve:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2015-6023"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "39762",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/39762/"
            },
            {
              "name": "20160506 Re: NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/18"
            },
            {
              "name": "20160506 NetCommWireless HSPA 3G10WVE Wireless Router - Multiple vulnerabilities",
              "refsource": "FULLDISC",
              "tags": [
                "Exploit",
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2016/May/13"
            },
            {
              "name": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
            },
            {
              "name": "96383",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/96383"
            },
            {
              "name": "20160505 Re: NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
            },
            {
              "name": "20160503 NetCommWireless HSPA 3G10WVE Wireless Router Multiple vulnerabilities",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.4
        }
      },
      "lastModifiedDate": "2018-10-09T19:57Z",
      "publishedDate": "2017-02-09T15:59Z"
    }
  }
}

GHSA-3252-V683-V8QV

Vulnerability from github – Published: 2022-05-14 02:48 – Updated: 2025-04-20 03:32

Details

Severity ?

7.3 (High)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-6023"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-02-09T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request.  NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands.",
  "id": "GHSA-3252-v683-v8qv",
  "modified": "2025-04-20T03:32:34Z",
  "published": "2022-05-14T02:48:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-6023"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/39762"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/136901/NetCommWireless-HSPA-3G10WVE-Authentication-Bypass-Code-Execution.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/May/13"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2016/May/18"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/538263/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/538297/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/96383"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-6023 (GCVE-0-2015-6023)

CNVD-2016-02892

FKIE_CVE-2015-6023

VAR-201702-0312

Credit:

CVE:

Date:

Vendor:

Product:

Report-Timeline:

Affected Software Version:

Exploitation-Technique:

Severity Rating (CVSS):

Details:

Proof Of Concept:

Patched/Fixed Firmware and notes:

Credits:

GSD-2015-6023

GHSA-3252-V683-V8QV

Tags

Sightings

Nomenclature