Vulnerability-Lookup

CVE-2018-12715 (GCVE-0-2018-12715)

Vulnerability from cvelistv5 – Published: 2019-07-03 17:20 – Updated: 2024-08-05 08:45

Summary

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

Severity

6.1 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

Assigner

mitre

References

2 references

URL	Tags
https://indiancybersecuritysolutions.com/cve-2018…	x_refsource_MISC
https://www.exploit-db.com/exploits/44955	exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T08:45:01.170Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
          },
          {
            "name": "Exploit Database",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44955"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-07-03T17:20:47.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
        },
        {
          "name": "Exploit Database",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44955"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/",
              "refsource": "MISC",
              "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
            },
            {
              "name": "Exploit Database",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44955"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-12715",
    "datePublished": "2019-07-03T17:20:47.000Z",
    "dateReserved": "2018-06-24T00:00:00.000Z",
    "dateUpdated": "2024-08-05T08:45:01.170Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2018-12715",
      "date": "2026-06-06",
      "epss": "0.00234",
      "percentile": "0.46469"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-12715\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2019-07-03T18:15:10.257\",\"lastModified\":\"2024-11-21T03:45:43.737\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.\"},{\"lang\":\"es\",\"value\":\"Los dispositivos DIGISOL DG-HR3400 tienen XSS a trav\u00e9s de un SSID modificado cuando el valor de apssid no se modifica.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:digisol:dg-hr3400_firmware:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CF9101-1C87-4C76-9E7D-E77FE18EBCFF\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:digisol:dg-hr3400:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6E6951B-4D89-4D90-A98D-51696EA7BD5F\"}]}]}],\"references\":[{\"url\":\"https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44955\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/44955\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CNVD-2019-21435

Vulnerability from cnvd - Published: 2019-07-08

Title

DIGISOL SYSTEMS DG-HR3400跨站脚本漏洞

Description

DIGISOL SYSTEMS DG-HR3400是印度DIGISOL SYSTEMS公司的一款无线路由器。 DIGISOL SYSTEMS DG-HR3400中存在跨站脚本漏洞。该漏洞源于WEB应用缺少对客户端数据的正确验证。攻击者可利用该漏洞执行客户端代码。

Severity

中

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： http://www.digisol.com/

Reference

https://www.exploit-db.com/exploits/44955

Impacted products

Name
DIGISOL SYSTEMS DIGISOL SYSTEMS DG-HR3400

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-12715",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-12715"
    }
  },
  "description": "DIGISOL SYSTEMS DG-HR3400\u662f\u5370\u5ea6DIGISOL SYSTEMS\u516c\u53f8\u7684\u4e00\u6b3e\u65e0\u7ebf\u8def\u7531\u5668\u3002\n\nDIGISOL SYSTEMS DG-HR3400\u4e2d\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8eWEB\u5e94\u7528\u7f3a\u5c11\u5bf9\u5ba2\u6237\u7aef\u6570\u636e\u7684\u6b63\u786e\u9a8c\u8bc1\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u5ba2\u6237\u7aef\u4ee3\u7801\u3002",
  "discovererName": "Adipta Basu",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttp://www.digisol.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-21435",
  "openTime": "2019-07-08",
  "products": {
    "product": "DIGISOL SYSTEMS DIGISOL SYSTEMS DG-HR3400"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/44955",
  "serverity": "\u4e2d",
  "submitTime": "2019-07-05",
  "title": "DIGISOL SYSTEMS DG-HR3400\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

FKIE_CVE-2018-12715

Vulnerability from fkie_nvd - Published: 2019-07-03 18:15 - Updated: 2024-11-21 03:45

Severity

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

References

URL	Tags
cve@mitre.org	https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/	Exploit, Third Party Advisory
cve@mitre.org	https://www.exploit-db.com/exploits/44955	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/44955	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	digisol	dg-hr3400_firmware	-
	digisol	dg-hr3400	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:digisol:dg-hr3400_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "25CF9101-1C87-4C76-9E7D-E77FE18EBCFF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:digisol:dg-hr3400:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E6951B-4D89-4D90-A98D-51696EA7BD5F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged."
    },
    {
      "lang": "es",
      "value": "Los dispositivos DIGISOL DG-HR3400 tienen XSS a trav\u00e9s de un SSID modificado cuando el valor de apssid no se modifica."
    }
  ],
  "id": "CVE-2018-12715",
  "lastModified": "2024-11-21T03:45:43.737",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-03T18:15:10.257",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44955"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44955"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-2RC2-HM22-XR6P

Vulnerability from github – Published: 2022-05-24 16:49 – Updated: 2022-05-24 16:49

Details

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2018-12715"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-07-03T18:15:00Z",
    "severity": "MODERATE"
  },
  "details": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.",
  "id": "GHSA-2rc2-hm22-xr6p",
  "modified": "2022-05-24T16:49:21Z",
  "published": "2022-05-24T16:49:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12715"
    },
    {
      "type": "WEB",
      "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/44955"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2018-12715

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.

Aliases

CVE-2018-12715

Aliases

CVE-2018-12715

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-12715",
    "description": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.",
    "id": "GSD-2018-12715"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-12715"
      ],
      "details": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged.",
      "id": "GSD-2018-12715",
      "modified": "2023-12-13T01:22:30.631056Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2018-12715",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/",
            "refsource": "MISC",
            "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
          },
          {
            "name": "Exploit Database",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/44955"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:digisol:dg-hr3400_firmware:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:digisol:dg-hr3400:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-12715"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "Exploit Database",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/44955"
            },
            {
              "name": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2021-06-21T18:30Z",
      "publishedDate": "2019-07-03T18:15Z"
    }
  }
}

VAR-201907-1151

Vulnerability from variot - Updated: 2024-11-23 22:41

DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. DIGISOL DG-HR3400 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLSYSTEMSDG-HR3400 is a wireless router from DIGISOLSYSTEMS, India. A cross-site scripting vulnerability exists in DIGISOLSYSTEMSDG-HR3400. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201907-1151",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "dg-hr3400",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "digisol",
        "version": null
      },
      {
        "model": "digisol dg-hr3400",
        "scope": null,
        "trust": 0.8,
        "vendor": "smartlink network",
        "version": null
      },
      {
        "model": "systems digisol systems dg-hr3400",
        "scope": null,
        "trust": 0.6,
        "vendor": "digisol",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:digisol:dg-hr3400_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      }
    ]
  },
  "cve": "CVE-2018-12715",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2018-12715",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CNVD-2019-21435",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-122702",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "exploitabilityScore": 2.8,
            "id": "CVE-2018-12715",
            "impactScore": 2.7,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.1,
            "baseSeverity": "Medium",
            "confidentialityImpact": "Low",
            "exploitabilityScore": null,
            "id": "CVE-2018-12715",
            "impactScore": null,
            "integrityImpact": "Low",
            "privilegesRequired": "None",
            "scope": "Changed",
            "trust": 0.8,
            "userInteraction": "Required",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2018-12715",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2018-12715",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2019-21435",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201907-174",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-122702",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. DIGISOL DG-HR3400 The device contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. DIGISOLSYSTEMSDG-HR3400 is a wireless router from DIGISOLSYSTEMS, India. A cross-site scripting vulnerability exists in DIGISOLSYSTEMSDG-HR3400. The vulnerability stems from the lack of proper validation of client data for web applications. An attacker could exploit the vulnerability to execute client code",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2018-12715",
        "trust": 3.1
      },
      {
        "db": "EXPLOIT-DB",
        "id": "44955",
        "trust": 2.3
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "id": "VAR-201907-1151",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      }
    ]
  },
  "last_update_date": "2024-11-23T22:41:27.151000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "DG-HR3400",
        "trust": 0.8,
        "url": "https://www.digisol.com/active_networking/dg-hr3400-h-w-ver-e1-digisol-300mbps-wireless-broadband-home-router/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-79",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://indiancybersecuritysolutions.com/cve-2018-12715-digisol-dg-hr3400/"
      },
      {
        "trust": 2.3,
        "url": "https://www.exploit-db.com/exploits/44955"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-12715"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12715"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "date": "2019-07-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "date": "2019-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "date": "2019-07-03T18:15:10.257000",
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-07-08T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "date": "2019-07-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-122702"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2018-015810"
      },
      {
        "date": "2019-07-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      },
      {
        "date": "2024-11-21T03:45:43.737000",
        "db": "NVD",
        "id": "CVE-2018-12715"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "DIGISOL SYSTEMS DG-HR3400 Cross-Site Scripting Vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2019-21435"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      }
    ],
    "trust": 1.2
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "XSS",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201907-174"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-12715 (GCVE-0-2018-12715)

CNVD-2019-21435

FKIE_CVE-2018-12715

GHSA-2RC2-HM22-XR6P

GSD-2018-12715

VAR-201907-1151

Tags

Sightings

Nomenclature