VAR-201211-0481
Vulnerability from variot - Updated: 2022-05-17 02:08Multiple remote command execution vulnerabilities exist in the Cisco WAG120N. Remote attackers exploit these vulnerabilities to perform arbitrary commands or root access to help fully control the affected device. The Cisco WAG120N is a wireless routing device. The Cisco WAG120N /setup.cgi?next_file=Setup_DDNS.htm script failed to properly filter user-submitted input, and all fields were not properly filtered, allowing attackers to inject something like \"qwe.com;cat /etc/passwd> /www/Routercfg. Cfg;\" string to the Hostname field, you can execute arbitrary commands with root privileges. This may facilitate a complete compromise of an affected device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0481",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wag120n",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Manuel Fern??ndez",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
],
"trust": 0.6
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2012-7794",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2012-7794",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple remote command execution vulnerabilities exist in the Cisco WAG120N. Remote attackers exploit these vulnerabilities to perform arbitrary commands or root access to help fully control the affected device. The Cisco WAG120N is a wireless routing device. The Cisco WAG120N /setup.cgi?next_file=Setup_DDNS.htm script failed to properly filter user-submitted input, and all fields were not properly filtered, allowing attackers to inject something like \\\"qwe.com;cat /etc/passwd\u003e /www/Routercfg. Cfg;\\\" string to the Hostname field, you can execute arbitrary commands with root privileges. This may facilitate a complete compromise of an affected device",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"db": "BID",
"id": "56648"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "56648",
"trust": 2.1
},
{
"db": "CNVD",
"id": "CNVD-2012-7794",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2012-6721",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201211-466",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"db": "BID",
"id": "56648"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
]
},
"id": "VAR-201211-0481",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
}
],
"trust": 2.2
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
}
]
},
"last_update_date": "2022-05-17T02:08:14.214000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/56648"
},
{
"trust": 0.6,
"url": "http://archives.neohapsis.com/archives/fulldisclosure/current/0159.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://seclists.org/fulldisclosure/2012/nov/158"
},
{
"trust": 0.3,
"url": "http://homesupport.cisco.com/en-us/support/gateways/wag120n"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"db": "BID",
"id": "56648"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"db": "BID",
"id": "56648"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"date": "2012-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"date": "2012-11-22T00:00:00",
"db": "BID",
"id": "56648"
},
{
"date": "2012-11-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"date": "2012-11-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-6721"
},
{
"date": "2012-11-22T00:00:00",
"db": "BID",
"id": "56648"
},
{
"date": "2012-11-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco WAG120N Multiple Remote Command Execution Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-7794"
},
{
"db": "BID",
"id": "56648"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-466"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Input Validation Error",
"sources": [
{
"db": "BID",
"id": "56648"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…