VAR-201803-1341
Vulnerability from variot - Updated: 2024-11-23 22:55Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. UCOPIA Wireless Appliance The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCOPIAWirelessAppliance is a wireless device from UCOPIA, France. A security vulnerability exists in the restricted management shells in versions prior to UCOPIAWirelessAppliance 4.4.20, 5.0.x prior to 5.0.19, and 5.1.x prior to 5.1.11. The vulnerability stems from a program failing to properly filter input
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201803-1341",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wireless appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "ucopia",
"version": "5.0.19"
},
{
"model": "wireless appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "ucopia",
"version": "5.1"
},
{
"model": "wireless appliance",
"scope": "gte",
"trust": 1.0,
"vendor": "ucopia",
"version": "5.0"
},
{
"model": "wireless appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "ucopia",
"version": "5.1.11"
},
{
"model": "wireless appliance",
"scope": "lt",
"trust": 1.0,
"vendor": "ucopia",
"version": "4.4.20"
},
{
"model": "wireless appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ucopia",
"version": "5.0.19"
},
{
"model": "wireless appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "ucopia",
"version": "5.1.x"
},
{
"model": "wireless appliance",
"scope": "eq",
"trust": 0.8,
"vendor": "ucopia",
"version": "5.1.11"
},
{
"model": "wireless appliance",
"scope": "lt",
"trust": 0.8,
"vendor": "ucopia",
"version": "5.0.x"
},
{
"model": "wireless appliance devices",
"scope": "lt",
"trust": 0.6,
"vendor": "ucopia",
"version": "4.4.20"
},
{
"model": "wireless appliance devices",
"scope": "eq",
"trust": 0.6,
"vendor": "ucopia",
"version": "5.0.*\u003c5.0.19"
},
{
"model": "wireless appliance devices",
"scope": "eq",
"trust": 0.6,
"vendor": "ucopia",
"version": "5.1.*\u003c5.1.11"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:ucopia:ucopia_wireless_appliance",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
}
]
},
"cve": "CVE-2017-17743",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2017-17743",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2018-08805",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.8,
"id": "CVE-2017-17743",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17743",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17743",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-08805",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201712-699",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2017-17743",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices before 4.4.20, 5.0.x before 5.0.19, and 5.1.x before 5.1.11 allows authenticated remote attackers to escape the shell and escalate their privileges by uploading a .bashrc file containing the /bin/sh string. In some situations, authentication can be achieved via the bhu85tgb default password for the admin account. UCOPIA Wireless Appliance The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. UCOPIAWirelessAppliance is a wireless device from UCOPIA, France. A security vulnerability exists in the restricted management shells in versions prior to UCOPIAWirelessAppliance 4.4.20, 5.0.x prior to 5.0.19, and 5.1.x prior to 5.1.11. The vulnerability stems from a program failing to properly filter input",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "VULMON",
"id": "CVE-2017-17743"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17743",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-08805",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201712-699",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2017-17743",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"id": "VAR-201803-1341",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
}
],
"trust": 1.2895833300000001
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
}
]
},
"last_update_date": "2024-11-23T22:55:59.376000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.ucopia.com/en/"
},
{
"title": "UCOPIAWirelessAppliance privilege escalation vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/127973"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://securite.intrinsec.com/2018/03/19/cve-2017-17743-ucopia-shell-escape/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17743"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17743"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/287.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"date": "2018-03-22T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"date": "2017-12-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"date": "2018-03-22T05:29:00.237000",
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-05-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-08805"
},
{
"date": "2018-04-18T00:00:00",
"db": "VULMON",
"id": "CVE-2017-17743"
},
{
"date": "2018-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-013008"
},
{
"date": "2018-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201712-699"
},
{
"date": "2024-11-21T03:18:34.227000",
"db": "NVD",
"id": "CVE-2017-17743"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UCOPIA Wireless Appliance Authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-013008"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201712-699"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…