VAR-201805-0245
Vulnerability from variot - Updated: 2024-11-23 21:39An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the "old password" field in the change password form allows an attacker to bypass validation of this field. plural WatchGuard The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WatchGuardAP100, AP102 and AP200 are different series of indoor wireless access point devices from WatchGuard. A security vulnerability exists in WatchGuardAP100, AP102, AP200, and AP300. Introduction
Multiple vulnerabilities can be chained together in a number of WatchGuard AP products which result in pre-authenticated remote code execution.
The vendor has produced a knowledge-base article[1] and announcement[2] regarding these issues.
ZX Security would like to commend the prompt response and resolution of these reported issues by the vendor.
Product
Several WatchGuard Access Points running firmware before v1.2.9.15 are affected, including: * AP100 * AP102 * AP200
The AP300 is also affected by issues 2, 3 and 4 when running firmware before 2.0.0.10.
The latest firmware update resolves these issues.
Technical Details
1) Hard-coded credentials
CVE-2018-10575
A hard-coded user exists in /etc/passwd. The vendor has requested the specific password and hash be withheld until users can apply the patch. There is no way for a user of the access point to change this password. An attacker who is aware of this password is able to access the device over SSH and pivot network requests through the device, though they may not run commands as the shell is set to /bin/false.
2) Hidden authentication method in web interface allows for authentication bypass
CVE-2018-10576
The standard authentication method for accessing the webserver involves submitting an HTML form. This uses a username and password separate from the standard Linux based /etc/passwd authentication. An alternative authentication method was identified from reviewing the source code whereby setting the HTTP headers AUTH_USER and AUTH_PASS, credentials are instead tested against the standard Linux /etc/passwd file. This allows an attacker to use the hardcoded credentials found previously (see 1. Hard-coded credentials) to gain web access to the device. An example command that demonstrates this issue is: curl https://watchguard-ap200/cgi-bin/luci -H "AUTH_USER: admin" -H "AUTH_PASS: [REDACTED]" -k -v
This session allows for complete access to the web interface as an administrator.
3) Hidden "wgupload" functionality allows for file uploads as root and remote code execution
CVE-2018-10577
Reviewing the code reveals file upload functionality that is not shown to the user via the web interface. An attacker needs only a serial number (which is displayed to the user when they login to the device through the standard web interface and can be retrieved programmatically) and a valid session. An example request to demonstrate this issue is: res = send_request_cgi({ 'method' => 'POST', 'uri' => "/cgi-bin/luci/;#{stok}/wgupload", 'headers' => { 'AUTH_USER' => 'admin', 'AUTH_PASS' => '[REDACTED]', }, 'cookie' => "#{sysauth}; serial=#{serial}; filename=/www/cgi-bin/payload.luci; md5sum=fail", 'data' => "#!/usr/bin/lua os.execute('touch /code-execution'); })
An attacker can then visit the URL http://watchguard-ap200/cgi-bin/payload.luci to execute this command (or any other command). An attacker is able to simply modify the JavaScript to avoid this check or perform the POST request manually.
Metasploit Module
ZX Security will be releasing a Metasploit module which automates exploitation of this chain of vulnerabilities. This has been delayed till 30 days after the initial patch was made available to ensure users are able to patch their devices. The module and the hard-coded password will be released on May the 14th 2018.
Disclosure Timeline
Vendor notification: April 04, 2018 Vendor response: April 06, 2018 Firmware update released to public: April 13, 2018 Metasploit module release: May 14, 2018
References
[1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues&SFDCID=kA62A0000000LIy [2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201805-0245",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ap100",
"scope": "lt",
"trust": 2.4,
"vendor": "watchguard",
"version": "1.2.9.15"
},
{
"model": "ap200",
"scope": "lt",
"trust": 2.4,
"vendor": "watchguard",
"version": "1.2.9.15"
},
{
"model": "ap102",
"scope": "lt",
"trust": 2.4,
"vendor": "watchguard",
"version": "1.2.9.15"
},
{
"model": "ap300",
"scope": "lt",
"trust": 2.4,
"vendor": "watchguard",
"version": "2.0.0.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:watchguard:ap100_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:watchguard:ap102_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:watchguard:ap200_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:watchguard:ap300_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Stephen Shkardoon",
"sources": [
{
"db": "PACKETSTORM",
"id": "147468"
}
],
"trust": 0.1
},
"cve": "CVE-2018-10578",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2018-10578",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-15405",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"id": "CVE-2018-10578",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2018-10578",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "CVE-2018-10578",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2018-15405",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201805-094",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on WatchGuard AP100, AP102, and AP200 devices with firmware before 1.2.9.15, and AP300 devices with firmware before 2.0.0.10. Incorrect validation of the \"old password\" field in the change password form allows an attacker to bypass validation of this field. plural WatchGuard The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. WatchGuardAP100, AP102 and AP200 are different series of indoor wireless access point devices from WatchGuard. A security vulnerability exists in WatchGuardAP100, AP102, AP200, and AP300. Introduction\n============\n\nMultiple vulnerabilities can be chained together in a number of\nWatchGuard AP products which result in pre-authenticated remote code\nexecution. \n\nThe vendor has produced a knowledge-base article[1] and\nannouncement[2] regarding these issues. \n\nZX Security would like to commend the prompt response and resolution\nof these reported issues by the vendor. \n\nProduct\n=======\n\nSeveral WatchGuard Access Points running firmware before v1.2.9.15 are\naffected, including:\n* AP100\n* AP102\n* AP200\n\nThe AP300 is also affected by issues 2, 3 and 4 when running firmware\nbefore 2.0.0.10. \n\nThe latest firmware update resolves these issues. \n\nTechnical Details\n=================\n\n1) Hard-coded credentials\n-------------------------\nCVE-2018-10575\n\nA hard-coded user exists in /etc/passwd. The vendor has requested the\nspecific password and hash be withheld until users can apply the\npatch. \nThere is no way for a user of the access point to change this\npassword. An attacker who is aware of this password is able to access\nthe device over SSH and pivot network requests through the device,\nthough they may not run commands as the shell is set to /bin/false. \n\n2) Hidden authentication method in web interface allows for\nauthentication bypass\n---------------------------------------------------------------------------------\nCVE-2018-10576\n\nThe standard authentication method for accessing the webserver\ninvolves submitting an HTML form. This uses a username and password\nseparate from the standard Linux based /etc/passwd authentication. \nAn alternative authentication method was identified from reviewing the\nsource code whereby setting the HTTP headers AUTH_USER and AUTH_PASS,\ncredentials are instead tested against the standard Linux /etc/passwd\nfile. This allows an attacker to use the hardcoded credentials found\npreviously (see 1. Hard-coded credentials) to gain web access to the\ndevice. \nAn example command that demonstrates this issue is:\n curl https://watchguard-ap200/cgi-bin/luci -H \"AUTH_USER:\nadmin\" -H \"AUTH_PASS: [REDACTED]\" -k -v\n\nThis session allows for complete access to the web interface as an\nadministrator. \n\n3) Hidden \"wgupload\" functionality allows for file uploads as root and\nremote code execution\n--------------------------------------------------------------------------------------------\nCVE-2018-10577\n\nReviewing the code reveals file upload functionality that is not shown\nto the user via the web interface. An attacker needs only a serial\nnumber (which is displayed to the user when they login to the device\nthrough the standard web interface and can be retrieved\nprogrammatically) and a valid session. \nAn example request to demonstrate this issue is:\n res = send_request_cgi({\n \u0027method\u0027 =\u003e \u0027POST\u0027,\n \u0027uri\u0027 =\u003e \"/cgi-bin/luci/;#{stok}/wgupload\",\n \u0027headers\u0027 =\u003e {\n \u0027AUTH_USER\u0027 =\u003e \u0027admin\u0027,\n \u0027AUTH_PASS\u0027 =\u003e \u0027[REDACTED]\u0027,\n },\n \u0027cookie\u0027 =\u003e \"#{sysauth}; serial=#{serial};\nfilename=/www/cgi-bin/payload.luci; md5sum=fail\",\n \u0027data\u0027 =\u003e \"#!/usr/bin/lua\nos.execute(\u0027touch /code-execution\u0027);\n })\n\nAn attacker can then visit the URL\nhttp://watchguard-ap200/cgi-bin/payload.luci to execute this command\n(or any other command). An attacker is able to simply modify the JavaScript\nto avoid this check or perform the POST request manually. \n\nMetasploit Module\n=================\n\nZX Security will be releasing a Metasploit module which automates\nexploitation of this chain of vulnerabilities. This has been delayed\ntill 30 days after the initial patch was made available to ensure\nusers are able to patch their devices. \nThe module and the hard-coded password will be released on May the 14th 2018. \n\nDisclosure Timeline\n===================\n\nVendor notification: April 04, 2018\nVendor response: April 06, 2018\nFirmware update released to public: April 13, 2018\nMetasploit module release: May 14, 2018\n\nReferences\n==========\n\n[1] https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues\u0026SFDCID=kA62A0000000LIy\n[2] https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-10578"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "PACKETSTORM",
"id": "147468"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-10578",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2018-15405",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "147468",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "PACKETSTORM",
"id": "147468"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"id": "VAR-201805-0245",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
}
],
"trust": 0.8766217999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
}
]
},
"last_update_date": "2024-11-23T21:39:05.433000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "New Firmware Available for AP100/AP102/AP200/AP300 with Security Vulnerability Fixes",
"trust": 0.8,
"url": "https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes"
},
{
"title": "Article ID :000011351",
"trust": 0.8,
"url": "https://watchguardsupport.secure.force.com/publicKB?type=KBSecurityIssues\u0026SFDCID=kA62A0000000LIy"
},
{
"title": "WatchGuardAP100, AP102, and AP200 security bypass vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/137443"
},
{
"title": "WatchGuard AP100 , AP102 and AP200 Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79829"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "http://seclists.org/fulldisclosure/2018/may/12"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10578"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-10578"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10577"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10576"
},
{
"trust": 0.1,
"url": "http://watchguard-ap200/cgi-bin/payload.luci"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-10575"
},
{
"trust": 0.1,
"url": "https://watchguard-ap200/cgi-bin/luci"
},
{
"trust": 0.1,
"url": "https://www.watchguard.com/wgrd-blog/new-firmware-available-ap100ap102ap200ap300-security-vulnerability-fixes"
},
{
"trust": 0.1,
"url": "https://watchguardsupport.secure.force.com/publickb?type=kbsecurityissues\u0026sfdcid=ka62a0000000liy"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "PACKETSTORM",
"id": "147468"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"db": "PACKETSTORM",
"id": "147468"
},
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-15T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"date": "2018-05-03T00:01:32",
"db": "PACKETSTORM",
"id": "147468"
},
{
"date": "2018-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"date": "2018-05-02T21:29:01.043000",
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-08-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-15405"
},
{
"date": "2018-06-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-004918"
},
{
"date": "2018-05-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201805-094"
},
{
"date": "2024-11-21T03:41:35.967000",
"db": "NVD",
"id": "CVE-2018-10578"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural WatchGuard Vulnerability related to input validation in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-004918"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201805-094"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…