CVE-2018-0512

Published: Feb 8, 2018Modified: Nov 21, 2024

6.8

Vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: NVD

Description

Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.

Affected (45)

Products: Iodata: Hdl Xr Firmware, Hdl Xrw Firmware, Hdl Xr2u Firmware, Hdl Xr2uw Firmware, Hdl Xv Firmware, Hdl Xvw Firmware, Hdl Gt Firmware, Hdl Gtr Firmware, Hdl A Firmware, Hdl Ah Firmware, Hdl2 A Firmware, Hdl2 Ah Firmware, Hdl T Firmware, Hls C Firmware, Hvl A Firmware, Hvl At Firmware, Hvl Ata Firmware, Hvl S Firmware, Hfas1 Firmware, Whg Napg Firmware, Whg Napga Firmware, Whg Napgal Firmware, Whg Ac1750a Firmware, Whg Ac1750 Firmware, Whg Ac1750al Firmware, Wn Ax1167gr Firmware, Wn Gx300gr Firmware, Wnpr2600g Firmware, Wnpr1750g Firmware, Wnpr1167g Firmware, Wnpr1167f Firmware, Wn Ag750dgr Firmware, Wn G300r Firmware, Wn G300r3 Firmware, Wn Ag300dgr Firmware, Wn Ac1600dgr Firmware, Wn Ac1167dgr Firmware, Wn G300ex Firmware, Wn Ac1300ex Firmware, Wn Ac583trk Firmware, Wn Ac583rk Firmware, Wn G300sr Firmware, Bx Vp1 Firmware, Gv Ntx1 Firmware, Gv Ntx2 Firmware

45 products

Whg Ac1750al Firmware

Wn Ac1600dgr Firmware

Wn Ac1167dgr Firmware

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xr Firmware	Up to 2.01

Running on/with	Platform Versions
Iodata Hdl Xr	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xrw Firmware	Up to 2.01

Running on/with	Platform Versions
Iodata Hdl Xrw	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xr2u Firmware	Up to 2.01

Running on/with	Platform Versions
Iodata Hdl Xr2u	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xr2uw Firmware	Up to 2.01

Running on/with	Platform Versions
Iodata Hdl Xr2uw	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xv Firmware	Up to 1.50

Running on/with	Platform Versions
Iodata Hdl Xv	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Xvw Firmware	Up to 1.50

Running on/with	Platform Versions
Iodata Hdl Xvw	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Gt Firmware	Up to 1.37

Running on/with	Platform Versions
Iodata Hdl Gt	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Gtr Firmware	Up to 1.37

Running on/with	Platform Versions
Iodata Hdl Gtr	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl A Firmware	Up to 1.26

Running on/with	Platform Versions
Iodata Hdl A	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl Ah Firmware	Up to 1.26

Running on/with	Platform Versions
Iodata Hdl Ah	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl2 A Firmware	Up to 1.26

Running on/with	Platform Versions
Iodata Hdl2 A	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl2 Ah Firmware	Up to 1.26

Running on/with	Platform Versions
Iodata Hdl2 Ah	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hdl T Firmware	Up to 1.12

Running on/with	Platform Versions
Iodata Hdl T	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hls C Firmware	Up to 1.12

Running on/with	Platform Versions
Iodata Hls C	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hvl A Firmware	Up to 2.04

Running on/with	Platform Versions
Iodata Hvl A	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hvl At Firmware	Up to 2.04

Running on/with	Platform Versions
Iodata Hvl At	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hvl Ata Firmware	Up to 2.04

Running on/with	Platform Versions
Iodata Hvl Ata	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hvl S Firmware	Up to 1.00

Running on/with	Platform Versions
Iodata Hvl S	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Hfas1 Firmware	Up to 1.40

Running on/with	Platform Versions
Iodata Hfas1	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Napg Firmware	Up to 1.08

Running on/with	Platform Versions
Iodata Whg Napg	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Napga Firmware	Up to 1.08

Running on/with	Platform Versions
Iodata Whg Napga	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Napgal Firmware	Up to 1.05

Running on/with	Platform Versions
Iodata Whg Napgal	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Ac1750a Firmware	Up to 3.00

Running on/with	Platform Versions
Iodata Whg Ac1750a	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Ac1750 Firmware	Up to 1.07

Running on/with	Platform Versions
Iodata Whg Ac1750	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Whg Ac1750al Firmware	Up to 1.07

Running on/with	Platform Versions
Iodata Whg Ac1750al	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ax1167gr Firmware	Up to 3.11

Running on/with	Platform Versions
Iodata Wn Ax1167gr	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Gx300gr Firmware	Up to 2.00

Running on/with	Platform Versions
Iodata Wn Gx300gr	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wnpr2600g Firmware	Up to 1.01

Running on/with	Platform Versions
Iodata Wnpr2600g	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wnpr1750g Firmware	Up to 1.01

Running on/with	Platform Versions
Iodata Wnpr1750g	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wnpr1167g Firmware	Up to 1.00

Running on/with	Platform Versions
Iodata Wnpr1167g	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wnpr1167f Firmware	Up to 1.00

Running on/with	Platform Versions
Iodata Wnpr1167f	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ag750dgr Firmware	Up to 1.08

Running on/with	Platform Versions
Iodata Wn Ag750dgr	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn G300r Firmware	Up to 1.14

Running on/with	Platform Versions
Iodata Wn G300r	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn G300r3 Firmware	Up to 1.04

Running on/with	Platform Versions
Iodata Wn G300r3	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ag300dgr Firmware	Up to 1.05

Running on/with	Platform Versions
Iodata Wn Ag300dgr	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac1600dgr Firmware	Up to 2.06

Running on/with	Platform Versions
Iodata Wn Ac1600dgr	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac1167dgr Firmware	Up to 1.02

Running on/with	Platform Versions
Iodata Wn Ac1167dgr	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn G300ex Firmware	Up to 1.01

Running on/with	Platform Versions
Iodata Wn G300ex	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac1300ex Firmware	Up to 1.02

Running on/with	Platform Versions
Iodata Wn Ac1300ex	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac583trk Firmware	Up to 1.05

Running on/with	Platform Versions
Iodata Wn Ac583trk	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn Ac583rk Firmware	Up to 1.06

Running on/with	Platform Versions
Iodata Wn Ac583rk	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Wn G300sr Firmware	Up to 1.00

Running on/with	Platform Versions
Iodata Wn G300sr	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Bx Vp1 Firmware	Up to 2.01

Running on/with	Platform Versions
Iodata Bx Vp1	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Gv Ntx1 Firmware	Up to 1.02.00

Running on/with	Platform Versions
Iodata Gv Ntx1	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Iodata Gv Ntx2 Firmware	Up to 1.02.00

Running on/with	Platform Versions
Iodata Gv Ntx2	All versions

Related CWEs

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.

References (4)

http://www.iodata.jp/support/information/2018/magicalfinder/

Source: vultures@jpcert.or.jp

Vendor Advisory

https://jvn.jp/en/jp/JVN36048131/index.html

Source: vultures@jpcert.or.jp

Third Party AdvisoryVDB Entry

http://www.iodata.jp/support/information/2018/magicalfinder/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jvn.jp/en/jp/JVN36048131/index.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.