cvelistv5 - CVE-2017-2283

CVE-2017-2283

Vulnerability from cvelistv5

Published

2017-08-02 16:00

Modified

2024-08-05 13:48

Severity ?

Summary

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

References

URL	Tags
vultures@jpcert.or.jp	http://www.iodata.jp/support/information/2017/wn-g300r3_2/	Vendor Advisory
vultures@jpcert.or.jp	https://jvn.jp/en/jp/JVN51410509/index.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.iodata.jp/support/information/2017/wn-g300r3_2/	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jvn.jp/en/jp/JVN51410509/index.html	Third Party Advisory, VDB Entry

Impacted products

▼	Vendor	Product
	I-O DATA DEVICE, INC.	WN-G300R3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:48:05.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "JVN#51410509",
            "tags": [
              "third-party-advisory",
              "x_refsource_JVN",
              "x_transferred"
            ],
            "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WN-G300R3",
          "vendor": "I-O DATA DEVICE, INC.",
          "versions": [
            {
              "status": "affected",
              "version": "firmware version 1.0.2 and earlier"
            }
          ]
        }
      ],
      "datePublic": "2017-08-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Use of Hard-coded Credentials",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-02T15:57:02",
        "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "shortName": "jpcert"
      },
      "references": [
        {
          "name": "JVN#51410509",
          "tags": [
            "third-party-advisory",
            "x_refsource_JVN"
          ],
          "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2283",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WN-G300R3",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "firmware version 1.0.2 and earlier"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "I-O DATA DEVICE, INC."
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Use of Hard-coded Credentials"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#51410509",
              "refsource": "JVN",
              "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
            },
            {
              "name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
              "refsource": "MISC",
              "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
    "assignerShortName": "jpcert",
    "cveId": "CVE-2017-2283",
    "datePublished": "2017-08-02T16:00:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:48:05.199Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2283\",\"sourceIdentifier\":\"vultures@jpcert.or.jp\",\"published\":\"2017-08-02T16:29:00.487\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.\"},{\"lang\":\"es\",\"value\":\"Las versiones 1.0.2 y anteriores del firmware WN-G300R3 utilizan credenciales embebidas que pueden permitir a un atacante acceder al dispositivo para ejecutar c\u00f3digo arbitrario en \u00e9l.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":5.8,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":6.5,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.0.2\",\"matchCriteriaId\":\"4FD5A09F-4D89-4F19-AB38-361E5F895CF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"185631B5-C854-4476-9061-539C67A63E58\"}]}]}],\"references\":[{\"url\":\"http://www.iodata.jp/support/information/2017/wn-g300r3_2/\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN51410509/index.html\",\"source\":\"vultures@jpcert.or.jp\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.iodata.jp/support/information/2017/wn-g300r3_2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jvn.jp/en/jp/JVN51410509/index.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

CVE-2017-2283

Vulnerability from jvndb

Published

2017-07-27 14:13

Modified

2018-01-24 14:03

Severity ?

8.8 (High) - cvssV3_0 - CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

I-O DATA WN-G300R31 uses hard-coded credentials

Details

WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN51410509/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2283
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2017-2283
	Permissions(CWE-264)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	I-O DATA DEVICE, INC.	WN-G300R3 firmware

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000188.html",
  "dc:date": "2018-01-24T14:03+09:00",
  "dcterms:issued": "2017-07-27T14:13+09:00",
  "dcterms:modified": "2018-01-24T14:03+09:00",
  "description": "WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router.  WN-G300R3 uses hard-coded credentials (CWE-798).\r\n\r\nTaizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-000188.html",
  "sec:cpe": {
    "#text": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
    "@product": "WN-G300R3 firmware",
    "@vendor": "I-O DATA DEVICE, INC.",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "8.3",
      "@severity": "High",
      "@type": "Base",
      "@vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
      "@version": "2.0"
    },
    {
      "@score": "8.8",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-000188",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN51410509/index.html",
      "@id": "JVN#51410509",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2283",
      "@id": "CVE-2017-2283",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-2283",
      "@id": "CVE-2017-2283",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-264",
      "@title": "Permissions(CWE-264)"
    }
  ],
  "title": "I-O DATA WN-G300R31 uses hard-coded credentials"
}

var-201708-0811

Vulnerability from variot

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201708-0811",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wn-g300r3",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "iodata",
        "version": "1.0.2"
      },
      {
        "model": "wn-g300r3",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "i o data device",
        "version": "version 1.0.2"
      },
      {
        "model": "wn-g300r3",
        "scope": "lte",
        "trust": 0.6,
        "vendor": "i o data device",
        "version": "\u003c=1.0.2"
      },
      {
        "model": "wn-g300r3",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "iodata",
        "version": "1.0.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:i-o_data_device:wn-g300r3_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      }
    ]
  },
  "cve": "CVE-2017-2283",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CVE-2017-2283",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.0,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Complete",
            "baseScore": 8.3,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000188",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "CNVD-2017-20140",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 6.5,
            "id": "VHN-110486",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.1,
            "id": "CVE-2017-2283",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Adjacent Network",
            "author": "IPA",
            "availabilityImpact": "High",
            "baseScore": 8.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2017-000188",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2017-2283",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2017-000188",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2017-20140",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201708-081",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-110486",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device. WN-G300R31 provided by I-O DATA DEVICE, INC. is a wireless LAN router. WN-G300R3 uses hard-coded credentials (CWE-798). Taizoh Tsukamoto of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. A hard-coded credential vulnerability exists in I-ODATADEVICEWN-G300R3 with firmware version 1.0.2 and earlier. The vulnerability stems from the fact that the program uses a hard-coded certificate",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      }
    ],
    "trust": 2.25
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2017-2283",
        "trust": 3.1
      },
      {
        "db": "JVN",
        "id": "JVN51410509",
        "trust": 3.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "id": "VAR-201708-0811",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      }
    ],
    "trust": 1.2833333
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      }
    ]
  },
  "last_update_date": "2024-08-14T15:13:28.704000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "I-O DATA DEVICE, INC. website",
        "trust": 0.8,
        "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
      },
      {
        "title": "I-ODATADEVICEWN-G300R3 hardcoded certificate vulnerability patch",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/99807"
      },
      {
        "title": "I-O DATA DEVICE WN-G300R3 Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=72355"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-798",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-264",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "https://jvn.jp/en/jp/jvn51410509/index.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2283"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-2283"
      },
      {
        "trust": 0.6,
        "url": "http://jvn.jp/en/jp/jvn51410509/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "date": "2017-08-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "date": "2017-07-27T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "date": "2017-08-02T16:29:00.487000",
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-10T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2017-20140"
      },
      {
        "date": "2017-08-07T00:00:00",
        "db": "VULHUB",
        "id": "VHN-110486"
      },
      {
        "date": "2018-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      },
      {
        "date": "2017-08-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      },
      {
        "date": "2017-08-07T21:17:56.483000",
        "db": "NVD",
        "id": "CVE-2017-2283"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "I-O DATA WN-G300R31 uses hard-coded credentials",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2017-000188"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201708-081"
      }
    ],
    "trust": 0.6
  }
}

ghsa-cqwm-2fcx-2wc7

Vulnerability from github

Published

2022-05-17 02:19

Modified

2025-04-20 03:41

Severity ?

8.0 (High) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-2283"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-798"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-08-02T16:29:00Z",
    "severity": "HIGH"
  },
  "details": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.",
  "id": "GHSA-cqwm-2fcx-2wc7",
  "modified": "2025-04-20T03:41:57Z",
  "published": "2022-05-17T02:19:31Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2283"
    },
    {
      "type": "WEB",
      "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
    },
    {
      "type": "WEB",
      "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

gsd-2017-2283

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.

Aliases

CVE-2017-2283

Aliases

CVE-2017-2283

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2283",
    "description": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.",
    "id": "GSD-2017-2283"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2283"
      ],
      "details": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device.",
      "id": "GSD-2017-2283",
      "modified": "2023-12-13T01:21:05.271981Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2017-2283",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "WN-G300R3",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "firmware version 1.0.2 and earlier"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "I-O DATA DEVICE, INC."
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Use of Hard-coded Credentials"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVN#51410509",
            "refsource": "JVN",
            "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
          },
          {
            "name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
            "refsource": "MISC",
            "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "1.0.2",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2017-2283"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded credentials which may allow an attacker that can access the device to execute arbitrary code on the device."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-798"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "JVN#51410509",
              "refsource": "JVN",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://jvn.jp/en/jp/JVN51410509/index.html"
            },
            {
              "name": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.iodata.jp/support/information/2017/wn-g300r3_2/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 6.5,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.1,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2017-08-07T21:17Z",
      "publishedDate": "2017-08-02T16:29Z"
    }
  }
}

Action not permitted

CVE-2017-2283

Vulnerability from cvelistv5

CVE-2017-2283

Vulnerability from jvndb

var-201708-0811

Vulnerability from variot

ghsa-cqwm-2fcx-2wc7

Vulnerability from github

gsd-2017-2283

Vulnerability from gsd

Tags