Vulnerability Details : CVE-2018-0512
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.
Products affected by CVE-2018-0512
- cpe:2.3:o:iodata:hdl2-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-g300r_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ax1167gr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xrw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xr2u_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xr2uw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xv_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-xvw_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-gt_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-gtr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-ah_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl2-ah_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hdl-t_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hls-c_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hvl-a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hvl-at_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hvl-ata_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hvl-s_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:hfas1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-napg_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-napga_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-napgal_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-ac1750a_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-ac1750_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:whg-ac1750al_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-gx300gr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wnpr2600g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wnpr1750g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wnpr1167g_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wnpr1167f_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ag750dgr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ag300dgr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ac1600dgr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ac1167dgr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-g300ex_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ac1300ex_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ac583trk_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-ac583rk_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:wn-g300sr_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:bx-vp1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:gv-ntx1_firmware:*:*:*:*:*:*:*:*
- cpe:2.3:o:iodata:gv-ntx2_firmware:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-0512
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 11 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-0512
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.7
|
HIGH | AV:A/AC:L/Au:S/C:C/I:C/A:C |
5.1
|
10.0
|
NIST | |
6.8
|
MEDIUM | CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
0.9
|
5.9
|
NIST |
CWE ids for CVE-2018-0512
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2018-0512
-
https://jvn.jp/en/jp/JVN36048131/index.html
JVN#36048131: Multiple I-O DATA network devices incorporating "MagicalFinder" vulnerable to OS command injectionThird Party Advisory;VDB Entry
-
http://www.iodata.jp/support/information/2018/magicalfinder/
弊社IPアドレス設定ツールにおけるセキュリティの脆弱性について | IODATA アイ・オー・データ機器Vendor Advisory
Jump to