Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-1206

Summary
Assigner-jpcert
Assigner Org ID-ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At-14 May, 2016 | 16:00
Updated At-05 Aug, 2024 | 22:48
Rejected At-
Credits

The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:jpcert
Assigner Org ID:ede6fdc4-6654-4307-a26d-3331c018e2ce
Published At:14 May, 2016 | 16:00
Updated At:05 Aug, 2024 | 22:48
Rejected At:
▼CVE Numbering Authority (CNA)

The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://jvn.jp/en/jp/JVN25674893/index.html
third-party-advisory
x_refsource_JVN
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
third-party-advisory
x_refsource_JVNDB
http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
x_refsource_CONFIRM
Hyperlink: http://jvn.jp/en/jp/JVN25674893/index.html
Resource:
third-party-advisory
x_refsource_JVN
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
Resource:
third-party-advisory
x_refsource_JVNDB
Hyperlink: http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://jvn.jp/en/jp/JVN25674893/index.html
third-party-advisory
x_refsource_JVN
x_transferred
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
third-party-advisory
x_refsource_JVNDB
x_transferred
http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
x_refsource_CONFIRM
x_transferred
Hyperlink: http://jvn.jp/en/jp/JVN25674893/index.html
Resource:
third-party-advisory
x_refsource_JVN
x_transferred
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
Resource:
third-party-advisory
x_refsource_JVNDB
x_transferred
Hyperlink: http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:vultures@jpcert.or.jp
Published At:14 May, 2016 | 16:59
Updated At:12 Apr, 2025 | 10:46

The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, WN-GDN/R3-S, and WN-GDN/R3-U devices does not limit PIN guesses, which allows remote attackers to obtain network access via a brute-force attack.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.04.3MEDIUM
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Primary2.03.3LOW
AV:A/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Type: Primary
Version: 2.0
Base score: 3.3
Base severity: LOW
Vector:
AV:A/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
iodata
iodata
>>wn-gdn\/r3_firmware>>-
cpe:2.3:o:iodata:wn-gdn\/r3_firmware:-:*:*:*:*:*:*:*
iodata
iodata
>>wn-gdn\/r3>>-
cpe:2.3:h:iodata:wn-gdn\/r3:-:*:*:*:*:*:*:*
iodata
iodata
>>wn-gdn\/r3-c>>-
cpe:2.3:h:iodata:wn-gdn\/r3-c:-:*:*:*:*:*:*:*
iodata
iodata
>>wn-gdn\/r3-s>>-
cpe:2.3:h:iodata:wn-gdn\/r3-s:-:*:*:*:*:*:*:*
iodata
iodata
>>wn-gdn\/r3-u>>-
cpe:2.3:h:iodata:wn-gdn\/r3-u:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://jvn.jp/en/jp/JVN25674893/index.htmlvultures@jpcert.or.jp
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061vultures@jpcert.or.jp
Vendor Advisory
http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/vultures@jpcert.or.jp
Vendor Advisory
http://jvn.jp/en/jp/JVN25674893/index.htmlaf854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN25674893/index.html
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
Source: vultures@jpcert.or.jp
Resource:
Vendor Advisory
Hyperlink: http://jvn.jp/en/jp/JVN25674893/index.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://jvndb.jvn.jp/jvndb/JVNDB-2016-000061
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.iodata.jp/support/information/2016/wn-gdnr3_bfa/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

71Records found
CVE-2009-0358
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.3||LOW
EPSS-0.19% / 41.35%
||
7 Day CHG~0.00%
Published-04 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) no-store and (2) no-cache Cache-Control directives, which allows local users to obtain sensitive information by using the (a) back button or (b) history list of the victim's browser, as demonstrated by reading the response page of an https POST request.

Action-Not Available
Vendor-n/aMozilla Corporation
Product-firefoxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-13055
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 39.79%
||
7 Day CHG~0.00%
Published-29 Jun, 2019 | 19:07
Updated-04 Aug, 2024 | 23:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain Logitech Unifying devices allow attackers to dump AES keys and addresses, leading to the capability of live decryption of Radio Frequency transmissions, as demonstrated by an attack against a Logitech K360 keyboard.

Action-Not Available
Vendor-logitechn/a
Product-unifying_receiverk360_firmwareunifying_receiver_firmwarek360n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-8860
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-6.5||MEDIUM
EPSS-0.20% / 42.70%
||
7 Day CHG~0.00%
Published-09 May, 2018 | 21:00
Updated-17 Sep, 2024 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be able to capture firmware updates through the adjacent network.

Action-Not Available
Vendor-vecnaICS-CERT
Product-vgo_firmwarevgoVGo Robot
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-7921
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-6.5||MEDIUM
EPSS-2.64% / 85.16%
||
7 Day CHG~0.00%
Published-12 Sep, 2018 | 15:00
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-b315s-22b315s-22_firmwareB315s-22
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-3621
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.55%
||
7 Day CHG~0.00%
Published-14 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 04:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input validation in the Intel Driver & Support Assistant before 3.6.0.4 may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

Action-Not Available
Vendor-Intel Corporation
Product-driver\&support_assistantIntel Driver & Support Assistant
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21143
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 20:59
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR GS810EMX devices before 1.0.0.5 are affected by disclosure of sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs810emx_firmwaregs810emxn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-21129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 17:34
Updated-05 Aug, 2024 | 12:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac505_firmwarewac510_firmwarewac505wac510n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-16866
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.30%
||
7 Day CHG~0.00%
Published-11 Jan, 2019 | 19:00
Updated-09 Jun, 2025 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An out of bounds read was discovered in systemd-journald in the way it parses log messages that terminate with a colon ':'. A local attacker can use this flaw to disclose process memory data. Versions from v221 to v239 are vulnerable.

Action-Not Available
Vendor-systemd_projectThe systemd ProjectNetApp, Inc.Canonical Ltd.Debian GNU/LinuxRed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxenterprise_linux_server_update_services_for_sap_solutionsenterprise_linux_server_ausenterprise_linuxsystemdenterprise_linux_for_ibm_z_systems_\(structure_a\)enterprise_linux_desktopactive_iq_performance_analytics_servicesenterprise_linux_compute_node_euselement_softwareenterprise_linux_for_scientific_computingdebian_linuxenterprise_linux_workstationenterprise_linux_for_power_little_endian_eusenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsenterprise_linux_for_power_big_endian_eusenterprise_linux_server_tusenterprise_linux_for_power_little_endianenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endiansystemd
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-16192
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 27.35%
||
7 Day CHG~0.00%
Published-09 Jan, 2019 | 22:00
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aterm WF1200CR and Aterm WG1200CR (Aterm WF1200CR firmware Ver1.1.1 and earlier, Aterm WG1200CR firmware Ver1.0.1 and earlier) allow an attacker on the same network segment to obtain information registered on the device via unspecified vectors.

Action-Not Available
Vendor-NEC Corporation
Product-aterm_wf1200craterm_wg1200craterm_wg1200cr_firmwareaterm_wf1200cr_firmwareAterm WF1200CR and Aterm WG1200CR
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-16264
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 43.60%
||
7 Day CHG~0.00%
Published-22 Jan, 2020 | 12:42
Updated-05 Aug, 2024 | 10:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The BlueZ system service in Tizen allows an unprivileged process to partially control Bluetooth or acquire sensitive information, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, and Tizen-based firmwares including Samsung Galaxy Gear series before build RE2.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncSamsung
Product-galaxy_geartizenn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-12716
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.53%
||
7 Day CHG~0.00%
Published-25 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request.

Action-Not Available
Vendor-n/aGoogle LLC
Product-home_firmwarechromecast_firmwarehomechromecastn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-10919
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-4.3||MEDIUM
EPSS-2.60% / 85.05%
||
7 Day CHG~0.00%
Published-22 Aug, 2018 | 17:00
Updated-05 Aug, 2024 | 07:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.

Action-Not Available
Vendor-Canonical Ltd.Debian GNU/LinuxSamba
Product-ubuntu_linuxdebian_linuxsambasamba
CWE ID-CWE-203
Observable Discrepancy
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-0014
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.55%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 16:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ScreenOS: Etherleak vulnerability found on ScreenOS device

Juniper Networks ScreenOS devices do not pad Ethernet packets with zeros, and thus some packets can contain fragments of system memory or data from previous packets. This issue is often detected as CVE-2003-0001. The issue affects all versions of Juniper Networks ScreenOS prior to 6.3.0r25.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-screenosScreenOS
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9477
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.16% / 36.98%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST) and DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST) devices allows remote attackers to discover the CM MAC address by connecting to the device's xfinitywifi hotspot.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-dpc3939_firmwaredpc3939n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-9476
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-16.07% / 94.53%
||
7 Day CHG~0.00%
Published-31 Jul, 2017 | 03:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Comcast firmware on Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421733-160420a-CMCST); Cisco DPC3939 (firmware version dpc3939-P20-18-v303r20421746-170221a-CMCST); and Arris TG1682G (eMTA&DOCSIS version 10.0.132.SIP.PC20.CT, software version TG1682_2.2p7s2_PROD_sey) devices makes it easy for remote attackers to determine the hidden SSID and passphrase for a Home Security Wi-Fi network.

Action-Not Available
Vendor-commscopen/aCisco Systems, Inc.
Product-dpc3939_firmwarearris_tg1682gdpc3939arris_tg1682g_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-37190
Matching Score-4
Assigner-Siemens
ShareView Details
Matching Score-4
Assigner-Siemens
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 23.10%
||
7 Day CHG~0.00%
Published-14 Sep, 2021 | 10:47
Updated-23 Apr, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

Action-Not Available
Vendor-Siemens AG
Product-sinema_remote_connect_serverSINEMA Remote Connect Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18710
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.38%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:47
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by disclosure of sensitive information. This affects R8300 before 1.0.2.106 and R8500 before 1.0.2.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8300_firmwarer8300r8500_firmwarer8500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18712
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:35
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D7800 before 1.0.1.28, R6100 before 1.0.1.20, R7500 before 1.0.0.118, R7500v2 before 1.0.3.20, R7800 before 1.0.2.40, R9000 before 1.0.2.52, WNDR4300v2 before 1.0.0.48, and WNDR4500v3 before 1.0.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarer7800d7800_firmwarer9000_firmwarewndr4500r6100wndr4300r7800_firmwarewndr4500_firmwared7800r6100_firmwarer9000wndr4300_firmwarer7500n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18704
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.18% / 40.01%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:05
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects D6220 before 1.0.0.32, D6400 before 1.0.0.60, D8500 before 1.0.3.29, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R6900P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8500 before 1.0.2.106, R8300 before 1.0.2.106, and WNDR3400v3 before 1.0.1.16.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8000r6400_firmwarer6900pr7100lgr7900r6900p_firmwarewndr3400d6220r8500_firmwarer7100lg_firmwarer7300dst_firmwarer8300r7000_firmwared6400_firmwarer7300dstd6220_firmwarer6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d8500wndr3400_firmwarer6700r8300_firmwarer7000r6900d6400r7000pr6900_firmwarer7900_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18752
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.08% / 24.99%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 16:15
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects EX3700 before 1.0.0.64, EX3800 before 1.0.0.64, EX6120 before 1.0.0.32, EX6130 before 1.0.0.16, R6300v2 before 1.0.4.12, R6700 before 1.0.1.26, R6900 before 1.0.1.22, R7000 before 1.0.9.6, R7300DST before 1.0.0.52, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.94.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500ex6130_firmwarer6700r8000r7000ex3800_firmwarer7900r6900ex3700r8500_firmwarer7300dst_firmwarer6900_firmwareex3800r7900_firmwarer7000_firmwareex3700_firmwarer6300r7300dstex6120r6300_firmwarer6700_firmwareex6130ex6120_firmwarer8000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-18766
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.79%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 15:40
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This affects DST6501 before 1.1.0.6 and WNR2000v2 before 1.2.0.8.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-dst6501dst6501_firmwarewnr2000wnr2000_firmwaren/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • Next
Details not found