CVE-2018-0512

CVSS V2 High 7.7 CVSS V3 Medium 6.8
Description
Devices with IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC. allow authenticated attackers to execute arbitrary OS commands via unspecified vectors.
Overview
  • CVE ID
  • CVE-2018-0512
  • Assigner
  • vultures@jpcert.or.jp
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2018-02-08T14:29:00
  • Last Modified Date
  • 2018-03-06T13:41:37
Weakness Enumerations
CWE URL
CWE-78 http://cwe.mitre.org/data/definitions/78.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
AND
cpe:2.3:o:iodata:hdl-xr_firmware:*:*:*:*:*:*:*:* 1 OR 2.01
cpe:2.3:h:iodata:hdl-xr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-xrw_firmware:*:*:*:*:*:*:*:* 1 OR 2.01
cpe:2.3:h:iodata:hdl-xrw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-xr2u_firmware:*:*:*:*:*:*:*:* 1 OR 2.01
cpe:2.3:h:iodata:hdl-xr2u:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-xr2uw_firmware:*:*:*:*:*:*:*:* 1 OR 2.01
cpe:2.3:h:iodata:hdl-xr2uw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-xv_firmware:*:*:*:*:*:*:*:* 1 OR 1.50
cpe:2.3:h:iodata:hdl-xv:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-xvw_firmware:*:*:*:*:*:*:*:* 1 OR 1.50
cpe:2.3:h:iodata:hdl-xvw:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-gt_firmware:*:*:*:*:*:*:*:* 1 OR 1.37
cpe:2.3:h:iodata:hdl-gt:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-gtr_firmware:*:*:*:*:*:*:*:* 1 OR 1.37
cpe:2.3:h:iodata:hdl-gtr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-a_firmware:*:*:*:*:*:*:*:* 1 OR 1.26
cpe:2.3:h:iodata:hdl-a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-ah_firmware:*:*:*:*:*:*:*:* 1 OR 1.26
cpe:2.3:h:iodata:hdl-ah:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl2-a_firmware:*:*:*:*:*:*:*:* 1 OR 1.26
cpe:2.3:h:iodata:hdl2-a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl2-ah_firmware:*:*:*:*:*:*:*:* 1 OR 1.26
cpe:2.3:h:iodata:hdl2-ah:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hdl-t_firmware:*:*:*:*:*:*:*:* 1 OR 1.12
cpe:2.3:h:iodata:hdl-t:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hls-c_firmware:*:*:*:*:*:*:*:* 1 OR 1.12
cpe:2.3:h:iodata:hls-c:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hvl-a_firmware:*:*:*:*:*:*:*:* 1 OR 2.04
cpe:2.3:h:iodata:hvl-a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hvl-at_firmware:*:*:*:*:*:*:*:* 1 OR 2.04
cpe:2.3:h:iodata:hvl-at:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hvl-ata_firmware:*:*:*:*:*:*:*:* 1 OR 2.04
cpe:2.3:h:iodata:hvl-ata:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hvl-s_firmware:*:*:*:*:*:*:*:* 1 OR 1.00
cpe:2.3:h:iodata:hvl-s:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:hfas1_firmware:*:*:*:*:*:*:*:* 1 OR 1.40
cpe:2.3:h:iodata:hfas1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-napg_firmware:*:*:*:*:*:*:*:* 1 OR 1.08
cpe:2.3:h:iodata:whg-napg:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-napga_firmware:*:*:*:*:*:*:*:* 1 OR 1.08
cpe:2.3:h:iodata:whg-napga:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-napgal_firmware:*:*:*:*:*:*:*:* 1 OR 1.05
cpe:2.3:h:iodata:whg-napgal:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-ac1750a_firmware:*:*:*:*:*:*:*:* 1 OR 3.00
cpe:2.3:h:iodata:whg-ac1750a:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-ac1750_firmware:*:*:*:*:*:*:*:* 1 OR 1.07
cpe:2.3:h:iodata:whg-ac1750:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:whg-ac1750al_firmware:*:*:*:*:*:*:*:* 1 OR 1.07
cpe:2.3:h:iodata:whg-ac1750al:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ax1167gr_firmware:*:*:*:*:*:*:*:* 1 OR 3.11
cpe:2.3:h:iodata:wn-ax1167gr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-gx300gr_firmware:*:*:*:*:*:*:*:* 1 OR 2.00
cpe:2.3:h:iodata:wn-gx300gr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wnpr2600g_firmware:*:*:*:*:*:*:*:* 1 OR 1.01
cpe:2.3:h:iodata:wnpr2600g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wnpr1750g_firmware:*:*:*:*:*:*:*:* 1 OR 1.01
cpe:2.3:h:iodata:wnpr1750g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wnpr1167g_firmware:*:*:*:*:*:*:*:* 1 OR 1.00
cpe:2.3:h:iodata:wnpr1167g:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wnpr1167f_firmware:*:*:*:*:*:*:*:* 1 OR 1.00
cpe:2.3:h:iodata:wnpr1167f:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ag750dgr_firmware:*:*:*:*:*:*:*:* 1 OR 1.08
cpe:2.3:h:iodata:wn-ag750dgr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-g300r_firmware:*:*:*:*:*:*:*:* 1 OR 1.14
cpe:2.3:h:iodata:wn-g300r:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-g300r3_firmware:*:*:*:*:*:*:*:* 1 OR 1.04
cpe:2.3:h:iodata:wn-g300r3:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ag300dgr_firmware:*:*:*:*:*:*:*:* 1 OR 1.05
cpe:2.3:h:iodata:wn-ag300dgr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ac1600dgr_firmware:*:*:*:*:*:*:*:* 1 OR 2.06
cpe:2.3:h:iodata:wn-ac1600dgr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ac1167dgr_firmware:*:*:*:*:*:*:*:* 1 OR 1.02
cpe:2.3:h:iodata:wn-ac1167dgr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-g300ex_firmware:*:*:*:*:*:*:*:* 1 OR 1.01
cpe:2.3:h:iodata:wn-g300ex:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ac1300ex_firmware:*:*:*:*:*:*:*:* 1 OR 1.02
cpe:2.3:h:iodata:wn-ac1300ex:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ac583trk_firmware:*:*:*:*:*:*:*:* 1 OR 1.05
cpe:2.3:h:iodata:wn-ac583trk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-ac583rk_firmware:*:*:*:*:*:*:*:* 1 OR 1.06
cpe:2.3:h:iodata:wn-ac583rk:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:wn-g300sr_firmware:*:*:*:*:*:*:*:* 1 OR 1.00
cpe:2.3:h:iodata:wn-g300sr:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:bx-vp1_firmware:*:*:*:*:*:*:*:* 1 OR 2.01
cpe:2.3:h:iodata:bx-vp1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:gv-ntx1_firmware:*:*:*:*:*:*:*:* 1 OR 1.02.00
cpe:2.3:h:iodata:gv-ntx1:-:*:*:*:*:*:*:* 0 OR
AND
cpe:2.3:o:iodata:gv-ntx2_firmware:*:*:*:*:*:*:*:* 1 OR 1.02.00
cpe:2.3:h:iodata:gv-ntx2:-:*:*:*:*:*:*:* 0 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:A/AC:L/Au:S/C:C/I:C/A:C
  • Access Vector
  • ADJACENT_NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • SINGLE
  • Confidentiality Impact
  • COMPLETE
  • Integrity Impact
  • COMPLETE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.7
  • Severity
  • HIGH
  • Exploitability Score
  • 5.1
  • Impact Score
  • 10
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Attack Vector
  • ADJACENT_NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • HIGH
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • HIGH
  • Availability Impact
  • HIGH
  • Base Score
  • 6.8
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 0.9
  • Impact Score
  • 5.9
References
Reference URL Reference Tags
https://jvn.jp/en/jp/JVN36048131/index.html Third Party Advisory VDB Entry
http://www.iodata.jp/support/information/2018/magicalfinder/ Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2018-0512
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0512
History
Created Old Value New Value Data Type Notes
2022-05-10 18:47:51 Added to TrackCVE
2022-12-03 01:54:08 2018-02-08T14:29Z 2018-02-08T14:29:00 CVE Published Date updated
2022-12-03 01:54:08 2018-03-06T13:41:37 CVE Modified Date updated
2022-12-03 01:54:08 Analyzed Vulnerability Status updated