Vulnerabilites related to fxc - ae1021pe
cve-2023-49897
Vulnerability from cvelistv5
Published
2023-12-06 06:49
Modified
2025-02-03 16:34
Severity ?
EPSS score ?
Summary
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:09:48.211Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fxc.jp/news/20231206"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU92152057/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-49897",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-12-20T05:00:54.981164Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2023-12-21",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-49897"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-03T16:34:09.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "AE1021PE",
"vendor": "FXC Inc.",
"versions": [
{
"status": "affected",
"version": "2.0.9 and earlier"
}
]
},
{
"product": "AE1021",
"vendor": "FXC Inc.",
"versions": [
{
"status": "affected",
"version": "2.0.9 and earlier"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "OS command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-22T04:06:04.193Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.fxc.jp/news/20231206"
},
{
"url": "https://jvn.jp/en/vu/JVNVU92152057/"
},
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01"
},
{
"url": "https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-49897",
"datePublished": "2023-12-06T06:49:41.752Z",
"dateReserved": "2023-12-01T02:30:49.222Z",
"dateUpdated": "2025-02-03T16:34:09.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-0679
Vulnerability from cvelistv5
Published
2018-11-15 15:00
Modified
2024-08-05 03:35
Severity ?
EPSS score ?
Summary
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.fxc.jp/news/20171228.html | x_refsource_MISC | |
| http://jvn.jp/en/jp/JVN68528150/index.html | third-party-advisory, x_refsource_JVN |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| FXC Inc. | multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) |
Version: Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:35:48.781Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"name": "JVN#68528150",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
"vendor": "FXC Inc.",
"versions": [
{
"status": "affected",
"version": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
}
]
}
],
"datePublic": "2018-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-15T14:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"name": "JVN#68528150",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-0679",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
"version": {
"version_data": [
{
"version_value": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
}
]
}
}
]
},
"vendor_name": "FXC Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.fxc.jp/news/20171228.html",
"refsource": "MISC",
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"name": "JVN#68528150",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-0679",
"datePublished": "2018-11-15T15:00:00",
"dateReserved": "2017-11-27T00:00:00",
"dateUpdated": "2024-08-05T03:35:48.781Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2023-12-06 07:15
Modified
2025-02-04 21:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | https://jvn.jp/en/vu/JVNVU92152057/ | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched | Exploit, Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01 | Third Party Advisory, US Government Resource | |
| vultures@jpcert.or.jp | https://www.fxc.jp/news/20231206 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://jvn.jp/en/vu/JVNVU92152057/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fxc.jp/news/20231206 | Release Notes, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fxc | ae1021_firmware | * | |
| fxc | ae1021 | - | |
| fxc | ae1021pe_firmware | * | |
| fxc | ae1021pe | - |
{
"cisaActionDue": "2024-01-11",
"cisaExploitAdd": "2023-12-21",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "FXC AE1021, AE1021PE OS Command Injection Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4F8B5B94-BFD2-4037-B8E2-DCD4F843AD55",
"versionEndExcluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03B391D9-2AF4-4889-BFA3-52C11B4390C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A110A774-F48F-4F4F-8EE0-FD17F94B8AB6",
"versionEndExcluding": "2.0.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB758E1E-0CF5-4CA6-9A08-2B33BF296D67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker who can log in to the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la versi\u00f3n 2.0.9 y anteriores del firmware AE1021PE y en la versi\u00f3n 2.0.9 y anteriores del firmware AE1021. Si se explota esta vulnerabilidad, un atacante puede ejecutar un comando arbitrario del sistema operativo que pueda iniciar sesi\u00f3n en el producto."
}
],
"id": "CVE-2023-49897",
"lastModified": "2025-02-04T21:22:51.923",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-06T07:15:41.883",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92152057/"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.fxc.jp/news/20231206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jvn.jp/en/vu/JVNVU92152057/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://www.akamai.com/blog/security-research/zero-day-vulnerability-spreading-mirai-patched"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-355-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://www.fxc.jp/news/20231206"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-11-15 15:29
Modified
2024-11-21 03:38
Severity ?
Summary
Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| vultures@jpcert.or.jp | http://jvn.jp/en/jp/JVN68528150/index.html | Third Party Advisory | |
| vultures@jpcert.or.jp | https://www.fxc.jp/news/20171228.html | Mitigation, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://jvn.jp/en/jp/JVN68528150/index.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fxc.jp/news/20171228.html | Mitigation, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fxc | fxc5210_firmware | * | |
| fxc | fxc5210 | - | |
| fxc | fxc5218_firmware | * | |
| fxc | fxc5218 | - | |
| fxc | fxc5224_firmware | * | |
| fxc | fxc5224 | - | |
| fxc | fxc5426f_firmware | * | |
| fxc | fxc5426f | - | |
| fxc | fxc5428_firmware | * | |
| fxc | fxc5428 | - | |
| fxc | fxc5210pe_firmware | * | |
| fxc | fxc5210pe | - | |
| fxc | fxc5218pe_firmware | * | |
| fxc | fxc5218pe | - | |
| fxc | fxc5224pe_firmware | * | |
| fxc | fxc5224pe | - | |
| fxc | ae1021_firmware | * | |
| fxc | ae1021 | - | |
| fxc | ae1021pe_firmware | * | |
| fxc | ae1021pe | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72B8C77B-756B-4DBF-8642-9CEFA3E64FAB",
"versionEndExcluding": "1.00.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C380189-64D0-4E67-A7BB-AAB484497E49",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5218_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF9D0B-4A8E-4748-8F11-BA13560F4D16",
"versionEndExcluding": "1.00.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5218:-:*:*:*:*:*:*:*",
"matchCriteriaId": "22202750-42B2-49C4-913A-109E2B4A9ED2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5224_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C14B632E-AFB3-4768-B55D-AC174A0C2EB8",
"versionEndExcluding": "1.00.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5224:-:*:*:*:*:*:*:*",
"matchCriteriaId": "17C40735-948D-49FF-BEC1-8EC5840E75D1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5426f_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8063D2B-DD96-4624-85DC-3A5707C94203",
"versionEndExcluding": "1.00.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5426f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD2A9AE2-29E8-4662-881A-A4F9C83CF15D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5428_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9845D815-58C3-4138-8F75-36B559774F47",
"versionEndExcluding": "1.00.07",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5428:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB46925-3B3D-4980-8E32-B86E978BD13C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5210pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FFF6CC07-DBEF-48C8-9369-731FDED0835B",
"versionEndExcluding": "1.00.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5210pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D6B7A903-7058-473F-B027-EC9408651BE9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5218pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB412D1-5C4D-4800-8C05-42AE9AE4495B",
"versionEndExcluding": "1.00.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5218pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C568C89C-9A39-45EE-9345-2EB406AFF932",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:fxc5224pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66703C10-C292-438A-ADCF-6966DAF1002A",
"versionEndExcluding": "1.00.14",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:fxc5224pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8077073-5A74-4512-86B1-1EB37E4C7928",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "693C65D1-F2F8-4DC7-AA47-F9A0323AA118",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03B391D9-2AF4-4889-BFA3-52C11B4390C5",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fxc:ae1021pe_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BC6562B5-862B-490D-8B2A-D0250CF5C63A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fxc:ae1021pe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BB758E1E-0CF5-4CA6-9A08-2B33BF296D67",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page."
},
{
"lang": "es",
"value": "Vulnerabilidad Cross-Site Scripting (XSS) en m\u00faltiples dispositivos de red de FXC Inc. (Managed Ethernet switch FXC5210/5218/5224 con firmware en versiones anteriores a la Ver1.00.22, Managed Ethernet switch FXC5426F con firmware en versiones anteriores a la Ver1.00.06, Managed Ethernet switch FXC5428 con firmware en versiones anteriores a la Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE con firmware en versiones anteriores a la Ver1.00.14 y Wireless LAN router AE1021/AE1021PE con firmware en todas las versiones) permite que un atacante con derechos de administrador inyecte scripts web o HTML arbitrarios mediante la p\u00e1gina administrativa."
}
],
"id": "CVE-2018-0679",
"lastModified": "2024-11-21T03:38:43.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-11-15T15:29:00.287",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.fxc.jp/news/20171228.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://jvn.jp/en/jp/JVN68528150/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
],
"url": "https://www.fxc.jp/news/20171228.html"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}