VAR-201604-0066
Vulnerability from variot - Updated: 2023-12-18 13:24The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. AccuenergyAcuvim II and IIR are Accuenergy's multi-function network power meters, which provide power parameter measurement, four-quadrant energy metering and over-limit alarms. AXN-NET is one of the Ethernet module accessories. Accuenergy Acuvim II\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. Attackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201604-0066",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "acuvim iir net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii net",
"scope": "lte",
"trust": 1.0,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": null,
"trust": 0.8,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim iir net",
"scope": "eq",
"trust": 0.8,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "iir axn-net",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": "3.08"
},
{
"model": "acuvim iir",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
},
{
"model": "acuvim ii",
"scope": "eq",
"trust": 0.6,
"vendor": "accuenergy",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_iir:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_iir_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:accuenergy:acuvim_ii:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:accuenergy:acuvim_ii_net_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.08",
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Maxim Rupp",
"sources": [
{
"db": "BID",
"id": "86082"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.9
},
"cve": "CVE-2016-2293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2016-2293",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-02339",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-91112",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "Low",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2016-2293",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2016-2293",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-02339",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201604-323",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-91112",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2016-2293",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. AccuenergyAcuvim II and IIR are Accuenergy\u0027s multi-function network power meters, which provide power parameter measurement, four-quadrant energy metering and over-limit alarms. AXN-NET is one of the Ethernet module accessories. Accuenergy Acuvim II\\IIR series are prone to multiple authentication-bypass vulnerabilities and an information-disclosure vulnerability. \nAttackers may exploit these issues to gain unauthorized access to restricted content by bypassing intended security restrictions or to obtain sensitive information that may aid in launching further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2016-2293",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-16-105-02",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-02339",
"trust": 0.6
},
{
"db": "BID",
"id": "86082",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-91112",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2016-2293",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"id": "VAR-201604-0066",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
}
],
"trust": 1.3527777749999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
}
]
},
"last_update_date": "2023-12-18T13:24:39.237000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.accuenergy.com/"
},
{
"title": "Patch for modifying the vulnerability of AccuenergyAcuvimII and IIRAXN-NET modules",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/74345"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.3,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-16-105-02"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-2293"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-2293"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/86082"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"db": "VULHUB",
"id": "VHN-91112"
},
{
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"db": "BID",
"id": "86082"
},
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULHUB",
"id": "VHN-91112"
},
{
"date": "2016-04-21T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"date": "2016-04-21T11:00:10.103000",
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-04-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-02339"
},
{
"date": "2016-04-28T00:00:00",
"db": "VULHUB",
"id": "VHN-91112"
},
{
"date": "2016-04-28T00:00:00",
"db": "VULMON",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-14T00:00:00",
"db": "BID",
"id": "86082"
},
{
"date": "2016-05-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2016-002359"
},
{
"date": "2016-04-28T18:06:02.143000",
"db": "NVD",
"id": "CVE-2016-2293"
},
{
"date": "2016-04-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Accuenergy Acuvim II and Acuvim IIR of NET Firmware AXM-NET Vulnerabilities whose settings are acquired in modules",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2016-002359"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201604-323"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…