Lucene search

JpcertCVE-2018-0679

HistoryNov 15, 2018 - 3:29 p.m.

CVE-2018-0679

2018-11-1515:29:00

CWE-79

jpcert

web.nvd.nist.gov

cve-2018-0679

fxc inc.

network devices

cross-site scripting

vulnerability

firmware

poe switch

lan router

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Cross-site scripting vulnerability in multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions) allows attacker with administrator rights to inject arbitrary web script or HTML via the administrative page.

Affected configurations

Nvd

Node

fxcfxc5210Match-

AND

fxcfxc5210_firmwareRange<1.00.22

Node

fxcfxc5218Match-

AND

fxcfxc5218_firmwareRange<1.00.22

Node

fxcfxc5224Match-

AND

fxcfxc5224_firmwareRange<1.00.22

Node

fxcfxc5426fMatch-

AND

fxcfxc5426f_firmwareRange<1.00.06

Node

fxcfxc5428Match-

AND

fxcfxc5428_firmwareRange<1.00.07

Node

fxcfxc5210peMatch-

AND

fxcfxc5210pe_firmwareRange<1.00.14

Node

fxcfxc5218peMatch-

AND

fxcfxc5218pe_firmwareRange<1.00.14

Node

fxcfxc5224peMatch-

AND

fxcfxc5224pe_firmwareRange<1.00.14

Node

fxcae1021_firmware

AND

fxcae1021Match-

Node

fxcae1021pe_firmware

AND

fxcae1021peMatch-

VendorProductVersionCPE
fxcfxc5210-cpe:2.3:h:fxc:fxc5210:-:*:*:*:*:*:*:*
fxcfxc5210_firmware*cpe:2.3:o:fxc:fxc5210_firmware:*:*:*:*:*:*:*:*
fxcfxc5218-cpe:2.3:h:fxc:fxc5218:-:*:*:*:*:*:*:*
fxcfxc5218_firmware*cpe:2.3:o:fxc:fxc5218_firmware:*:*:*:*:*:*:*:*
fxcfxc5224-cpe:2.3:h:fxc:fxc5224:-:*:*:*:*:*:*:*
fxcfxc5224_firmware*cpe:2.3:o:fxc:fxc5224_firmware:*:*:*:*:*:*:*:*
fxcfxc5426f-cpe:2.3:h:fxc:fxc5426f:-:*:*:*:*:*:*:*
fxcfxc5426f_firmware*cpe:2.3:o:fxc:fxc5426f_firmware:*:*:*:*:*:*:*:*
fxcfxc5428-cpe:2.3:h:fxc:fxc5428:-:*:*:*:*:*:*:*
fxcfxc5428_firmware*cpe:2.3:o:fxc:fxc5428_firmware:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fxc	fxc5210	-	cpe:2.3:h:fxc:fxc5210:-:::::::*
fxc	fxc5210_firmware	*	cpe:2.3:o:fxc:fxc5210_firmware::::::::
fxc	fxc5218	-	cpe:2.3:h:fxc:fxc5218:-:::::::*
fxc	fxc5218_firmware	*	cpe:2.3:o:fxc:fxc5218_firmware::::::::
fxc	fxc5224	-	cpe:2.3:h:fxc:fxc5224:-:::::::*
fxc	fxc5224_firmware	*	cpe:2.3:o:fxc:fxc5224_firmware::::::::
fxc	fxc5426f	-	cpe:2.3:h:fxc:fxc5426f:-:::::::*
fxc	fxc5426f_firmware	*	cpe:2.3:o:fxc:fxc5426f_firmware::::::::
fxc	fxc5428	-	cpe:2.3:h:fxc:fxc5428:-:::::::*
fxc	fxc5428_firmware	*	cpe:2.3:o:fxc:fxc5428_firmware::::::::

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "product": "multiple FXC Inc. network devices (Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions)",
    "vendor": "FXC Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "Managed Ethernet switch FXC5210/5218/5224 firmware prior to version Ver1.00.22, Managed Ethernet switch FXC5426F firmware prior to version Ver1.00.06, Managed Ethernet switch FXC5428 firmware prior to version Ver1.00.07, Power over Ethernet (PoE) switch FXC5210PE/5218PE/5224PE firmware prior to version Ver1.00.14, and Wireless LAN router AE1021/AE1021PE firmware all versions"
      }
    ]
  }
]

References

jvn.jp/en/jp/JVN68528150/index.html

www.fxc.jp/news/20171228.html

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

4.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

AI Score

Confidence

High

EPSS

0.001

Percentile

22.7%

JSON

Related for CVE-2018-0679