CVE-2017-2133

SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or HJB1000_4.47 allows authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

Published : 2017-10-20 11:29 Updated : 2017-11-07 20:24

6.5
CVSS Score More info
Score 6.5 / 10
6.5
Vendor Product Version URI
Panasonic Kx-hjb1000 Firmware ghx1yg_14.50 cpe:/o:panasonic:kx-hjb1000_firmware:ghx1yg_14.50
Panasonic Kx-hjb1000 Firmware hjb1000_4.47 cpe:/o:panasonic:kx-hjb1000_firmware:hjb1000_4.47
  1. Panasonic (1) Search CVE
    1. Kx-hjb1000 Firmware (2) Search CVE
      1. Ghx1yg_14.50
      2. Hjb1000_4.47

CWE

ID Name Description Links
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. CVE

History of changes

Date Event
2017-11-07 20:24
2017-10-28 01:29
2017-10-20 11:29

New CVE