Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
161 vulnerabilities by belkin
CVE-2026-4167 (GCVE-0-2026-4167)
Vulnerability from nvd – Published: 2026-03-15 05:32 – Updated: 2026-03-17 13:48
VLAI
Title
Belkin F9K1122 formReboot stack-based overflow
Summary
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351074 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.351074 | signaturepermissions-required |
| https://vuldb.com/?submit.769727 | third-party-advisory |
| https://github.com/Litengzheng/vul_db/blob/main/B… | related |
| https://github.com/Litengzheng/vul_db/blob/main/B… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4167",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T13:48:03.295126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T13:48:43.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:belkin:f9k1122_firmware:*:*:*:*:*:*:*:*"
],
"product": "F9K1122",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "1.00.33"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LtzHust2 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-15T05:32:10.557Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351074 | Belkin F9K1122 formReboot stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.351074"
},
{
"name": "VDB-351074 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351074"
},
{
"name": "Submit #769727 | Belkin F9K1122 1.00.33 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769727"
},
{
"tags": [
"related"
],
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md#proof-of-concept-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-14T13:37:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin F9K1122 formReboot stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4167",
"datePublished": "2026-03-15T05:32:10.557Z",
"dateReserved": "2026-03-14T12:32:38.218Z",
"dateUpdated": "2026-03-17T13:48:43.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9379 (GCVE-0-2025-9379)
Vulnerability from nvd – Published: 2025-08-24 06:32 – Updated: 2025-08-25 20:22
VLAI
Title
Belkin AX1800 Firmware Update data authenticity
Summary
A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321212 | vdb-entry |
| https://vuldb.com/?ctiid.321212 | signaturepermissions-required |
| https://vuldb.com/?submit.628641 | third-party-advisory |
| https://github.com/IOTRes/IOT_Firmware_Update/blo… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:22:20.066387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:22:36.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Firmware Update Handler"
],
"product": "AX1800",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "1.1.00.016"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "IOT_Res (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Belkin AX1800 1.1.00.016 gefunden. Dies betrifft einen unbekannten Teil der Komponente Firmware Update Handler. Durch Beeinflussen mit unbekannten Daten kann eine insufficient verification of data authenticity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T06:32:06.208Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321212 | Belkin AX1800 Firmware Update data authenticity",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321212"
},
{
"name": "VDB-321212 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321212"
},
{
"name": "Submit #628641 | Belkin AX1800 WiFi 6 Router V1.1.00.016 CWE-20 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628641"
},
{
"tags": [
"patch"
],
"url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Belkin/AX1800.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:00:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin AX1800 Firmware Update data authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9379",
"datePublished": "2025-08-24T06:32:06.208Z",
"dateReserved": "2025-08-23T14:55:35.639Z",
"dateUpdated": "2025-08-25T20:22:36.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8730 (GCVE-0-2025-8730)
Vulnerability from nvd – Published: 2025-08-08 14:32 – Updated: 2025-08-08 14:51
VLAI
Title
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
Summary
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
9.8 (Critical)
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.319226 | vdb-entry |
| https://vuldb.com/?ctiid.319226 | signaturepermissions-required |
| https://vuldb.com/?submit.621747 | third-party-advisory |
| https://vuldb.com/?submit.621748 | third-party-advisory |
| https://vuldb.com/?submit.621760 | third-party-advisory |
| https://github.com/Nicholas-wei/bug-discovery/blo… | related |
| https://github.com/Nicholas-wei/bug-discovery/blo… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T14:51:44.482035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:51:56.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "F9K1009",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "2.00.04"
},
{
"status": "affected",
"version": "2.00.09"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "F9K1010",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "2.00.04"
},
{
"status": "affected",
"version": "2.00.09"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nich0las (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Web Interface. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:32:05.215Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319226 | Belkin F9K1009/F9K1010 Web Interface hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319226"
},
{
"name": "VDB-319226 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319226"
},
{
"name": "Submit #621747 | Belkin F9K1009 F9K1009_WW_2.00.09 Use of Hard-coded Password",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621747"
},
{
"name": "Submit #621748 | belkin F9K1010 F9K1010_WW_2.00.04 Use of Hard-coded Password (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621748"
},
{
"name": "Submit #621760 | belkin F9K1010 F9K1010_WW_2.00.04 Use of Weak Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621760"
},
{
"tags": [
"related"
],
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1009_WW_2.00.09/belkin%20F9K1009_WW_2.00.09_hardcoded_credential.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1010_WW_2.00.04/belkin_F9K1010_WW_2.00.04_hardcoded_credential.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T09:45:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin F9K1009/F9K1010 Web Interface hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8730",
"datePublished": "2025-08-08T14:32:05.215Z",
"dateReserved": "2025-08-08T07:40:01.538Z",
"dateUpdated": "2025-08-08T14:51:56.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2026-4167 (GCVE-0-2026-4167)
Vulnerability from cvelistv5 – Published: 2026-03-15 05:32 – Updated: 2026-03-17 13:48
VLAI
Title
Belkin F9K1122 formReboot stack-based overflow
Summary
A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.351074 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.351074 | signaturepermissions-required |
| https://vuldb.com/?submit.769727 | third-party-advisory |
| https://github.com/Litengzheng/vul_db/blob/main/B… | related |
| https://github.com/Litengzheng/vul_db/blob/main/B… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-4167",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-17T13:48:03.295126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-17T13:48:43.966Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:o:belkin:f9k1122_firmware:*:*:*:*:*:*:*:*"
],
"product": "F9K1122",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "1.00.33"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "LtzHust2 (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Belkin F9K1122 1.00.33. This affects the function formReboot of the file /goform/formReboot. This manipulation of the argument webpage causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 9,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-119",
"description": "Memory Corruption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-15T05:32:10.557Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-351074 | Belkin F9K1122 formReboot stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.351074"
},
{
"name": "VDB-351074 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.351074"
},
{
"name": "Submit #769727 | Belkin F9K1122 1.00.33 Stack-based Buffer Overflow",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.769727"
},
{
"tags": [
"related"
],
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Litengzheng/vul_db/blob/main/Belkin/vul_152/README.md#proof-of-concept-poc"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-03-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-03-14T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-03-14T13:37:42.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin F9K1122 formReboot stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-4167",
"datePublished": "2026-03-15T05:32:10.557Z",
"dateReserved": "2026-03-14T12:32:38.218Z",
"dateUpdated": "2026-03-17T13:48:43.966Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-9379 (GCVE-0-2025-9379)
Vulnerability from cvelistv5 – Published: 2025-08-24 06:32 – Updated: 2025-08-25 20:22
VLAI
Title
Belkin AX1800 Firmware Update data authenticity
Summary
A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-345 - Insufficient Verification of Data Authenticity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.321212 | vdb-entry |
| https://vuldb.com/?ctiid.321212 | signaturepermissions-required |
| https://vuldb.com/?submit.628641 | third-party-advisory |
| https://github.com/IOTRes/IOT_Firmware_Update/blo… | patch |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-9379",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-25T20:22:20.066387Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-25T20:22:36.309Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Firmware Update Handler"
],
"product": "AX1800",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "1.1.00.016"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "IOT_Res (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in Belkin AX1800 1.1.00.016. Affected by this vulnerability is an unknown functionality of the component Firmware Update Handler. This manipulation causes insufficient verification of data authenticity. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Belkin AX1800 1.1.00.016 gefunden. Dies betrifft einen unbekannten Teil der Komponente Firmware Update Handler. Durch Beeinflussen mit unbekannten Daten kann eine insufficient verification of data authenticity-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 8.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 8.3,
"vectorString": "AV:N/AC:L/Au:M/C:C/I:C/A:C/E:ND/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-345",
"description": "Insufficient Verification of Data Authenticity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-24T06:32:06.208Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-321212 | Belkin AX1800 Firmware Update data authenticity",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.321212"
},
{
"name": "VDB-321212 | CTI Indicators (IOB, IOC)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.321212"
},
{
"name": "Submit #628641 | Belkin AX1800 WiFi 6 Router V1.1.00.016 CWE-20 Improper Input Validation",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.628641"
},
{
"tags": [
"patch"
],
"url": "https://github.com/IOTRes/IOT_Firmware_Update/blob/main/Belkin/AX1800.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-23T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-23T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-23T17:00:39.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin AX1800 Firmware Update data authenticity"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-9379",
"datePublished": "2025-08-24T06:32:06.208Z",
"dateReserved": "2025-08-23T14:55:35.639Z",
"dateUpdated": "2025-08-25T20:22:36.309Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-8730 (GCVE-0-2025-8730)
Vulnerability from cvelistv5 – Published: 2025-08-08 14:32 – Updated: 2025-08-08 14:51
VLAI
Title
Belkin F9K1009/F9K1010 Web Interface hard-coded credentials
Summary
A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity
9.8 (Critical)
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.319226 | vdb-entry |
| https://vuldb.com/?ctiid.319226 | signaturepermissions-required |
| https://vuldb.com/?submit.621747 | third-party-advisory |
| https://vuldb.com/?submit.621748 | third-party-advisory |
| https://vuldb.com/?submit.621760 | third-party-advisory |
| https://github.com/Nicholas-wei/bug-discovery/blo… | related |
| https://github.com/Nicholas-wei/bug-discovery/blo… | exploit |
Impacted products
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-8730",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-08-08T14:51:44.482035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:51:56.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Web Interface"
],
"product": "F9K1009",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "2.00.04"
},
{
"status": "affected",
"version": "2.00.09"
}
]
},
{
"modules": [
"Web Interface"
],
"product": "F9K1010",
"vendor": "Belkin",
"versions": [
{
"status": "affected",
"version": "2.00.04"
},
{
"status": "affected",
"version": "2.00.09"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "nich0las (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 and classified as critical. Affected by this issue is some unknown functionality of the component Web Interface. The manipulation leads to hard-coded credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in Belkin F9K1009 and F9K1010 2.00.04/2.00.09 gefunden. Sie wurde als kritisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Web Interface. Mittels Manipulieren mit unbekannten Daten kann eine hard-coded credentials-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 10,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-798",
"description": "Hard-coded Credentials",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-259",
"description": "Use of Hard-coded Password",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-08T14:32:05.215Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-319226 | Belkin F9K1009/F9K1010 Web Interface hard-coded credentials",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.319226"
},
{
"name": "VDB-319226 | CTI Indicators (IOB, IOC, TTP)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.319226"
},
{
"name": "Submit #621747 | Belkin F9K1009 F9K1009_WW_2.00.09 Use of Hard-coded Password",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621747"
},
{
"name": "Submit #621748 | belkin F9K1010 F9K1010_WW_2.00.04 Use of Hard-coded Password (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621748"
},
{
"name": "Submit #621760 | belkin F9K1010 F9K1010_WW_2.00.04 Use of Weak Credentials (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.621760"
},
{
"tags": [
"related"
],
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1009_WW_2.00.09/belkin%20F9K1009_WW_2.00.09_hardcoded_credential.pdf"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Nicholas-wei/bug-discovery/blob/main/belkin/F9K1010_WW_2.00.04/belkin_F9K1010_WW_2.00.04_hardcoded_credential.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-08-08T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-08-08T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-08-08T09:45:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "Belkin F9K1009/F9K1010 Web Interface hard-coded credentials"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-8730",
"datePublished": "2025-08-08T14:32:05.215Z",
"dateReserved": "2025-08-08T07:40:01.538Z",
"dateUpdated": "2025-08-08T14:51:56.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-202102-1300
Vulnerability from variot - Updated: 2024-06-06 23:00The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine. Belkin Linksys WRT160NL The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router manufactured by Belkin, USA.
Belkin Linksys WRT160NL 1.0.04.002_US_20130619 has a security vulnerability, which stems from the failure to properly filter special characters and commands
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202102-1300",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt160nl",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "1.0.04.002_us_20130619"
},
{
"model": "linksys wrt160nl",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "linksys wrt160nl firmware 1.0.04.002_us_20130619"
},
{
"model": "linksys wrt160nl",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "linksys wrt160nl 1.0.04.002 us 20130619",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:linksys_wrt160nl_firmware:1.0.04.002_us_20130619:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:linksys_wrt160nl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"cve": "CVE-2021-25310",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2021-25310",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2021-09302",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-25310",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-25310",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2021-09302",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-191",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2021-25310",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine. Belkin Linksys WRT160NL The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router manufactured by Belkin, USA. \n\r\n\r\nBelkin Linksys WRT160NL 1.0.04.002_US_20130619 has a security vulnerability, which stems from the failure to properly filter special characters and commands",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-25310",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-09302",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-25310",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"id": "VAR-202102-1300",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
}
]
},
"last_update_date": "2024-06-06T23:00:56.504000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.belkin.com/"
},
{
"title": "Patch for Belkin LINKSYS WRT160NL command execution vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/247261"
},
{
"title": "Belkin LINKSYS WRT160NL Fixes for operating system command injection vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140849"
},
{
"title": "Vulnerability",
"trust": 0.1,
"url": "https://github.com/tzwlhack/vulnerability "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.0
},
{
"problemtype": "OS Command injection (CWE-78) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://research.nccgroup.com/2021/01/28/technical-advisory-linksys-wrt160nl-authenticated-command-injection-cve-2021-25310/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-25310"
},
{
"trust": 1.7,
"url": "https://research.nccgroup.com/?research=technical%20advisories"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/tzwlhack/vulnerability"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"date": "2021-02-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"date": "2021-10-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"date": "2021-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"date": "2021-02-02T15:15:16.840000",
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-02-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-09302"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2021-25310"
},
{
"date": "2021-10-18T06:06:00",
"db": "JVNDB",
"id": "JVNDB-2021-003081"
},
{
"date": "2021-02-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-191"
},
{
"date": "2024-06-04T19:17:02.997000",
"db": "NVD",
"id": "CVE-2021-25310"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin\u00a0Linksys\u00a0WRT160NL\u00a0 In the device \u00a0OS\u00a0 Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-003081"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-191"
}
],
"trust": 0.6
}
}
VAR-202010-0520
Vulnerability from variot - Updated: 2024-05-17 23:03Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Belkin LINKSYS WRT160NL The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router made by Belkin in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202010-0520",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt 160nl",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "1.0.04"
},
{
"model": "linksys wrt160nl",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "linksys wrt160nl",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "linksys wrt160nl firmware 1.0.04.002_us_20130619"
},
{
"model": "linksys wrt160nl 1.0.04.002 us 20130619",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:linksys_wrt_160nl_firmware:1.0.04:build_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:linksys_wrt_160nl:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"cve": "CVE-2020-26561",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2020-26561",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CNVD-2020-59744",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-26561",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-26561",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2020-59744",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202010-1398",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-26561",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Belkin LINKSYS WRT160NL The device contains an out-of-bounds write vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router made by Belkin in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-26561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "VULMON",
"id": "CVE-2020-26561"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-26561",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2020-59744",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1398",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-26561",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"id": "VAR-202010-0520",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
}
]
},
"last_update_date": "2024-05-17T23:03:20.833000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top\u00a0Page",
"trust": 0.8,
"url": "https://www.belkin.com"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-787",
"trust": 1.0
},
{
"problemtype": "Out-of-bounds writing (CWE-787) [NVD Evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://research.nccgroup.com/2020/10/20/wrt160nl-cve-2020-26561-bof/"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-26561"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/787.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"date": "2020-10-23T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"date": "2021-05-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"date": "2020-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"date": "2020-10-23T06:15:12.320000",
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2020-59744"
},
{
"date": "2020-10-27T00:00:00",
"db": "VULMON",
"id": "CVE-2020-26561"
},
{
"date": "2021-05-13T07:24:00",
"db": "JVNDB",
"id": "JVNDB-2020-012577"
},
{
"date": "2020-10-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202010-1398"
},
{
"date": "2024-05-17T01:46:40.110000",
"db": "NVD",
"id": "CVE-2020-26561"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin\u00a0LINKSYS\u00a0WRT160NL\u00a0 Out-of-bounds write vulnerability in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-012577"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202010-1398"
}
],
"trust": 0.6
}
}
VAR-201512-0074
Vulnerability from variot - Updated: 2024-04-19 22:44The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ failed to set a default password for the web management interface, allowing an attacker to exploit the vulnerability to gain access to the web management interface or to implement cross-site request forgery attacks. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0074",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware:2.10.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5988",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06130",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-83949",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5988",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2015-06130",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-211",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83949",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface on Belkin F9K1102 2 devices with firmware 2.10.17 has a blank password, which allows remote attackers to obtain administrative privileges by leveraging a LAN session. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ failed to set a default password for the web management interface, allowing an attacker to exploit the vulnerability to gain access to the web management interface or to implement cross-site request forgery attacks. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5988"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83949"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5988",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06130",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83949",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"id": "VAR-201512-0074",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06130"
}
]
},
"last_update_date": "2024-04-19T22:44:32.781000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"db": "VULHUB",
"id": "VHN-83949"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83949"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"date": "2015-12-31T16:59:02",
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06130"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83949"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-211"
},
{
"date": "2015-12-31T20:05:00.453000",
"db": "NVD",
"id": "CVE-2015-5988"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-211"
}
],
"trust": 0.6
}
}
VAR-201512-0075
Vulnerability from variot - Updated: 2024-04-19 22:44Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ has a security vulnerability that allows an attacker to intercept packets on the embedded server side containing 'LockStatus:1' and 'Login_Success:0' strings and set the values to '2' and '1 'Bypass authentication, no unauthorized access. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to gain administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0075",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware:2.10.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5989",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06131",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83950",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5989",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2015-06131",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-212",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83950",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side JavaScript code for authorization, which allows remote attackers to obtain administrative privileges via certain changes to LockStatus and Login_Success values. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. Belkin N600 DB Wireless Dual Band N+ has a security vulnerability that allows an attacker to intercept packets on the embedded server side containing \u0027LockStatus:1\u0027 and \u0027Login_Success:0\u0027 strings and set the values to \u00272\u0027 and \u00271 \u0027Bypass authentication, no unauthorized access. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks. A remote attacker could exploit this vulnerability to gain administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5989"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83950"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5989",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06131",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83950",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"id": "VAR-201512-0075",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06131"
}
]
},
"last_update_date": "2024-04-19T22:44:32.748000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"db": "VULHUB",
"id": "VHN-83950"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83950"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"date": "2015-12-31T16:59:03.250000",
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06131"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83950"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-212"
},
{
"date": "2015-12-31T20:00:56.883000",
"db": "NVD",
"id": "CVE-2015-5989"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-212"
}
],
"trust": 0.6
}
}
VAR-201512-0076
Vulnerability from variot - Updated: 2024-04-19 22:44Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0076",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n600 db wireless dual band n+ router",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=2.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware:2.10.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5990",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06132",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83951",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5990",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-06132",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-213",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83951",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 devices with firmware 2.10.17 allows remote attackers to hijack the authentication of arbitrary users. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5990"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83951"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-5990",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06132",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83951",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"id": "VAR-201512-0076",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
}
]
},
"last_update_date": "2024-04-19T22:44:32.715000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "VULHUB",
"id": "VHN-83951"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83951"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"date": "2015-12-31T16:59:04.220000",
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2015-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83951"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-213"
},
{
"date": "2015-12-31T20:07:09.653000",
"db": "NVD",
"id": "CVE-2015-5990"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06132"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-213"
}
],
"trust": 0.6
}
}
VAR-201512-0073
Vulnerability from variot - Updated: 2024-04-19 22:44Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. The Belkin N600 is a wireless dual-band router product. This allows a remote attacker to exploit this vulnerability to respond to spoofing by predicting the value. Belkin N600 DB Wi-Fi Dual-Band N+ Router is prone to the following security vulnerabilities: 1. A Predictable Random Number Generator Weakness 2. An information-disclosure vulnerability 3. A security-bypass vulnerability 4. An authentication-bypass vulnerability 5. A cross-site request-forgery vulnerability An attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0073",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "gs1900-10hp",
"scope": "lt",
"trust": 1.0,
"vendor": "zyxel",
"version": "2.50\\(aazi.0\\)c0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "f9k1102 devices with",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "22.10.17"
},
{
"model": "n600 db wi-fi dual-band n\\\\\\+ router f9k1102",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "2.10.17"
},
{
"model": "n600 db wi-fi dual-band n+ f9k1102v2",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "2.10.17"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102_firmware:2.10.17:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n600_db_wi-fi_dual-band_n\\\\\\+_router_f9k1102:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of CERT/CC",
"sources": [
{
"db": "BID",
"id": "76530"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5987",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2016-00036",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-83948",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5987",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2016-00036",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-210",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83948",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F9K1102 2 devices with firmware 2.10.17 use an improper algorithm for selecting the ID value in the header of a DNS query, which makes it easier for remote attackers to spoof responses by predicting this value. Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with firmware version 2.10.17 and possibly earlier, contains multiple vulnerabilities. The Belkin N600 is a wireless dual-band router product. This allows a remote attacker to exploit this vulnerability to respond to spoofing by predicting the value. Belkin N600 DB Wi-Fi Dual-Band N+ Router is prone to the following security vulnerabilities:\n1. A Predictable Random Number Generator Weakness\n2. An information-disclosure vulnerability\n3. A security-bypass vulnerability\n4. An authentication-bypass vulnerability\n5. A cross-site request-forgery vulnerability\nAn attacker can exploit these issues to bypass security restrictions and perform certain unauthorized actions, brute-force attacks, bypass-authentication mechanisms, or gain access to potentially sensitive information. This may lead to further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5987"
},
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "VULHUB",
"id": "VHN-83948"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168",
"trust": 2.8
},
{
"db": "NVD",
"id": "CVE-2015-5987",
"trust": 2.6
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00036",
"trust": 0.6
},
{
"db": "BID",
"id": "76530",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83948",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"id": "VAR-201512-0073",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00036"
}
]
},
"last_update_date": "2024-04-19T22:44:32.681000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "https://www.kb.cert.org/vuls/id/201168"
},
{
"trust": 1.4,
"url": "http://www.belkin.com/us/support-search?search=f9k1102v2"
},
{
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4868"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/330.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/319.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/603.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.6,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5987"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#201168"
},
{
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"db": "VULHUB",
"id": "VHN-83948"
},
{
"db": "BID",
"id": "76530"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-31T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83948"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2015-08-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"date": "2015-12-31T16:59:01.033000",
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-09-22T00:00:00",
"db": "CERT/CC",
"id": "VU#201168"
},
{
"date": "2016-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00036"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83948"
},
{
"date": "2015-08-31T00:00:00",
"db": "BID",
"id": "76530"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-210"
},
{
"date": "2015-12-31T20:03:15.680000",
"db": "NVD",
"id": "CVE-2015-5987"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N600 DB Wireless Dual Band N+ router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#201168"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-210"
}
],
"trust": 0.6
}
}
VAR-201406-0324
Vulnerability from variot - Updated: 2024-02-13 23:00Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. Belkin N150 wireless routers contain a path traversal vulnerability. CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') http://cwe.mitre.org/data/definitions/22.htmlInformation may be obtained by a remote attacker. The Belkin N150 is a wireless router product. Belkin N150 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201406-0324",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n150 f9k1009",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "1.00.01"
},
{
"model": "n150 f9k1009",
"scope": "lte",
"trust": 1.0,
"vendor": "belkin",
"version": "1.00.07"
},
{
"model": "n150 f9k1009",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "v1"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n150 wireless home network router f9k1009",
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n150 wireless home network router f9k1009",
"scope": "lte",
"trust": 0.8,
"vendor": "belkin",
"version": "version 1.00.07"
},
{
"model": "n150 f9k1009",
"scope": "lte",
"trust": 0.6,
"vendor": "belkin",
"version": "\u003c=1.00.07"
},
{
"model": "n150 f9k1009",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.00.07"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.00.07",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:belkin:n150_f9k1009_firmware:1.00.01:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n150_f9k1009:v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aditya Lad",
"sources": [
{
"db": "BID",
"id": "68085"
}
],
"trust": 0.3
},
"cve": "CVE-2014-2962",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2014-002960",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-03817",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-70901",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2014-2962",
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-2962",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2014-2962",
"trust": 0.8,
"value": "7.8"
},
{
"author": "IPA",
"id": "JVNDB-2014-002960",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2014-03817",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201406-441",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-70901",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-2962",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Absolute path traversal vulnerability in the webproc cgi module on the Belkin N150 F9K1009 v1 router with firmware before 1.00.08 allows remote attackers to read arbitrary files via a full pathname in the getpage parameter. Belkin N150 wireless routers contain a path traversal vulnerability. CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) http://cwe.mitre.org/data/definitions/22.htmlInformation may be obtained by a remote attacker. The Belkin N150 is a wireless router product. Belkin N150 is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input. Information obtained could aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-2962"
},
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "BID",
"id": "68085"
},
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-70901",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38488",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-2962",
"trust": 4.3
},
{
"db": "CERT/CC",
"id": "VU#774788",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "38488",
"trust": 1.2
},
{
"db": "BID",
"id": "68085",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU93510009",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-03817",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-90080",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-70901",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-2962",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"db": "BID",
"id": "68085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"id": "VAR-201406-0324",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULHUB",
"id": "VHN-70901"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03817"
}
]
},
"last_update_date": "2024-02-13T23:00:39.319000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Belkin N150 Wireless Home Network Router, F9K1009 v1 - Firmware",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=109400"
},
{
"title": "Belkin N150 Directory Traversal Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/46623"
},
{
"title": "F9K1009_WW_1.00.08",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=50530"
},
{
"title": "Kenzer Templates [5170] [DEPRECATED]",
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://www.belkin.com/us/support-article?articlenum=109400"
},
{
"trust": 2.6,
"url": "http://www.kb.cert.org/vuls/id/774788"
},
{
"trust": 1.3,
"url": "https://www.exploit-db.com/exploits/38488/"
},
{
"trust": 0.9,
"url": "http://cwe.mitre.org/data/definitions/22.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-2962"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu93510009/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-2962"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/68085"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/arpsyndicate/kenzer-templates"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"db": "BID",
"id": "68085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#774788"
},
{
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"db": "VULHUB",
"id": "VHN-70901"
},
{
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"db": "BID",
"id": "68085"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-06-18T00:00:00",
"db": "CERT/CC",
"id": "VU#774788"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"date": "2014-06-19T00:00:00",
"db": "VULHUB",
"id": "VHN-70901"
},
{
"date": "2014-06-19T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"date": "2014-06-18T00:00:00",
"db": "BID",
"id": "68085"
},
{
"date": "2014-06-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"date": "2014-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"date": "2014-06-19T10:50:04.583000",
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-29T00:00:00",
"db": "CERT/CC",
"id": "VU#774788"
},
{
"date": "2014-06-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-03817"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULHUB",
"id": "VHN-70901"
},
{
"date": "2016-12-24T00:00:00",
"db": "VULMON",
"id": "CVE-2014-2962"
},
{
"date": "2014-06-18T00:00:00",
"db": "BID",
"id": "68085"
},
{
"date": "2014-06-23T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-002960"
},
{
"date": "2014-06-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201406-441"
},
{
"date": "2016-12-24T02:59:02.057000",
"db": "NVD",
"id": "CVE-2014-2962"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N150 path traversal vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#774788"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201406-441"
}
],
"trust": 0.6
}
}
VAR-201409-0053
Vulnerability from variot - Updated: 2024-02-13 22:58Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. The Belkin N900 Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Belkin N900 Router is a wireless router product of Belkin Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n900",
"scope": "eq",
"trust": 2.4,
"vendor": "belkin",
"version": "1.00.23"
},
{
"model": "n900",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": null
},
{
"model": "advance n900 dual-band wireless router",
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n900_firmware:1.00.23:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb, Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59478"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3086",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3086",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63088",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3086",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-551",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63088",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2013-3086",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. The Belkin N900 Router is prone to a cross-site request-forgery vulnerability. \nAttackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Belkin N900 Router is a wireless router product of Belkin Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "BID",
"id": "59478"
},
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "VULMON",
"id": "CVE-2013-3086"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3086",
"trust": 2.9
},
{
"db": "BID",
"id": "59478",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-63088",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2013-3086",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"db": "BID",
"id": "59478"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"id": "VAR-201409-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-63088"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:58:51.590000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advance N900 Dual-Band Wireless Router",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-product?pid=01t80000002wbuhaa2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"trust": 1.8,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3086"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3086"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59478"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
},
{
"trust": 0.3,
"url": "http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"db": "BID",
"id": "59478"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-63088"
},
{
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"db": "BID",
"id": "59478"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63088"
},
{
"date": "2014-09-29T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59478"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"date": "2014-09-29T22:55:08.377000",
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-63088"
},
{
"date": "2014-10-01T00:00:00",
"db": "VULMON",
"id": "CVE-2013-3086"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59478"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006654"
},
{
"date": "2014-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-551"
},
{
"date": "2014-10-01T01:00:43.577000",
"db": "NVD",
"id": "CVE-2013-3086"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Advance N900 Dual-Band Wireless Router of util_system.html Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006654"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-551"
}
],
"trust": 0.6
}
}
VAR-200212-0511
Vulnerability from variot - Updated: 2023-12-18 14:07Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests. Reportedly, this issue may be exploited by making a sequence of SNMP requests. A valid community name is not required. After a number of SNMP requests are made, the device will fail to respond to further requests. Additionally, all wireless connections will be dropped, and new connections refused. Under some conditions, the device may also fail to respond on the ethernet interface. Belkin F5D6130 has a design problem. It can make SNMP requests without providing legal SNMP community strings
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f5d6130 wnap",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "ap14g8"
},
{
"model": "f5d6130",
"scope": null,
"trust": 0.3,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "5571"
},
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:f5d6130_wnap:ap14g8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1811"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "wlanman\u203b wlanman@hoobie.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1811",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-6194",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1811",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-423",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6194",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6194"
},
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests. \nReportedly, this issue may be exploited by making a sequence of SNMP requests. A valid community name is not required. After a number of SNMP requests are made, the device will fail to respond to further requests. Additionally, all wireless connections will be dropped, and new connections refused. \nUnder some conditions, the device may also fail to respond on the ethernet interface. Belkin F5D6130 has a design problem. It can make SNMP requests without providing legal SNMP community strings",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "BID",
"id": "5571"
},
{
"db": "VULHUB",
"id": "VHN-6194"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-6194",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6194"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "5571",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-1811",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423",
"trust": 0.7
},
{
"db": "XF",
"id": "9960",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3396",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21756",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75577",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-6194",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6194"
},
{
"db": "BID",
"id": "5571"
},
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"id": "VAR-200212-0511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6194"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:07:03.725000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1811"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/5571"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9960.php"
},
{
"trust": 1.1,
"url": "http://online.securityfocus.com/archive/1/289112"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3396"
},
{
"trust": 0.3,
"url": "http://catalog.belkin.com/iwcatproductpage.process?merchant_id=1\u0026product_id=122640#"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6194"
},
{
"db": "BID",
"id": "5571"
},
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6194"
},
{
"db": "BID",
"id": "5571"
},
{
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6194"
},
{
"date": "2002-08-26T00:00:00",
"db": "BID",
"id": "5571"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"date": "2002-08-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6194"
},
{
"date": "2002-08-26T00:00:00",
"db": "BID",
"id": "5571"
},
{
"date": "2008-09-05T20:31:34.747000",
"db": "NVD",
"id": "CVE-2002-1811"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D6130 Wireless network access access SNMP Request Remote Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-423"
}
],
"trust": 0.6
}
}
VAR-201411-0143
Vulnerability from variot - Updated: 2023-12-18 14:06Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. The Belkin N750 DB Wi-Fi Gigabit Router is a router that combines multiple video streams with up to 900 Mbps of wireless network connectivity and multi-player online game speed + routing speed. The Belkin N750 DB Wi-Fi Gigabit Router has a buffer overflow vulnerability due to the program not fully checking the user-supplied data. An attacker could exploit this vulnerability to execute arbitrary code or initiate a denial of service on an affected device. Belkin N750 is a dual-band wireless router product of Belkin. MiniHttpd is an embedded HTTP web server for it
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201411-0143",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n750 wireless router",
"scope": "lte",
"trust": 1.0,
"vendor": "belkin",
"version": "1.10.16n"
},
{
"model": "n750 wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "f9k1103"
},
{
"model": "play n750 db wireless dual-band n+ router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f9k1103"
},
{
"model": "play n750 db wireless dual-band n+ router",
"scope": "lt",
"trust": 0.8,
"vendor": "belkin",
"version": "1.10.17"
},
{
"model": "n750 db wi-fi gigabit router",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "n750 wireless router",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.10.16n"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n750_wireless_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.10.16n",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n750_wireless_router:f9k1103:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1635"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Marco Vaz",
"sources": [
{
"db": "BID",
"id": "70977"
}
],
"trust": 0.3
},
"cve": "CVE-2014-1635",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2014-1635",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-08196",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-69574",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-1635",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2014-08196",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-178",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-69574",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2014-1635",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with firmware before F9K1103_WW_1.10.17m allows remote attackers to execute arbitrary code via a long string in the jump parameter. The Belkin N750 DB Wi-Fi Gigabit Router is a router that combines multiple video streams with up to 900 Mbps of wireless network connectivity and multi-player online game speed + routing speed. The Belkin N750 DB Wi-Fi Gigabit Router has a buffer overflow vulnerability due to the program not fully checking the user-supplied data. An attacker could exploit this vulnerability to execute arbitrary code or initiate a denial of service on an affected device. Belkin N750 is a dual-band wireless router product of Belkin. MiniHttpd is an embedded HTTP web server for it",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "BID",
"id": "70977"
},
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-69574",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=35184",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-1635",
"trust": 3.5
},
{
"db": "BID",
"id": "70977",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "35184",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "114345",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1031210",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08196",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "130973",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-87334",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-69574",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2014-1635",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"db": "BID",
"id": "70977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"id": "VAR-201411-0143",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "VULHUB",
"id": "VHN-69574"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
}
]
},
"last_update_date": "2023-12-18T14:06:06.813000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Play N750 DB Wireless Dual-Band N+ Router, F9K1103 - Firmware",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4831"
},
{
"title": "F9K1103_WW_1.10.17",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=52473"
},
{
"title": "hacking_etudes",
"trust": 0.1,
"url": "https://github.com/unbalancedparentheses/hacking_etudes "
},
{
"title": "api.greynoise.io",
"trust": 0.1,
"url": "https://github.com/greynoise-intelligence/api.greynoise.io "
},
{
"title": "exploit-development",
"trust": 0.1,
"url": "https://github.com/cranelab/exploit-development "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/paulveillard/cybersecurity-exploit-development "
},
{
"title": "WindowsExploitDev",
"trust": 0.1,
"url": "https://github.com/whichbuffer/windowsexploitdev "
},
{
"title": "Threatpost",
"trust": 0.1,
"url": "https://threatpost.com/serious-root-access-bug-in-belkin-n750-router/109247/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://labs.integrity.pt/articles/from-0-day-to-exploit-buffer-overflow-in-belkin-n750-cve-2014-1635/"
},
{
"trust": 2.6,
"url": "https://labs.integrity.pt/advisories/cve-2014-1635/"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/70977"
},
{
"trust": 1.8,
"url": "http://www.belkin.com/us/support-article?articlenum=4831"
},
{
"trust": 1.8,
"url": "http://www.exploit-db.com/exploits/35184"
},
{
"trust": 1.8,
"url": "http://osvdb.org/show/osvdb/114345"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1031210"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-1635"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-1635"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/70977/info"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/us/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://github.com/unbalancedparentheses/hacking_etudes"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/35184/"
},
{
"trust": 0.1,
"url": "https://threatpost.com/serious-root-access-bug-in-belkin-n750-router/109247/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"db": "BID",
"id": "70977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"db": "VULHUB",
"id": "VHN-69574"
},
{
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"db": "BID",
"id": "70977"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"date": "2014-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-69574"
},
{
"date": "2014-11-12T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "70977"
},
{
"date": "2014-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"date": "2014-11-12T16:55:06.513000",
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"date": "2014-11-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08196"
},
{
"date": "2016-03-31T00:00:00",
"db": "VULHUB",
"id": "VHN-69574"
},
{
"date": "2016-03-31T00:00:00",
"db": "VULMON",
"id": "CVE-2014-1635"
},
{
"date": "2014-11-06T00:00:00",
"db": "BID",
"id": "70977"
},
{
"date": "2014-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005443"
},
{
"date": "2016-03-31T17:35:13.560000",
"db": "NVD",
"id": "CVE-2014-1635"
},
{
"date": "2014-12-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N750 Router F9K1103 Firmware MiniHttpd Vulnerable to buffer overflow",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005443"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-178"
}
],
"trust": 0.6
}
}
VAR-201910-1351
Vulnerability from variot - Updated: 2023-12-18 14:04Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. Linksys EA6500 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin Linksys EA6500 is a wireless router from Belkin.
A path traversal vulnerability exists in Linksys EA6500 that is caused by a network system or product that fails to properly filter a particular element in a resource or file path that an attacker could use to access a location outside of a restricted directory
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-1351",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ea6500",
"scope": "eq",
"trust": 2.2,
"vendor": "linksys",
"version": null
},
{
"model": "ea6500",
"scope": null,
"trust": 0.8,
"vendor": "cisco linksys",
"version": null
},
{
"model": "linksys ea6500",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:ea6500_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:ea6500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4658"
}
]
},
"cve": "CVE-2013-4658",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-4658",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-39948",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-4658",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-4658",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2019-39948",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1501",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations outside of the Samba share. Linksys EA6500 Contains a path traversal vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin Linksys EA6500 is a wireless router from Belkin. \n\nA path traversal vulnerability exists in Linksys EA6500 that is caused by a network system or product that fails to properly filter a particular element in a resource or file path that an attacker could use to access a location outside of a restricted directory",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "CNVD",
"id": "CNVD-2019-39948"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4658",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-39948",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"id": "VAR-201910-1351",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
}
]
},
"last_update_date": "2023-12-18T14:04:59.025000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.linksys.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://www.ise.io/casestudies/exploiting-soho-routers/"
},
{
"trust": 2.4,
"url": "https://www.ise.io/soho_service_hacks/"
},
{
"trust": 2.2,
"url": "https://www.ise.io/wp-content/uploads/2017/06/soho_defcon21.pdf"
},
{
"trust": 2.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4658"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4658"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"date": "2019-10-25T17:15:10.570000",
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"date": "2019-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-11-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"date": "2019-11-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006862"
},
{
"date": "2019-10-29T16:15:53.493000",
"db": "NVD",
"id": "CVE-2013-4658"
},
{
"date": "2019-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Linksys EA6500 Path Traversal Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-39948"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1501"
}
],
"trust": 0.6
}
}
VAR-201212-0244
Vulnerability from variot - Updated: 2023-12-18 14:02The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. The Belkin N900 F9K1104v1 is a wireless router product from Belkin, USA. This vulnerability is different from CVE-2012-4366. Belkin Wireless Router is prone to a security vulnerability that may allow attackers to generate a default WPS PIN. Successfully exploiting this issue may allow attackers to generate the default WPS PIN. This may lead to other attacks. Belkin N900 F9K1104v1 is vulnerable; other versions may also be affected. A vulnerability exists in the WPA2 implementation based on Belkin N900 F9K1104v1 routers
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201212-0244",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n900 wireless router",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "f9k1104v1"
},
{
"model": "advance n900 dual-band wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f9k1104v1"
},
{
"model": "n900 f9k1104v1 router",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n900_wireless_router:f9k1104v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6371"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ZhaoChunsheng",
"sources": [
{
"db": "BID",
"id": "57128"
}
],
"trust": 0.3
},
"cve": "CVE-2012-6371",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-6371",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-59652",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-6371",
"trust": 1.8,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201301-007",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-59652",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59652"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The WPA2 implementation on the Belkin N900 F9K1104v1 router establishes a WPS PIN based on 6 digits of the LAN/WLAN MAC address, which makes it easier for remote attackers to obtain access to a Wi-Fi network by reading broadcast packets, a different vulnerability than CVE-2012-4366. The Belkin N900 F9K1104v1 is a wireless router product from Belkin, USA. This vulnerability is different from CVE-2012-4366. Belkin Wireless Router is prone to a security vulnerability that may allow attackers to generate a default WPS PIN. \nSuccessfully exploiting this issue may allow attackers to generate the default WPS PIN. This may lead to other attacks. \nBelkin N900 F9K1104v1 is vulnerable; other versions may also be affected. A vulnerability exists in the WPA2 implementation based on Belkin N900 F9K1104v1 routers",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "BID",
"id": "57128"
},
{
"db": "VULHUB",
"id": "VHN-59652"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-6371",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-00009",
"trust": 0.6
},
{
"db": "BID",
"id": "57128",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-59652",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "VULHUB",
"id": "VHN-59652"
},
{
"db": "BID",
"id": "57128"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"id": "VAR-201212-0244",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "VULHUB",
"id": "VHN-59652"
}
],
"trust": 1.45
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
}
]
},
"last_update_date": "2023-12-18T14:02:06.470000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.belkin.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-59652"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://ednolo.alumnos.upv.es/?p=1295"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6371"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6371"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "VULHUB",
"id": "VHN-59652"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"db": "VULHUB",
"id": "VHN-59652"
},
{
"db": "BID",
"id": "57128"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"date": "2012-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-59652"
},
{
"date": "2013-01-03T00:00:00",
"db": "BID",
"id": "57128"
},
{
"date": "2013-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"date": "2012-12-31T20:55:05.313000",
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"date": "2013-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-01-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-00009"
},
{
"date": "2013-01-02T00:00:00",
"db": "VULHUB",
"id": "VHN-59652"
},
{
"date": "2013-01-03T00:00:00",
"db": "BID",
"id": "57128"
},
{
"date": "2013-01-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005849"
},
{
"date": "2013-01-02T16:05:00.523000",
"db": "NVD",
"id": "CVE-2012-6371"
},
{
"date": "2013-01-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N900 Router WPA2 In the implementation of Wi-Fi Network access vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005849"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201301-007"
}
],
"trust": 0.6
}
}
VAR-201211-0048
Vulnerability from variot - Updated: 2023-12-18 13:57Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. Belkin offers a variety of wireless router devices. The Belkin wireless routing device prints the network name (ESSID) and the seemingly random password on the bottom of the device. Although the manufacturer's default WPA2-PSK password is more secure than the user setting, the Belkin default password is calculated only for the device. Multiple Belkin Wireless Routers are prone to a security vulnerability that may allow attackers to generate a default WPA2 password. Successfully exploiting this issue may allow attackers to generate the default WPA2 passwords. This may lead to other attacks. The following products are affected: Belkin Surf N150 F7D1301v1 Belkin N900 F9K1104v1 Belkin N450 F9K1105V2. Background
Belkin ships many wireless routers with an encrypted wireless network configured by default.
II. Description of vulnerability
Having a preconfigured randomly generated WPA2-PSK passphrase for wireless routers is basically a good idea since a vendor-generated passphrase can be much more secure than most user-generated passwords.
Each of the eight characters of the default passphrase are created by substituting a corresponding hex-digit of the wan mac address using a static substitution table.
Moreover, the default WPA2-PSK passphrase solely consists of 8 hexadecimal digits, which means that the entropy is limited to only 32 bits (or 33 bits since some models use uppercase hex digits). After sniffing one successful association of a client to the wireless network, an attacker can carry out an offline brute-force attack to crack the password. The program oclhashcat-plus can try 131,000 passwords per second on one high end GPU (AMD Radeon hd7970) [1]. Doing a full search of the 32-bit key space takes about 9 hours at this rate.
III. Impact
An attacker can exploit this vulnerability to calculate the WPA2-PSK passphrase of a wireless network. This allows sniffing and decrypting all wireless traffic in a purely passive attack given that the attacker has also sniffed the association.
The attacker may also connect to the wireless network, which may allow further exploitation of unprotected systems in the local network. An attacker may furthermore use the wireless network to access the internet from the owner's network. The network owner may then be held responsible for any illegal activities perpetrated by the unauthorized users.
IV. Affected devices
Belkin Surf N150 Model F7D1301v1
The official Belkin support page [2] contains pictures of the label of several other WiFi devices, which show that the following devices are vulnerable as well:
Belkin N900 Model F9K1104v1 Belkin N450 Model F9K1105V2
The following device uses a variation of the algorithm and the password consists of uppercase hex digits. When using our algorithm with the wlan mac of the device, the first 5 digits of the password are calculated correctly. It is likely that the algorithm differs only in the tables used.
Belkin N300 Model F7D2301v1
It is likely that other Belkin devices are affected as well. Unfortunately, Belkin has not yet cooperated with us to fix the vulnerability and/or confirm a list of other affected devices.
V. Solution
Users of potentially affected wireless routers should change the wireless passphrase to something more secure.
VI. Timeline
6.1.2012: Vendor contacted 27.1.2012: Escalated 29.10.2012: Another contact attempt, still no response 19.11.2012: Public disclosure
VII. Credits
Jakob Lell J\xf6rg Schneider
VIII. References
Advisory location: http://www.jakoblell.com/blog/?p=15
CVE-2012-4366: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4366
[1] http://hashcat.net/oclhashcat-plus/ [2] http://en-us-support.belkin.com/app/answers/detail/a_id/6989
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201211-0048",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n450 wireless router",
"scope": "eq",
"trust": 2.4,
"vendor": "belkin",
"version": "f9k1105v2"
},
{
"model": "n900 wireless router",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "f9k1104v1"
},
{
"model": "n150 wireless router",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "f7d1301v1"
},
{
"model": "n300 wireless router",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "f7d2301v1"
},
{
"model": "advance n900 dual-band wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f9k1104v1"
},
{
"model": "n150 wireless home network router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f7d1301v1"
},
{
"model": "n300 wi-fi n router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f7d2301v1"
},
{
"model": "surf n150 model f7d1301v1",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "n900 model f9k1104v1",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "n450 model f9k1105v2",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "n300 model f7d2301v1",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n900_wireless_router:f9k1104v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:belkin:n450_wireless_router:f9k1105v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:belkin:n300_wireless_router:f7d2301v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:belkin:n150_wireless_router:f7d1301v1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4366"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jakob Lell and J\u00f6rg Schneider",
"sources": [
{
"db": "BID",
"id": "56591"
}
],
"trust": 0.3
},
"cve": "CVE-2012-4366",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2012-4366",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-57647",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2012-4366",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2012-4366",
"trust": 1.0,
"value": "LOW"
},
{
"author": "NVD",
"id": "CVE-2012-4366",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201211-353",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-57647",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2012-4366",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model F9K1104v1, N450 Model F9K1105V2, and N300 Model F7D2301v1 generate a predictable default WPA2-PSK passphrase based on eight digits of the WAN MAC address, which allows remote attackers to access the network by sniffing the beacon frames. Belkin offers a variety of wireless router devices. The Belkin wireless routing device prints the network name (ESSID) and the seemingly random password on the bottom of the device. Although the manufacturer\u0027s default WPA2-PSK password is more secure than the user setting, the Belkin default password is calculated only for the device. Multiple Belkin Wireless Routers are prone to a security vulnerability that may allow attackers to generate a default WPA2 password. \nSuccessfully exploiting this issue may allow attackers to generate the default WPA2 passwords. This may lead to other attacks. \nThe following products are affected:\nBelkin Surf N150 F7D1301v1\nBelkin N900 F9K1104v1\nBelkin N450 F9K1105V2. Background\n\nBelkin ships many wireless routers with an encrypted wireless network \nconfigured by default. \n\nII. Description of vulnerability\n\nHaving a preconfigured randomly generated WPA2-PSK passphrase for \nwireless routers is basically a good idea since a vendor-generated \npassphrase can be much more secure than most user-generated passwords. \n\nEach of the eight characters of the default passphrase are created by \nsubstituting a corresponding hex-digit of the wan mac address using a \nstatic substitution table. \n\nMoreover, the default WPA2-PSK passphrase solely consists of 8 \nhexadecimal digits, which means that the entropy is limited to only 32 \nbits (or 33 bits since some models use uppercase hex digits). After \nsniffing one successful association of a client to the wireless network, \nan attacker can carry out an offline brute-force attack to crack the \npassword. The program oclhashcat-plus can try 131,000 passwords per \nsecond on one high end GPU (AMD Radeon hd7970) [1]. Doing a full search \nof the 32-bit key space takes about 9 hours at this rate. \n\nIII. Impact\n\nAn attacker can exploit this vulnerability to calculate the WPA2-PSK \npassphrase of a wireless network. This allows sniffing and decrypting \nall wireless traffic in a purely passive attack given that the attacker \nhas also sniffed the association. \n\nThe attacker may also connect to the wireless network, which may allow \nfurther exploitation of unprotected systems in the local network. An \nattacker may furthermore use the wireless network to access the internet \nfrom the owner\u0027s network. The network owner may then be held responsible \nfor any illegal activities perpetrated by the unauthorized users. \n\n\nIV. Affected devices\n\nBelkin Surf N150 Model F7D1301v1\n\nThe official Belkin support page [2] contains pictures of the label of \nseveral other WiFi devices, which show that the following devices are \nvulnerable as well:\n\nBelkin N900 Model F9K1104v1\nBelkin N450 Model F9K1105V2\n\nThe following device uses a variation of the algorithm and the password \nconsists of uppercase hex digits. When using our algorithm with the wlan \nmac of the device, the first 5 digits of the password are calculated \ncorrectly. It is likely that the algorithm differs only in the tables used. \n\nBelkin N300 Model F7D2301v1\n\nIt is likely that other Belkin devices are affected as well. \nUnfortunately, Belkin has not yet cooperated with us to fix the \nvulnerability and/or confirm a list of other affected devices. \n\nV. Solution\n\nUsers of potentially affected wireless routers should change the \nwireless passphrase to something more secure. \n\nVI. Timeline\n\n6.1.2012: Vendor contacted\n27.1.2012: Escalated\n29.10.2012: Another contact attempt, still no response\n19.11.2012: Public disclosure\n\nVII. Credits\n\nJakob Lell\nJ\\xf6rg Schneider\n\nVIII. References\n\nAdvisory location: http://www.jakoblell.com/blog/?p=15\n\nCVE-2012-4366: \nhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4366\n\n[1] http://hashcat.net/oclhashcat-plus/\n[2] http://en-us-support.belkin.com/app/answers/detail/a_id/6989\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "BID",
"id": "56591"
},
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "PACKETSTORM",
"id": "118208"
}
],
"trust": 2.7
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-57647",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=38164",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2012-4366",
"trust": 3.6
},
{
"db": "BID",
"id": "56591",
"trust": 1.5
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2012-6597",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20121119 CVE-2012-4366: INSECURE DEFAULT WPA2 PASSPHRASE IN MULTIPLE BELKIN WIRELESS ROUTERS",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "118208",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "38164",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-57647",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2012-4366",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "BID",
"id": "56591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "PACKETSTORM",
"id": "118208"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"id": "VAR-201211-0048",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "VULHUB",
"id": "VHN-57647"
}
],
"trust": 1.5777777833333333
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
}
]
},
"last_update_date": "2023-12-18T13:57:52.441000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.belkin.com/"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/nameisnithin/nithin "
},
{
"title": "PSKracker",
"trust": 0.1,
"url": "https://github.com/bitwisebill/pskracker "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/yadau/wireless-network-security-assessment "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/madhankumar9182/wireless-network-security "
},
{
"title": "PSKracker",
"trust": 0.1,
"url": "https://github.com/soxrok2212/pskracker "
},
{
"title": "Crippled",
"trust": 0.1,
"url": "https://github.com/konsole512/crippled "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.1
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://archives.neohapsis.com/archives/bugtraq/2012-11/0070.html"
},
{
"trust": 1.8,
"url": "http://www.jakoblell.com/blog/2012/11/19/cve-2012-4366-insecure-default-wpa2-passphrase-in-multiple-belkin-wireless-routers/"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/56591"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80157"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4366"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4366"
},
{
"trust": 0.6,
"url": "http://seclists.org/bugtraq/2012/nov/69"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/310.html"
},
{
"trust": 0.1,
"url": "https://github.com/nameisnithin/nithin"
},
{
"trust": 0.1,
"url": "https://github.com/bitwisebill/pskracker"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/38164/"
},
{
"trust": 0.1,
"url": "http://hashcat.net/oclhashcat-plus/"
},
{
"trust": 0.1,
"url": "http://www.jakoblell.com/blog/?p=15"
},
{
"trust": 0.1,
"url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4366"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-4366"
},
{
"trust": 0.1,
"url": "http://en-us-support.belkin.com/app/answers/detail/a_id/6989"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "PACKETSTORM",
"id": "118208"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"db": "VULHUB",
"id": "VHN-57647"
},
{
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"db": "BID",
"id": "56591"
},
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"db": "PACKETSTORM",
"id": "118208"
},
{
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"date": "2012-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-57647"
},
{
"date": "2012-11-20T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"date": "2012-11-19T00:00:00",
"db": "BID",
"id": "56591"
},
{
"date": "2012-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"date": "2012-11-19T21:56:52",
"db": "PACKETSTORM",
"id": "118208"
},
{
"date": "2012-11-20T00:55:01.010000",
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"date": "2012-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2012-6597"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-57647"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULMON",
"id": "CVE-2012-4366"
},
{
"date": "2012-11-19T00:00:00",
"db": "BID",
"id": "56591"
},
{
"date": "2012-11-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2012-005440"
},
{
"date": "2017-08-29T01:32:16.727000",
"db": "NVD",
"id": "CVE-2012-4366"
},
{
"date": "2012-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Belkin Wireless Router Network access vulnerabilities in products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2012-005440"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201211-353"
}
],
"trust": 0.6
}
}
VAR-202001-0879
Vulnerability from variot - Updated: 2023-12-18 13:52Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. Belkin Wemo Switch Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The issue occurs because the application fails to adequately sanitize user-supplied input. An attacker may leverage this issue to upload arbitrary firmware to the affected device; this can result in an arbitrary code execution within the context of the vulnerable application
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-0879",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wemo switch",
"scope": "lt",
"trust": 1.0,
"vendor": "belkin",
"version": "wemo_us_2.00.2176.pvt"
},
{
"model": "wemo switch",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "wemo_us_2.00.2176.pvt"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:wemo_switch_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "wemo_us_2.00.2176.pvt",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:wemo_switch:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2748"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Buentello",
"sources": [
{
"db": "BID",
"id": "58929"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2748",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007169",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007169",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2748",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "NVD",
"id": "JVNDB-2013-007169",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-112",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Switch before WeMo_US_2.00.2176.PVT could allow remote attackers to upload arbitrary files onto the system. Belkin Wemo Switch Exists in a vulnerability related to unlimited upload of dangerous types of files.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The issue occurs because the application fails to adequately sanitize user-supplied input. \nAn attacker may leverage this issue to upload arbitrary firmware to the affected device; this can result in an arbitrary code execution within the context of the vulnerable application",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "BID",
"id": "58929"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2748",
"trust": 2.7
},
{
"db": "EXPLOIT-DB",
"id": "24924",
"trust": 2.4
},
{
"db": "BID",
"id": "58929",
"trust": 1.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007169",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112",
"trust": 0.6
}
],
"sources": [
{
"db": "BID",
"id": "58929"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"id": "VAR-202001-0879",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5
},
"last_update_date": "2023-12-18T13:52:04.742000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.belkin.com/us/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-434",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://www.exploit-db.com/exploits/24924"
},
{
"trust": 1.6,
"url": "http://www.securityfocus.com/bid/58929"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83296"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2748"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2748"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "58929"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-08T00:00:00",
"db": "BID",
"id": "58929"
},
{
"date": "2020-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"date": "2020-01-28T20:15:11.793000",
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"date": "2013-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-08T00:00:00",
"db": "BID",
"id": "58929"
},
{
"date": "2020-02-19T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007169"
},
{
"date": "2020-02-05T14:43:48.160000",
"db": "NVD",
"id": "CVE-2013-2748"
},
{
"date": "2020-02-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Switch Vulnerability in unlimited upload of dangerous types of files in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007169"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "code problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-112"
}
],
"trust": 0.6
}
}
VAR-200304-0101
Vulnerability from variot - Updated: 2023-12-18 13:45Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router's external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. The Belkin F5D5230-4 4-Port Cable/DSL Gateway Router is a hardware router for a home or small office. When a request for a service that has been remapped to the internal network is made via the WAN interface, and the origin is the internal network, the router reacts unpredictably. The origin address is rewritten as the IP address of the external interface by the device before being passed to the internal network. Upon receiving a request of this nature, the device will rewrite all future requests for services mapped to the WAN network, reporting their origin as that of the WAN interface. This is known to be an issue for requests for port 80, if port 80 has been remapped to a host within the internal network. This may potentially be exploited to obscure the origin of attacks against a webserver in the internal network
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200304-0101",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f5d5230-4 4-port cable dsl gateway router",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "1.20.000"
},
{
"model": "f5d5230-4",
"scope": null,
"trust": 0.3,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "4982"
},
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:f5d5230-4_4-port_cable_dsl_gateway_router:1.20.000:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1431"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Reported by M Freitas \u003cfreitasm@mailcity.com\u003e.",
"sources": [
{
"db": "BID",
"id": "4982"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
],
"trust": 0.9
},
"cve": "CVE-2002-1431",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-5816",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1431",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200304-095",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-5816",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5816"
},
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the source IP address of internal packets to that of the router\u0027s external interface when forwarding a request from an internal host to an internal web server, which allows remote attackers to hide which host is being used to access the web server. The Belkin F5D5230-4 4-Port Cable/DSL Gateway Router is a hardware router for a home or small office. \nWhen a request for a service that has been remapped to the internal network is made via the WAN interface, and the origin is the internal network, the router reacts unpredictably. The origin address is rewritten as the IP address of the external interface by the device before being passed to the internal network. Upon receiving a request of this nature, the device will rewrite all future requests for services mapped to the WAN network, reporting their origin as that of the WAN interface. \nThis is known to be an issue for requests for port 80, if port 80 has been remapped to a host within the internal network. This may potentially be exploited to obscure the origin of attacks against a webserver in the internal network",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "BID",
"id": "4982"
},
{
"db": "VULHUB",
"id": "VHN-5816"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1431",
"trust": 2.0
},
{
"db": "BID",
"id": "4982",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095",
"trust": 0.7
},
{
"db": "XF",
"id": "9324",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020609 PROBLEM WITH IP REPORTING - BELKIN CABLE/DSL ROUTER",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-5816",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5816"
},
{
"db": "BID",
"id": "4982"
},
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"id": "VAR-200304-0101",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5816"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:45:33.573000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1431"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4982"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/276256"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/9324.php"
},
{
"trust": 0.3,
"url": "http://catalog.belkin.com/iwcatproductpage.process?merchant_id=\u0026section_id=2094\u0026pcount=\u0026product_id=113464\u0026section.section_path=%2froot%2fnetworki%2e%2e%2endcables%2fcabledsl%2e%2e%2eyrouters%2f"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5816"
},
{
"db": "BID",
"id": "4982"
},
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-5816"
},
{
"db": "BID",
"id": "4982"
},
{
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-04-11T00:00:00",
"db": "VULHUB",
"id": "VHN-5816"
},
{
"date": "2002-06-10T00:00:00",
"db": "BID",
"id": "4982"
},
{
"date": "2003-04-11T04:00:00",
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"date": "2003-04-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-5816"
},
{
"date": "2009-07-11T13:56:00",
"db": "BID",
"id": "4982"
},
{
"date": "2008-09-05T20:30:35.030000",
"db": "NVD",
"id": "CVE-2002-1431"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D5230-4 Inside the router Web Traffic Origin Obfuscation Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "4982"
},
{
"db": "CNNVD",
"id": "CNNVD-200304-095"
}
],
"trust": 0.9
}
}
VAR-201401-0092
Vulnerability from variot - Updated: 2023-12-18 13:45Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. The Belkin N900 Dual-Band Wireless Router is a wireless router device. The Belkin N900 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the incorrect filtering of the 'ssid2' parameter in the wl_channel.html page and the incorrect filtering of the 'guest_psk' parameter in the wl_guest.html page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0092",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n900",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": null
},
{
"model": "advance n900 dual-band wireless router",
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
},
{
"model": "n900 dual-band wireless router",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.00.23"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3087"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59482"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3087",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3087",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2013-04029",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-63089",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3087",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04029",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-563",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63089",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "VULHUB",
"id": "VHN-63089"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. The Belkin N900 Dual-Band Wireless Router is a wireless router device. The Belkin N900 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the incorrect filtering of the \u0027ssid2\u0027 parameter in the wl_channel.html page and the incorrect filtering of the \u0027guest_psk\u0027 parameter in the wl_guest.html page",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "BID",
"id": "59482"
},
{
"db": "VULHUB",
"id": "VHN-63089"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3087",
"trust": 3.4
},
{
"db": "BID",
"id": "59482",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04029",
"trust": 0.6
},
{
"db": "XF",
"id": "900",
"trust": 0.6
},
{
"db": "XF",
"id": "83831",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63089",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "VULHUB",
"id": "VHN-63089"
},
{
"db": "BID",
"id": "59482"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"id": "VAR-201401-0092",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "VULHUB",
"id": "VHN-63089"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
}
]
},
"last_update_date": "2023-12-18T13:45:32.233000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Advance N900 Dual-Band Wireless Router",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-product?pid=01t80000002wbuhaa2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63089"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 1.1,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83831"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3087"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3087"
},
{
"trust": 0.8,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/83831"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59482"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "VULHUB",
"id": "VHN-63089"
},
{
"db": "BID",
"id": "59482"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"db": "VULHUB",
"id": "VHN-63089"
},
{
"db": "BID",
"id": "59482"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"date": "2014-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63089"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59482"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"date": "2014-01-30T15:06:22.940000",
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04029"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63089"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59482"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005961"
},
{
"date": "2017-08-29T01:33:21.903000",
"db": "NVD",
"id": "CVE-2013-3087"
},
{
"date": "2014-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Advance N900 Dual-Band Wireless Router Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005961"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-563"
}
],
"trust": 0.6
}
}
VAR-201409-0054
Vulnerability from variot - Updated: 2023-12-18 13:43Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. Belkin N300 Wi-Fi N is a wireless router product from Belkin. Attackers can use security bypass vulnerabilities, bypass specific security restrictions, and perform certain specific unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201409-0054",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n300",
"scope": "eq",
"trust": 2.4,
"vendor": "belkin",
"version": "1.00.06"
},
{
"model": "n300",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": null
},
{
"model": "n300 wi-fi n router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "(f7d7301v1)"
},
{
"model": "n300 wi-fi n router",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.00.06"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:n300_firmware:1.00.06:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3089"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators.",
"sources": [
{
"db": "BID",
"id": "59492"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3089",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-3089",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 4.4,
"id": "CNVD-2013-04023",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-63091",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3089",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04023",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-564",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63091",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "VULHUB",
"id": "VHN-63091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin N300 (F7D7301v1) router allows remote attackers to hijack the authentication of administrators for requests that modify configuration. Belkin N300 Wi-Fi N is a wireless router product from Belkin. Attackers can use security bypass vulnerabilities, bypass specific security restrictions, and perform certain specific unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"db": "BID",
"id": "59492"
},
{
"db": "BID",
"id": "59481"
},
{
"db": "VULHUB",
"id": "VHN-63091"
}
],
"trust": 3.33
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3089",
"trust": 3.4
},
{
"db": "BID",
"id": "59492",
"trust": 0.9
},
{
"db": "BID",
"id": "59481",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04023",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63091",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "VULHUB",
"id": "VHN-63091"
},
{
"db": "BID",
"id": "59492"
},
{
"db": "BID",
"id": "59481"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"id": "VAR-201409-0054",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "VULHUB",
"id": "VHN-63091"
}
],
"trust": 1.3666667
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
}
]
},
"last_update_date": "2023-12-18T13:43:03.313000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N300 Wi-Fi N Router",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-product?pid=01t80000002wbtuaa2"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63091"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"
},
{
"trust": 1.7,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3089"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3089"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.6,
"url": "http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59492"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59481"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "VULHUB",
"id": "VHN-63091"
},
{
"db": "BID",
"id": "59481"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"db": "VULHUB",
"id": "VHN-63091"
},
{
"db": "BID",
"id": "59492"
},
{
"db": "BID",
"id": "59481"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"date": "2014-09-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63091"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59492"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59481"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"date": "2014-09-29T22:55:08.427000",
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04023"
},
{
"date": "2014-10-01T00:00:00",
"db": "VULHUB",
"id": "VHN-63091"
},
{
"date": "2013-04-26T15:40:00",
"db": "BID",
"id": "59492"
},
{
"date": "2013-04-26T15:40:00",
"db": "BID",
"id": "59481"
},
{
"date": "2014-10-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006655"
},
{
"date": "2014-10-01T00:59:26.303000",
"db": "NVD",
"id": "CVE-2013-3089"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"date": "2014-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-559"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N300 Wi-Fi N Router of apply.cgi Vulnerable to cross-site request forgery",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006655"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-564"
}
],
"trust": 0.6
}
}
VAR-201911-1035
Vulnerability from variot - Updated: 2023-12-18 13:38Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Belkin Linksys Velop The device contains an authentication bypass vulnerability with a user-controlled key.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Belkin Linksys Velop is a modular mesh home WiFi system.
Belkin Linksys Velop /sysinfo_json.cgi has a security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201911-1035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "velop whw0303",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.1.8.192419"
},
{
"model": "velop whw0301",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.1.8.192419"
},
{
"model": "velop whw0302",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.1.8.192419"
},
{
"model": "velop whw0301",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.1.8.192419"
},
{
"model": "velop whw0302",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.1.8.192419"
},
{
"model": "velop whw0303",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.1.8.192419"
},
{
"model": "linksys velop",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.1.8.192419"
},
{
"model": "velop whw0303",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "velop whw0302",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "velop whw0301",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:velop_whw0303_firmware:1.1.8.192419:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:velop_whw0303:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:velop_whw0302_firmware:1.1.8.192419:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:velop_whw0302:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:velop_whw0301_firmware:1.1.8.192419:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:velop_whw0301:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16340"
}
]
},
"cve": "CVE-2019-16340",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-16340",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2021-42332",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-16340",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-16340",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2021-42332",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201911-1235",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key via a direct request for the /sysinfo_json.cgi URI. Belkin Linksys Velop The device contains an authentication bypass vulnerability with a user-controlled key.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Belkin Linksys Velop is a modular mesh home WiFi system. \n\r\n\r\nBelkin Linksys Velop /sysinfo_json.cgi has a security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "CNVD",
"id": "CNVD-2021-42332"
}
],
"trust": 2.16
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16340",
"trust": 3.0
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2021-42332",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"id": "VAR-201911-1035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
}
]
},
"last_update_date": "2023-12-18T13:38:04.850000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Velop (WHW0301, WHW0302, WHW0303) Downloads",
"trust": 0.8,
"url": "https://www.linksys.com/us/support-article?articlenum=207568"
},
{
"title": "Firmware Release Notes",
"trust": 0.8,
"url": "http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/whw03_a03_velop_customer_release_notes_1.1.9.195026.txt"
},
{
"title": "Patch for Belkin Linksys Velop Key Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/243685"
},
{
"title": "Belkin Linksys Velop Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=103611"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-425",
"trust": 1.0
},
{
"problemtype": "CWE-639",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.linksys.com/us/support-article?articlenum=207568"
},
{
"trust": 1.6,
"url": "http://s3.amazonaws.com/downloads.linksys.com/support/assets/releasenotes/whw03_a03_velop_customer_release_notes_1.1.9.195026.txt"
},
{
"trust": 1.6,
"url": "https://puzzor.github.io/linksys-velop-authentication-bypass"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16340"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16340"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-03-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"date": "2019-11-21T15:15:13.887000",
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"date": "2019-11-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-06-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2021-42332"
},
{
"date": "2019-11-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-012286"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-16340"
},
{
"date": "2019-11-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Linksys Velop Vulnerability in authentication bypass by user control key in device",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-012286"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201911-1235"
}
],
"trust": 0.6
}
}
VAR-201401-0091
Vulnerability from variot - Updated: 2023-12-18 13:34Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, gain sensitive information, or hijack user sessions. The Belkin F5D8236-4 Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Belkin Model F5D8236-4 v2 Router is a wireless router product of Belkin Company in the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0091",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f5d8236-4",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "v2"
},
{
"model": "n wireless router",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "f5d8236-4 v2 (firmware)"
},
{
"model": "f5d8236-4",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:f5d8236-4:v2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3084"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jacob Holcomb of Independent Security Evaluators",
"sources": [
{
"db": "BID",
"id": "59477"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
],
"trust": 0.9
},
"cve": "CVE-2013-3084",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-3084",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CNVD-2013-04021",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-63086",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3084",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-04021",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201304-552",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63086",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "VULHUB",
"id": "VHN-63086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, gain sensitive information, or hijack user sessions. The Belkin F5D8236-4 Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Belkin Model F5D8236-4 v2 Router is a wireless router product of Belkin Company in the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "BID",
"id": "59477"
},
{
"db": "VULHUB",
"id": "VHN-63086"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-3084",
"trust": 3.4
},
{
"db": "BID",
"id": "59477",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-04021",
"trust": 0.6
},
{
"db": "XF",
"id": "83839",
"trust": 0.6
},
{
"db": "XF",
"id": "20133084",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63086",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "VULHUB",
"id": "VHN-63086"
},
{
"db": "BID",
"id": "59477"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"id": "VAR-201401-0091",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "VULHUB",
"id": "VHN-63086"
}
],
"trust": 1.4222222
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
}
]
},
"last_update_date": "2023-12-18T13:34:43.353000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "N Wireless Router",
"trust": 0.8,
"url": "http://www.belkin.com/us/support-product/?pid=01t80000001jnw5aao"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-63086"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/83839"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp"
},
{
"trust": 0.9,
"url": "http://securityevaluators.com/content/case-studies/routers/belkin_f5d8236-4v2.jsp"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3084"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3084"
},
{
"trust": 0.8,
"url": "http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf"
},
{
"trust": 0.6,
"url": "http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/83839"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59477"
},
{
"trust": 0.3,
"url": "http://www.belkin.com/index.asp"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "VULHUB",
"id": "VHN-63086"
},
{
"db": "BID",
"id": "59477"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"db": "VULHUB",
"id": "VHN-63086"
},
{
"db": "BID",
"id": "59477"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"date": "2014-01-30T00:00:00",
"db": "VULHUB",
"id": "VHN-63086"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59477"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"date": "2014-01-30T15:06:22.923000",
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"date": "2013-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-04021"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-63086"
},
{
"date": "2013-04-25T00:00:00",
"db": "BID",
"id": "59477"
},
{
"date": "2014-02-03T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005960"
},
{
"date": "2017-08-29T01:33:21.807000",
"db": "NVD",
"id": "CVE-2013-3084"
},
{
"date": "2014-02-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin N Wireless Router Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005960"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201304-552"
}
],
"trust": 0.6
}
}
VAR-201906-0587
Vulnerability from variot - Updated: 2023-12-18 13:33The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication. Belkin Wemo Enabled Crock-Pot Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin Wemo Enabled Crock-Pot is a smart slow cooker. A security vulnerability exists in the Wemo UPnP API in the Belkin Wemo Enabled Crock-Pot
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201906-0587",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "crock-pot smart slow cooker with wemo",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": null
},
{
"model": "crock-pot smart slow cooker with wemo",
"scope": null,
"trust": 0.8,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:crock-pot_smart_slow_cooker_with_wemo_firmware:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:crock-pot_smart_slow_cooker_with_wemo:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12780"
}
]
},
"cve": "CVE-2019-12780",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-12780",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-144561",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-12780",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-12780",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201906-347",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-144561",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-12780",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Belkin Wemo Enabled Crock-Pot allows command injection in the Wemo UPnP API via the SmartDevURL argument to the SetSmartDevInfo action. A simple POST request to /upnp/control/basicevent1 can allow an attacker to execute commands without authentication. Belkin Wemo Enabled Crock-Pot Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. The Belkin Wemo Enabled Crock-Pot is a smart slow cooker. A security vulnerability exists in the Wemo UPnP API in the Belkin Wemo Enabled Crock-Pot",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "VULMON",
"id": "CVE-2019-12780"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "EXPLOIT-DB",
"id": "46436",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2019-12780",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201906-347",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-144561",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-12780",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"id": "VAR-201906-0587",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-144561"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:33:30.091000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.belkin.com/"
},
{
"title": "node-nvd-search-cli",
"trust": 0.1,
"url": "https://github.com/travispaul/node-nvd-search-cli "
},
{
"title": "nvd_cve",
"trust": 0.1,
"url": "https://github.com/travispaul/nvd_cve "
},
{
"title": "node-nvd-search",
"trust": 0.1,
"url": "https://github.com/travispaul/node-nvd "
},
{
"title": "node-nvd-search",
"trust": 0.1,
"url": "https://github.com/travispaul/node-nvd-search "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.exploit-db.com/exploits/46436"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12780"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-12780"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/78.html"
},
{
"trust": 0.1,
"url": "https://github.com/travispaul/node-nvd-search-cli"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-144561"
},
{
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-06-10T00:00:00",
"db": "VULHUB",
"id": "VHN-144561"
},
{
"date": "2019-06-10T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"date": "2019-06-10T16:29:00.253000",
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"date": "2019-06-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-144561"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-12780"
},
{
"date": "2019-06-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-005521"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2019-12780"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Enabled Crock-Pot Command injection vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-005521"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201906-347"
}
],
"trust": 0.6
}
}
VAR-201910-0685
Vulnerability from variot - Updated: 2023-12-18 13:33An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. Belkin Wemo Switch 28B The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0685",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wemo switch 28b",
"scope": "eq",
"trust": 1.6,
"vendor": "belkin",
"version": "wemo_ww_2.00.11057.pvt-owrt-sns"
},
{
"model": "wemo switch 28b",
"scope": "eq",
"trust": 0.8,
"vendor": "belkin",
"version": "ww_2.00.11057.pvt-owrt-sns"
},
{
"model": "wemo switch 28b ww 2.00.11057.pvt-owrt-sns",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "wemo switch 28b",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:belkin:wemo_switch_28b_firmware:wemo_ww_2.00.11057.pvt-owrt-sns:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:wemo_switch_28b:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17532"
}
]
},
"cve": "CVE-2019-17532",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-17532",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2019-36952",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-17532",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-17532",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2019-36952",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-775",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2019-17532",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An issue was discovered on Belkin Wemo Switch 28B WW_2.00.11057.PVT-OWRT-SNS devices. They allow remote attackers to cause a denial of service (persistent rules-processing outage) via a crafted ruleDbBody element in a StoreRules request to the upnp/control/rules1 URI, because database corruption occurs. Belkin Wemo Switch 28B The device contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "VULMON",
"id": "CVE-2019-17532"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-17532",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2019-36952",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2019-17532",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"id": "VAR-201910-0685",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
}
]
},
"last_update_date": "2023-12-18T13:33:20.864000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.belkin.com/jp/"
},
{
"title": "wemo_dos",
"trust": 0.1,
"url": "https://github.com/badnack/wemo_dos "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
},
{
"problemtype": "CWE-20",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://github.com/badnack/wemo_dos"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17532"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-17532"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/20.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"date": "2019-10-12T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"date": "2019-10-12T21:15:08.680000",
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"date": "2019-10-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"date": "2019-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2019-17532"
},
{
"date": "2019-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-010897"
},
{
"date": "2021-07-21T11:39:23.747000",
"db": "NVD",
"id": "CVE-2019-17532"
},
{
"date": "2019-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin Wemo Switch 28B Input Validation Error Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2019-36952"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-775"
}
],
"trust": 0.6
}
}
VAR-200711-0217
Vulnerability from variot - Updated: 2023-12-18 13:30The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116. Successfully exploiting this issue allows remote attackers to crash the logging system of affected devices. This may aid in obfuscating further attacks. Belkin Wireless G routers with model number F5D7230-4 are vulnerable to this issue; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200711-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "f5d7230-4",
"scope": null,
"trust": 1.7,
"vendor": "belkin",
"version": null
},
{
"model": "f5d7230-4",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "*"
}
],
"sources": [
{
"db": "BID",
"id": "26498"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:f5d7230-4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6040"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "r00tbl4ckh0l3.com is credited with the discovery of this issue.",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
],
"trust": 0.6
},
"cve": "CVE-2007-6040",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2007-6040",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-29402",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-6040",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200711-297",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-29402",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29402"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Belkin F5D7230-4 Wireless G Router allows remote attackers to cause a denial of service (degraded networking and logging) via a flood of TCP SYN packets, a related issue to CVE-1999-0116. \nSuccessfully exploiting this issue allows remote attackers to crash the logging system of affected devices. This may aid in obfuscating further attacks. \nBelkin Wireless G routers with model number F5D7230-4 are vulnerable to this issue; other versions may also be affected",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "BID",
"id": "26498"
},
{
"db": "VULHUB",
"id": "VHN-29402"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-6040",
"trust": 2.8
},
{
"db": "BID",
"id": "26498",
"trust": 2.0
},
{
"db": "SREASON",
"id": "3383",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911",
"trust": 0.8
},
{
"db": "XF",
"id": "38576",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20071118 BELKIN WIRELESS G ROUTER DOS",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-29402",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29402"
},
{
"db": "BID",
"id": "26498"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"id": "VAR-200711-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-29402"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:30:32.655000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.belkin.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29402"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/26498"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/3383"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/483890/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38576"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6040"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6040"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/483890/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/38576"
},
{
"trust": 0.3,
"url": "http://catalog.belkin.com/iwcatproductpage.process?merchant_id=\u0026section_id=201522\u0026pcount=\u0026product_id=136493"
},
{
"trust": 0.3,
"url": "/archive/1/483890"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-29402"
},
{
"db": "BID",
"id": "26498"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-29402"
},
{
"db": "BID",
"id": "26498"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-11-20T00:00:00",
"db": "VULHUB",
"id": "VHN-29402"
},
{
"date": "2007-11-19T00:00:00",
"db": "BID",
"id": "26498"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"date": "2007-11-20T19:46:00",
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"date": "2007-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-15T00:00:00",
"db": "VULHUB",
"id": "VHN-29402"
},
{
"date": "2007-12-18T20:06:00",
"db": "BID",
"id": "26498"
},
{
"date": "2012-06-26T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-002911"
},
{
"date": "2018-10-15T21:49:27.103000",
"db": "NVD",
"id": "CVE-2007-6040"
},
{
"date": "2007-11-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin F5D7230-4 Wireless G Router Service disruption in (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2007-002911"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200711-297"
}
],
"trust": 0.6
}
}
VAR-201809-0319
Vulnerability from variot - Updated: 2023-12-18 13:28Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level&level= substring. This can also be exploited via CSRF. Linksys Velop The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BelkinIntermationalLinksysVelop is a family WiFi wireless network solution from Belkin Intermational. A command injection vulnerability exists in BelkinIntermationalLinksysVelop version 1.1.2.187020
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0319",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "velop",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.1.2.187020"
},
{
"model": "velop",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.1.2.187020"
},
{
"model": "intermational linksys velop",
"scope": "eq",
"trust": 0.6,
"vendor": "belkin",
"version": "1.1.2.187020"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linksys:velop_firmware:1.1.2.187020:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:velop:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17208"
}
]
},
"cve": "CVE-2018-17208",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2018-17208",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CNVD-2018-19553",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-127644",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.8,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-17208",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-17208",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2018-19553",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-878",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-127644",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys Velop 1.1.2.187020 devices allow unauthenticated command injection, providing an attacker with full root access, via cgi-bin/zbtest.cgi or cgi-bin/zbtest2.cgi (scripts that can be discovered with binwalk on the firmware, but are not visible in the web interface). This occurs because shell metacharacters in the query string are mishandled by ShellExecute, as demonstrated by the zbtest.cgi?cmd=level\u0026level= substring. This can also be exploited via CSRF. Linksys Velop The device contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. BelkinIntermationalLinksysVelop is a family WiFi wireless network solution from Belkin Intermational. A command injection vulnerability exists in BelkinIntermationalLinksysVelop version 1.1.2.187020",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-17208",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-19553",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-127644",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"id": "VAR-201809-0319",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
}
]
},
"last_update_date": "2023-12-18T13:28:48.019000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "VELOP",
"trust": 0.8,
"url": "https://www.linksys.com/jp/velop/"
},
{
"title": "LinksysVelop command to inject vulnerability patches",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/140845"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-77",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-127644"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://langkjaer.com/velop.html"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-17208"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-17208"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"db": "VULHUB",
"id": "VHN-127644"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"date": "2018-09-19T00:00:00",
"db": "VULHUB",
"id": "VHN-127644"
},
{
"date": "2019-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"date": "2018-09-19T17:29:00.257000",
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"date": "2018-09-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-09-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-19553"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-127644"
},
{
"date": "2019-01-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012122"
},
{
"date": "2019-10-03T00:03:26.223000",
"db": "NVD",
"id": "CVE-2018-17208"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys Velop Command injection vulnerability in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012122"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-878"
}
],
"trust": 0.6
}
}
VAR-200507-0278
Vulnerability from variot - Updated: 2023-12-18 13:26Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. Belkin 54G Wireless Router is prone to a remote security vulnerability. Belkin 54g wireless routers is a broadband wireless router produced by Belkin Corporation of the United States
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200507-0278",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "54g wireless router",
"scope": "eq",
"trust": 1.0,
"vendor": "belkin",
"version": "*"
},
{
"model": "54g wireless router",
"scope": null,
"trust": 0.6,
"vendor": "belkin",
"version": null
},
{
"model": "54g wireless router",
"scope": "eq",
"trust": 0.3,
"vendor": "belkin",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "89433"
},
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:belkin:belkin_54g_wireless_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2374"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89433"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2374",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13583",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2374",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200507-255",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-13583",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13583"
},
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin 54g wireless routers do not properly set an administrative password, which allows remote attackers to gain access via the (1) Telnet or (2) web administration interfaces. Belkin 54G Wireless Router is prone to a remote security vulnerability. Belkin 54g wireless routers is a broadband wireless router produced by Belkin Corporation of the United States",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "BID",
"id": "89433"
},
{
"db": "VULHUB",
"id": "VHN-13583"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "SECTRACK",
"id": "1014493",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2005-2374",
"trust": 2.0
},
{
"db": "XF",
"id": "21412",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20050715 SEVERAL VULNERABILITIES PRESENT IN BELKIN WIRELESS ROUTERS",
"trust": 0.6
},
{
"db": "BID",
"id": "89433",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-13583",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13583"
},
{
"db": "BID",
"id": "89433"
},
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"id": "VAR-200507-0278",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13583"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:26:01.107000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2374"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://securitytracker.com/alerts/2005/jul/1014493.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21412"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=112144089102115\u0026w=2"
},
{
"trust": 0.9,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112144089102115\u0026w=2"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/21412"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=112144089102115\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13583"
},
{
"db": "BID",
"id": "89433"
},
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13583"
},
{
"db": "BID",
"id": "89433"
},
{
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-07-26T00:00:00",
"db": "VULHUB",
"id": "VHN-13583"
},
{
"date": "2005-07-26T00:00:00",
"db": "BID",
"id": "89433"
},
{
"date": "2005-07-26T04:00:00",
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"date": "2005-07-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-12T00:00:00",
"db": "VULHUB",
"id": "VHN-13583"
},
{
"date": "2005-07-26T00:00:00",
"db": "BID",
"id": "89433"
},
{
"date": "2017-07-12T01:29:01.690000",
"db": "NVD",
"id": "CVE-2005-2374"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Belkin 54g wireless routers Administrator password vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200507-255"
}
],
"trust": 0.6
}
}