Sign-up

ID

VAR-200211-0078


TITLE

Linksys Router is not authorized to manage access vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-15156

DESCRIPTION

The Linksys router is a router for small and medium businesses. Linksys routers have security issues that can be exploited by remote attackers to access Linksys routers to view and change configuration data. During the initialization phase of the client and Linksys router management service program (internal interface TCP port 8080), the program incorrectly processes the XML-related data submitted by the client, which may cause an attacker to use the Lynx browser to connect to the internal management interface, and when \"application/ When there is a mailcap entry in foo.xml\", administrative access authentication can be bypassed without password viewing and changing router configuration data. It is still unclear why the vulnerability occurred. Reportedly, the authentication mechanism can be bypassed by requesting a .XML page. This feature is required for UPnP functionality but is not disabled when UPnP support is disabled. This is due to a flaw in the firmware when parsing requests for .XML pages. It has also been reported that firmware revision 1.43.3 only partially fixes this vulnerability

Trust: 0.81

sources: CNVD: CNVD-2013-15156 // BID: 6201

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15156

AFFECTED PRODUCTS

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.41

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.41

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.41

Trust: 0.3

vendor:linksysmodel:befw11s4scope:eqversion:1.4.3

Trust: 0.3

vendor:linksysmodel:befw11s4scope:eqversion:1.4.2.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:neversion:1.43.3

Trust: 0.3

sources: CNVD: CNVD-2013-15156 // BID: 6201

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-15156
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-15156
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-15156

THREAT TYPE

network

Trust: 0.3

sources: BID: 6201

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 6201

PATCH

title:Linksys Router does not authorize patches for managing access vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/41714

Trust: 0.6

sources: CNVD: CNVD-2013-15156

EXTERNAL IDS

db:BIDid:6201

Trust: 0.9

db:CNVDid:CNVD-2013-15156

Trust: 0.6

sources: CNVD: CNVD-2013-15156 // BID: 6201

REFERENCES

url:http://marc.theaimsgroup.com/?l=bugtraq&m=103767638823941&w=2

Trust: 0.6

url:http://www.linksys.com/download/

Trust: 0.3

url:/archive/1/300402

Trust: 0.3

url:/archive/1/300836

Trust: 0.3

sources: CNVD: CNVD-2013-15156 // BID: 6201

CREDITS

Discovery credited to Seth Bromberger <sbbugtraq1102@yahoo.com>.

Trust: 0.3

sources: BID: 6201

SOURCES

db:CNVDid:CNVD-2013-15156
db:BIDid:6201

LAST UPDATE DATE

2022-05-17T01:59:14.764000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-15156date:2013-12-17T00:00:00
db:BIDid:6201date:2002-11-18T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-15156date:2002-11-19T00:00:00
db:BIDid:6201date:2002-11-18T00:00:00