Details of VAR-201310-0217

ID

VAR-201310-0217

CVE

CVE-2013-3610

TITLE

ASUS RT-N10E Wireless Router 'QIS_finish.htm' Password Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2013-13507 // BID: 62850

DESCRIPTION

qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. ASUS Wireless-N150 Router RT-N10E No authentication bypass (CWE-592) Vulnerabilities exist. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlAdministrator authentication information may be obtained by a third party who can access the product. As a result, arbitrary operations may be executed with administrator privileges for the product. Successful exploits will allow unauthenticated attackers to obtain sensitive information of the device such as administrative password, which may aid in further attacks. ASUS RT-N10E firmware version 2.0.0.24 is vulnerable

Trust: 3.24

sources: NVD: CVE-2013-3610 // CERT/CC: VU#984366 // JVNDB: JVNDB-2013-004505 // CNVD: CNVD-2013-13507 // BID: 62850 // VULHUB: VHN-63612

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13507

AFFECTED PRODUCTS

vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.19	Trust: 1.6
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.20	Trust: 1.6
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.16	Trust: 1.6
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.7	Trust: 1.6
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.10	Trust: 1.6
vendor:	asus	model:	rt-n10e	scope:	lte	version:	2.0.0.24	Trust: 1.0
vendor:	asus	model:	rt-n10e	scope:	eq	version:	-	Trust: 1.0
vendor:	asustek computer	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	asustek computer	model:	rt-n10e	scope:	lte	version:	version 2.0.0.24	Trust: 0.8
vendor:	asus	model:	rt-n10e wireless router	scope:	eq	version:	2.0.0.24	Trust: 0.6
vendor:	asus	model:	rt-n10e	scope:	eq	version:	2.0.0.24	Trust: 0.6

sources: CERT/CC: VU#984366 // CNVD: CNVD-2013-13507 // JVNDB: JVNDB-2013-004505 // CNNVD: CNNVD-201310-021 // NVD: CVE-2013-3610

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-3610
value:	MEDIUM
Trust: 1.6
nvd@nist.gov:	CVE-2013-3610
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2013-13507
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201310-021
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63612
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3610
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-3610
severity:	MEDIUM
baseScore:	5.6
vectorString:	NONE
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2013-13507
severity:	MEDIUM
baseScore:	5.6
vectorString:	AV:L/AC:L/AU:N/C:C/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63612
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:C/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#984366 // CNVD: CNVD-2013-13507 // VULHUB: VHN-63612 // JVNDB: JVNDB-2013-004505 // CNNVD: CNNVD-201310-021 // NVD: CVE-2013-3610

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.9
problemtype:	CWE-592	Trust: 0.8

sources: CERT/CC: VU#984366 // VULHUB: VHN-63612 // JVNDB: JVNDB-2013-004505 // NVD: CVE-2013-3610

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201310-021

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201310-021

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-004505

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#984366

PATCH

title:	RT-N10E - Driver & Tools	url:	http://www.asus.com/Networking/RTN10E/#support_Download	Trust: 0.8
title:	ASUS RT-N10E Wireless Router 'QIS_finish.htm' Patch for Password Information Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/40041	Trust: 0.6

sources: CNVD: CNVD-2013-13507 // JVNDB: JVNDB-2013-004505

EXTERNAL IDS

db:	CERT/CC	id:	VU#984366	Trust: 4.2
db:	NVD	id:	CVE-2013-3610	Trust: 3.4
db:	BID	id:	62850	Trust: 1.0
db:	JVN	id:	JVNVU96826639	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-004505	Trust: 0.8
db:	CNNVD	id:	CNNVD-201310-021	Trust: 0.7
db:	CNVD	id:	CNVD-2013-13507	Trust: 0.6
db:	VULHUB	id:	VHN-63612	Trust: 0.1

sources: CERT/CC: VU#984366 // CNVD: CNVD-2013-13507 // VULHUB: VHN-63612 // BID: 62850 // JVNDB: JVNDB-2013-004505 // CNNVD: CNNVD-201310-021 // NVD: CVE-2013-3610

REFERENCES

url:	http://www.kb.cert.org/vuls/id/984366	Trust: 3.4
url:	http://www.asus.com/networking/rtn10e/	Trust: 1.1
url:	http://cwe.mitre.org/data/definitions/592.html	Trust: 0.8
url:	http://www.asus.com/networking/rtn10e/#support_download	Trust: 0.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3610	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu96826639/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3610	Trust: 0.8
url:	http://www.asus.com/	Trust: 0.3

sources: CERT/CC: VU#984366 // CNVD: CNVD-2013-13507 // VULHUB: VHN-63612 // BID: 62850 // JVNDB: JVNDB-2013-004505 // CNNVD: CNNVD-201310-021 // NVD: CVE-2013-3610

CREDITS

Sanket Karalkar

Trust: 0.3

sources: BID: 62850

SOURCES

db:	CERT/CC	id:	VU#984366
db:	CNVD	id:	CNVD-2013-13507
db:	VULHUB	id:	VHN-63612
db:	BID	id:	62850
db:	JVNDB	id:	JVNDB-2013-004505
db:	CNNVD	id:	CNNVD-201310-021
db:	NVD	id:	CVE-2013-3610

LAST UPDATE DATE

2024-11-23T23:12:48.528000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#984366	date:	2013-10-04T00:00:00
db:	CNVD	id:	CNVD-2013-13507	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-63612	date:	2013-10-07T00:00:00
db:	BID	id:	62850	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004505	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-021	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2013-3610	date:	2024-11-21T01:53:59.057

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#984366	date:	2013-10-04T00:00:00
db:	CNVD	id:	CNVD-2013-13507	date:	2013-10-10T00:00:00
db:	VULHUB	id:	VHN-63612	date:	2013-10-05T00:00:00
db:	BID	id:	62850	date:	2013-10-04T00:00:00
db:	JVNDB	id:	JVNDB-2013-004505	date:	2013-10-08T00:00:00
db:	CNNVD	id:	CNNVD-201310-021	date:	2013-10-08T00:00:00
db:	NVD	id:	CVE-2013-3610	date:	2013-10-05T10:55:03.493