Sign-up

ID

VAR-201401-0093


CVE

CVE-2013-3090


TITLE

Belkin N300 Wi-Fi N Router Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005962

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 router allow remote attackers to inject arbitrary web script or HTML via the Guest Access PSK field to wireless_guest2_print.stm or other unspecified vectors. The Belkin N300 Wi-Fi N Router is a wireless router device. A cross-site scripting vulnerability exists in the Belkin N300 Wi-Fi N Router that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to resolve, gain sensitive information, or hijack user sessions. A web server can use a remote site's FormMail script without authorization, using remote system resources or exploiting other vulnerabilities in the script. For example, this issue can be used to exploit BID 2079, "Matt Wright FormMail Remote Command Execution Vulnerability". FormMail is a widely-used web-based e-mail gateway, which allows form-based input to be emailed to a specified user. User supplied data (from the "recipient" hidden field) is passed to a Perl OPEN function without proper input verification, allowing the use of the command separation shell metacharacter (;) to execute arbitrary commands on the remote host. Consequences could range from destruction of data and web site defacement to elevation of privileges through locally exploitable vulnerabilities. The Belkin N300 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 3.06

sources: NVD: CVE-2013-3090 // JVNDB: JVNDB-2013-005962 // CNVD: CNVD-2013-04024 // BID: 2080 // BID: 2079 // BID: 59497 // VULHUB: VHN-63092

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04024

AFFECTED PRODUCTS

vendor:belkinmodel:n300scope:eqversion: -

Trust: 1.6

vendor:belkinmodel:n300 wi-fi n routerscope: - version: -

Trust: 0.8

vendor:belkinmodel:n300 wi-fi n routerscope:eqversion:1.00.06

Trust: 0.6

vendor:mattmodel:wright formmailscope:eqversion:1.0

Trust: 0.6

vendor:mattmodel:wright formmailscope:neversion:1.9

Trust: 0.6

vendor:mattmodel:wright formmailscope:eqversion:1.8

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.7

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.6

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.5

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.4

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.3

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.2

Trust: 0.3

vendor:mattmodel:wright formmailscope:eqversion:1.1

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.8

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.7

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.6

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.5

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.4

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.3

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.2

Trust: 0.3

vendor:mattmodel:wright formmailscope:neversion:1.1

Trust: 0.3

vendor:belkinmodel:n300 f7d7301v1scope:eqversion:1.00.06

Trust: 0.3

sources: CNVD: CNVD-2013-04024 // BID: 2080 // BID: 2079 // BID: 59497 // JVNDB: JVNDB-2013-005962 // CNNVD: CNNVD-201304-590 // NVD: CVE-2013-3090

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3090
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3090
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04024
value: LOW

Trust: 0.6

CNNVD: CNNVD-201304-590
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63092
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3090
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04024
severity: LOW
baseScore: 2.9
vectorString: AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 5.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63092
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04024 // VULHUB: VHN-63092 // JVNDB: JVNDB-2013-005962 // CNNVD: CNNVD-201304-590 // NVD: CVE-2013-3090

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63092 // JVNDB: JVNDB-2013-005962 // NVD: CVE-2013-3090

THREAT TYPE

network

Trust: 0.9

sources: BID: 2080 // BID: 2079 // BID: 59497

TYPE

Input Validation Error

Trust: 0.6

sources: BID: 2079 // BID: 59497

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005962

PATCH
title:N300 Wi-Fi N Routerurl:http://www.belkin.com/us/support-product?pid=01t80000002wBTUAA2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005962

EXTERNAL IDS
db:NVDid:CVE-2013-3090
Trust: 3.4
db:BIDid:59497
Trust: 1.0
db:XFid:300
Trust: 0.9
db:JVNDBid:JVNDB-2013-005962
Trust: 0.8
db:CNNVDid:CNNVD-201304-590
Trust: 0.7
db:CNVDid:CNVD-2013-04024
Trust: 0.6
db:BIDid:2079
Trust: 0.6
db:XFid:83837
Trust: 0.6
db:BIDid:2080
Trust: 0.3
db:VULHUBid:VHN-63092
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04024 // 
            
            
            
            VULHUB: VHN-63092 // 
            
            
            
            BID: 2080 // 
            
            
            
            BID: 2079 // 
            
            
            
            BID: 59497 // 
            
            
            
            JVNDB: JVNDB-2013-005962 // 
            
            
            
            CNNVD: CNNVD-201304-590 // 
            
            
            
            NVD: CVE-2013-3090

REFERENCES
url:http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf
Trust: 1.7
url:http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/83837
Trust: 1.1
url:http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3090
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3090
Trust: 0.8
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 0.8
url:http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
Trust: 0.6
url:http://www.worldwidemart.com/scripts/formmail.shtml
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/83837
Trust: 0.6
url:http://www.securityfocus.com/bid/59497
Trust: 0.6
url:http://xforce.iss.net/static/300.php
Trust: 0.3
url:http://www.securityfocus.com/bid/2079
Trust: 0.3
url:http://www.guard.dubna.ru/cgibug.html
Trust: 0.3
url:http://www.belkin.com/index.asp
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04024 // 
            
            
            
            VULHUB: VHN-63092 // 
            
            
            
            BID: 2080 // 
            
            
            
            BID: 2079 // 
            
            
            
            BID: 59497 // 
            
            
            
            JVNDB: JVNDB-2013-005962 // 
            
            
            
            CNNVD: CNNVD-201304-590 // 
            
            
            
            NVD: CVE-2013-3090

CREDITS
Jacob Holcomb of Independent Security Evaluators
Trust: 0.9
sources:
            
            
            BID: 59497 // 
            
            
            
            CNNVD: CNNVD-201304-590

SOURCES
db:CNVDid:CNVD-2013-04024
db:VULHUBid:VHN-63092
db:BIDid:2080
db:BIDid:2079
db:BIDid:59497
db:JVNDBid:JVNDB-2013-005962
db:CNNVDid:CNNVD-201304-590
db:NVDid:CVE-2013-3090

LAST UPDATE DATE
2024-08-14T12:47:47.083000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04024date:2013-04-24T00:00:00
db:VULHUBid:VHN-63092date:2017-08-29T00:00:00
db:BIDid:2080date:1997-01-01T00:00:00
db:BIDid:2079date:1995-08-02T00:00:00
db:BIDid:59497date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-005962date:2014-02-03T00:00:00
db:CNNVDid:CNNVD-201304-590date:2014-02-07T00:00:00
db:NVDid:CVE-2013-3090date:2017-08-29T01:33:21.950

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04024date:2013-04-24T00:00:00
db:VULHUBid:VHN-63092date:2014-01-30T00:00:00
db:BIDid:2080date:1997-01-01T00:00:00
db:BIDid:2079date:1995-08-02T00:00:00
db:BIDid:59497date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-005962date:2014-02-03T00:00:00
db:CNNVDid:CNNVD-201304-590date:2013-04-27T00:00:00
db:NVDid:CVE-2013-3090date:2014-01-30T15:06:22.970