Sign-up

ID

VAR-201402-0184


CVE

CVE-2013-7179


TITLE

Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#431726

DESCRIPTION

The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter. In addition, JVNVU#95318893 Then CWE-77 It is published as CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlBy a third party ping_ipaddr An arbitrary command may be executed via the shell metacharacter in the parameter. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability

Trust: 3.15

sources: NVD: CVE-2013-7179 // CERT/CC: VU#431726 // JVNDB: JVNDB-2013-005986 // CNVD: CNVD-2014-00709 // BID: 65306

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00709

AFFECTED PRODUCTS

vendor:seowonintechmodel:swc-9100scope:eqversion: -

Trust: 1.6

vendor:seowon intechmodel: - scope: - version: -

Trust: 0.8

vendor:seowon intechmodel:wimax swc-9100scope: - version: -

Trust: 0.8

vendor:seowon intechmodel:swc-9100scope: - version: -

Trust: 0.6

vendor:seowonintechmodel:wimax swc-9100 mobile routerscope:eqversion:0

Trust: 0.3

sources: CERT/CC: VU#431726 // CNVD: CNVD-2014-00709 // BID: 65306 // JVNDB: JVNDB-2013-005986 // CNNVD: CNNVD-201402-022 // NVD: CVE-2013-7179

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7179
value: HIGH

Trust: 1.0

NVD: CVE-2013-7179
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00709
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201402-022
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-7179
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00709
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-00709 // JVNDB: JVNDB-2013-005986 // CNNVD: CNNVD-201402-022 // NVD: CVE-2013-7179

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-425

Trust: 0.8

problemtype:CWE-77

Trust: 0.8

problemtype:CWE-Other

Trust: 0.8

sources: CERT/CC: VU#431726 // JVNDB: JVNDB-2013-005986 // NVD: CVE-2013-7179

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201402-022

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201402-022

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005986

PATCH
title:WiMAXurl:http://www.seowonintech.co.kr/jp/product/detail.asp?num=123&big_kind=B04&middle_kind=B04_06
Trust: 0.8
title:Patch for multiple vulnerabilities (CNVD-2014-00709) on Seowon Intech SWC-9100 Routersurl:https://www.cnvd.org.cn/patchInfo/show/43269
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00709 // 
            
            
            
            JVNDB: JVNDB-2013-005986

EXTERNAL IDS
db:CERT/CCid:VU#431726
Trust: 4.1
db:NVDid:CVE-2013-7179
Trust: 3.3
db:SECUNIAid:56756
Trust: 1.0
db:JVNid:JVNVU95318893
Trust: 0.8
db:JVNDBid:JVNDB-2013-005986
Trust: 0.8
db:CNVDid:CNVD-2014-00709
Trust: 0.6
db:CNNVDid:CNNVD-201402-022
Trust: 0.6
db:BIDid:65306
Trust: 0.3
sources:
            
            
            CERT/CC: VU#431726 // 
            
            
            
            CNVD: CNVD-2014-00709 // 
            
            
            
            BID: 65306 // 
            
            
            
            JVNDB: JVNDB-2013-005986 // 
            
            
            
            CNNVD: CNNVD-201402-022 // 
            
            
            
            NVD: CVE-2013-7179

REFERENCES
url:http://www.kb.cert.org/vuls/id/431726
Trust: 3.3
url:http://www.seowonintech.co.kr/en/product/detail.asp?num=117&big_kind=b04&middle_kind=b04_07
Trust: 1.1
url:http://secunia.com/advisories/56756
Trust: 1.0
url:http://cwe.mitre.org/data/definitions/77.html
Trust: 0.8
url:http://cwe.mitre.org/data/definitions/425.html
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7179
Trust: 0.8
url:http://jvn.jp/vu/jvnvu95318893/
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7179
Trust: 0.8
sources:
            
            
            CERT/CC: VU#431726 // 
            
            
            
            CNVD: CNVD-2014-00709 // 
            
            
            
            BID: 65306 // 
            
            
            
            JVNDB: JVNDB-2013-005986 // 
            
            
            
            CNNVD: CNNVD-201402-022 // 
            
            
            
            NVD: CVE-2013-7179

CREDITS
Josue Rojas
Trust: 0.3
sources:
            
            
            BID: 65306

SOURCES
db:CERT/CCid:VU#431726
db:CNVDid:CNVD-2014-00709
db:BIDid:65306
db:JVNDBid:JVNDB-2013-005986
db:CNNVDid:CNNVD-201402-022
db:NVDid:CVE-2013-7179

LAST UPDATE DATE
2024-11-23T22:08:23.237000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#431726date:2014-02-11T00:00:00
db:CNVDid:CNVD-2014-00709date:2014-02-11T00:00:00
db:BIDid:65306date:2014-02-03T00:00:00
db:JVNDBid:JVNDB-2013-005986date:2014-02-05T00:00:00
db:CNNVDid:CNNVD-201402-022date:2014-02-08T00:00:00
db:NVDid:CVE-2013-7179date:2024-11-21T02:00:26.577

SOURCES RELEASE DATE
db:CERT/CCid:VU#431726date:2014-02-03T00:00:00
db:CNVDid:CNVD-2014-00709date:2014-02-11T00:00:00
db:BIDid:65306date:2014-02-03T00:00:00
db:JVNDBid:JVNDB-2013-005986date:2014-02-05T00:00:00
db:CNNVDid:CNNVD-201402-022date:2014-02-08T00:00:00
db:NVDid:CVE-2013-7179date:2014-02-04T05:39:08.357