Details of VAR-201402-0187

ID

VAR-201402-0187

CVE

CVE-2013-7183

TITLE

Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#431726

DESCRIPTION

cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action. Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities. Seowon Intech SWC-9100 Routers is a wireless router product from South Korea's Seowon Intech. WiMAX SWC-9100 Mobile Router is prone to a security-bypass vulnerability and a command-injection vulnerability. Exploiting these issues could allow an attacker to bypass certain security restrictions or execute arbitrary commands in the context of the device

Trust: 3.15

sources: NVD: CVE-2013-7183 // CERT/CC: VU#431726 // JVNDB: JVNDB-2013-005987 // CNVD: CNVD-2014-00706 // BID: 65306

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-00706

AFFECTED PRODUCTS

vendor:	seowonintech	model:	swc-9100	scope:	eq	version:	-	Trust: 1.6
vendor:	seowon intech	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	seowon intech	model:	wimax swc-9100	scope:	-	version:	-	Trust: 0.8
vendor:	seowon intech	model:	swc-9100	scope:	-	version:	-	Trust: 0.6
vendor:	seowonintech	model:	wimax swc-9100 mobile router	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#431726 // CNVD: CNVD-2014-00706 // BID: 65306 // JVNDB: JVNDB-2013-005987 // CNNVD: CNNVD-201402-025 // NVD: CVE-2013-7183

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-7183
value:	HIGH
Trust: 1.0
NVD:	CVE-2013-7183
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2014-00706
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201402-025
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2013-7183
severity:	HIGH
baseScore:	7.8
vectorString:	AV:A/AC:L/AU:N/C:N/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	9.2
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-00706
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00706 // JVNDB: JVNDB-2013-005987 // CNNVD: CNNVD-201402-025 // NVD: CVE-2013-7183

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.8
problemtype:	CWE-425	Trust: 0.8
problemtype:	CWE-77	Trust: 0.8
problemtype:	CWE-Other	Trust: 0.8

sources: CERT/CC: VU#431726 // JVNDB: JVNDB-2013-005987 // NVD: CVE-2013-7183

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201402-025

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201402-025

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005987

PATCH

title:	WiMAX	url:	http://www.seowonintech.co.kr/jp/product/detail.asp?num=123&big_kind=B04&middle_kind=B04_06	Trust: 0.8
title:	Patch for multiple vulnerabilities (CNVD-2014-00706) on Seowon Intech SWC-9100 Routers	url:	https://www.cnvd.org.cn/patchInfo/show/43268	Trust: 0.6

sources: CNVD: CNVD-2014-00706 // JVNDB: JVNDB-2013-005987

EXTERNAL IDS

db:	CERT/CC	id:	VU#431726	Trust: 4.1
db:	NVD	id:	CVE-2013-7183	Trust: 3.3
db:	OSVDB	id:	102817	Trust: 1.0
db:	SECUNIA	id:	56756	Trust: 1.0
db:	BID	id:	65306	Trust: 0.9
db:	JVN	id:	JVNVU95318893	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-005987	Trust: 0.8
db:	CNVD	id:	CNVD-2014-00706	Trust: 0.6
db:	CNNVD	id:	CNNVD-201402-025	Trust: 0.6

sources: CERT/CC: VU#431726 // CNVD: CNVD-2014-00706 // BID: 65306 // JVNDB: JVNDB-2013-005987 // CNNVD: CNNVD-201402-025 // NVD: CVE-2013-7183

REFERENCES

url:	http://www.kb.cert.org/vuls/id/431726	Trust: 3.3
url:	http://www.seowonintech.co.kr/en/product/detail.asp?num=117&big_kind=b04&middle_kind=b04_07	Trust: 1.1
url:	http://osvdb.org/102817	Trust: 1.0
url:	http://secunia.com/advisories/56756	Trust: 1.0
url:	http://cwe.mitre.org/data/definitions/77.html	Trust: 0.8
url:	http://cwe.mitre.org/data/definitions/425.html	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7183	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu95318893/	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7183	Trust: 0.8

sources: CERT/CC: VU#431726 // CNVD: CNVD-2014-00706 // BID: 65306 // JVNDB: JVNDB-2013-005987 // CNNVD: CNNVD-201402-025 // NVD: CVE-2013-7183

CREDITS

Josue Rojas

Trust: 0.3

sources: BID: 65306

SOURCES

db:	CERT/CC	id:	VU#431726
db:	CNVD	id:	CNVD-2014-00706
db:	BID	id:	65306
db:	JVNDB	id:	JVNDB-2013-005987
db:	CNNVD	id:	CNNVD-201402-025
db:	NVD	id:	CVE-2013-7183

LAST UPDATE DATE

2024-08-14T14:21:13.582000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#431726	date:	2014-02-11T00:00:00
db:	CNVD	id:	CNVD-2014-00706	date:	2014-02-11T00:00:00
db:	BID	id:	65306	date:	2014-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-005987	date:	2016-02-10T00:00:00
db:	CNNVD	id:	CNNVD-201402-025	date:	2014-02-08T00:00:00
db:	NVD	id:	CVE-2013-7183	date:	2015-12-18T17:49:33.733

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#431726	date:	2014-02-03T00:00:00
db:	CNVD	id:	CNVD-2014-00706	date:	2014-02-11T00:00:00
db:	BID	id:	65306	date:	2014-02-03T00:00:00
db:	JVNDB	id:	JVNDB-2013-005987	date:	2014-02-05T00:00:00
db:	CNNVD	id:	CNNVD-201402-025	date:	2014-02-08T00:00:00
db:	NVD	id:	CVE-2013-7183	date:	2014-02-04T05:39:08.433