Sign-up

ID

VAR-201404-0101


CVE

CVE-2013-3069


TITLE

Netgear WNDR4700 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-04043 // CNNVD: CNNVD-201304-495

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR WNDR4700 with firmware 1.0.0.34 allow remote authenticated users to inject arbitrary web script or HTML via the (1) UserName or (2) Password to the NAS User Setup page, (3) deviceName to USB_advanced.htm, or (4) Network Key to the Wireless Setup page. The NetgearWNDR4700 is a wireless router device. The NetgearWNDR4700 has a remote cross-site scripting attack that allows remote attackers to exploit exploits to build specially crafted URIs that trick users into parsing, gaining sensitive information or hijacking user sessions. NetGear WNDR4700 is prone to an unspecified cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected device. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetGear WNDR4700 running firmware 1.0.0.34 is vulnerable

Trust: 2.52

sources: NVD: CVE-2013-3069 // JVNDB: JVNDB-2013-006358 // CNVD: CNVD-2013-04043 // BID: 59306 // VULHUB: VHN-63071

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04043

AFFECTED PRODUCTS

vendor:netgearmodel:wndr4700scope:eqversion:1.0.0.34

Trust: 2.5

vendor:netgearmodel:wndr4700scope:eqversion: -

Trust: 1.0

vendor:net gearmodel:wndr4700scope: - version: -

Trust: 0.8

vendor:net gearmodel:wndr4700scope:eqversion:1.0.0.34

Trust: 0.8

sources: CNVD: CNVD-2013-04043 // BID: 59306 // JVNDB: JVNDB-2013-006358 // CNNVD: CNNVD-201304-495 // NVD: CVE-2013-3069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3069
value: LOW

Trust: 1.0

NVD: CVE-2013-3069
value: LOW

Trust: 0.8

CNVD: CNVD-2013-04043
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201304-495
value: LOW

Trust: 0.6

VULHUB: VHN-63071
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2013-3069
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04043
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63071
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04043 // VULHUB: VHN-63071 // JVNDB: JVNDB-2013-006358 // CNNVD: CNNVD-201304-495 // NVD: CVE-2013-3069

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63071 // JVNDB: JVNDB-2013-006358 // NVD: CVE-2013-3069

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-495

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-495

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006358

PATCH
title:WNDR4700 Firmware Version 1.0.0.52url:http://kb.netgear.com/app/answers/detail/a_id/23728/~/wndr4700-firmware-version-1.0.0.52
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006358

EXTERNAL IDS
db:NVDid:CVE-2013-3069
Trust: 3.4
db:OSVDBid:92557
Trust: 1.7
db:BIDid:59306
Trust: 1.6
db:JVNDBid:JVNDB-2013-006358
Trust: 0.8
db:CNNVDid:CNNVD-201304-495
Trust: 0.7
db:CNVDid:CNVD-2013-04043
Trust: 0.6
db:VULHUBid:VHN-63071
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04043 // 
            
            
            
            VULHUB: VHN-63071 // 
            
            
            
            BID: 59306 // 
            
            
            
            JVNDB: JVNDB-2013-006358 // 
            
            
            
            CNNVD: CNNVD-201304-495 // 
            
            
            
            NVD: CVE-2013-3069

REFERENCES
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 2.5
url:http://osvdb.org/92557
Trust: 1.7
url:http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3069
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3069
Trust: 0.8
url:http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
Trust: 0.6
url:http://www.securityfocus.com/bid/59306
Trust: 0.6
url:http://www.netgear.com/wndr4700#
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04043 // 
            
            
            
            VULHUB: VHN-63071 // 
            
            
            
            BID: 59306 // 
            
            
            
            JVNDB: JVNDB-2013-006358 // 
            
            
            
            CNNVD: CNNVD-201304-495 // 
            
            
            
            NVD: CVE-2013-3069

CREDITS
Jacob Holcomb of Independent Security Evaluators
Trust: 0.9
sources:
            
            
            BID: 59306 // 
            
            
            
            CNNVD: CNNVD-201304-495

SOURCES
db:CNVDid:CNVD-2013-04043
db:VULHUBid:VHN-63071
db:BIDid:59306
db:JVNDBid:JVNDB-2013-006358
db:CNNVDid:CNNVD-201304-495
db:NVDid:CVE-2013-3069

LAST UPDATE DATE
2024-08-14T15:30:12.817000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04043date:2013-04-24T00:00:00
db:VULHUBid:VHN-63071date:2014-04-25T00:00:00
db:BIDid:59306date:2013-04-17T00:00:00
db:JVNDBid:JVNDB-2013-006358date:2014-04-28T00:00:00
db:CNNVDid:CNNVD-201304-495date:2014-04-28T00:00:00
db:NVDid:CVE-2013-3069date:2014-04-25T18:07:16.803

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04043date:2013-04-24T00:00:00
db:VULHUBid:VHN-63071date:2014-04-25T00:00:00
db:BIDid:59306date:2013-04-17T00:00:00
db:JVNDBid:JVNDB-2013-006358date:2014-04-28T00:00:00
db:CNNVDid:CNNVD-201304-495date:2013-04-24T00:00:00
db:NVDid:CVE-2013-3069date:2014-04-25T17:12:03.097