Sign-up

ID

VAR-201409-0058


CVE

CVE-2013-3066


TITLE

Linksys EA6500 Vulnerability in which important information is obtained in the firmware of

Trust: 0.8

sources: JVNDB: JVNDB-2013-006648

DESCRIPTION

Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/. The Netgear WNDR4700 is a wireless router device. No detailed vulnerability details are currently available. NetGear WNDR4700 is prone to an unspecified information-disclosure vulnerability

Trust: 2.61

sources: NVD: CVE-2013-3066 // JVNDB: JVNDB-2013-006648 // CNVD: CNVD-2013-04042 // BID: 59305 // VULHUB: VHN-63068 // VULMON: CVE-2013-3066

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04042

AFFECTED PRODUCTS

vendor:linksysmodel:ea6500scope:eqversion:1.1.28.147876

Trust: 1.6

vendor:linksysmodel:ea6500scope:eqversion: -

Trust: 1.0

vendor:cisco linksysmodel:ea6500scope: - version: -

Trust: 0.8

vendor:cisco linksysmodel:ea6500scope:eqversion:1.1.28.147876

Trust: 0.8

vendor:netgearmodel:wndr4700scope: - version: -

Trust: 0.6

vendor:netgearmodel:wndr4700scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-04042 // BID: 59305 // JVNDB: JVNDB-2013-006648 // CNNVD: CNNVD-201304-496 // NVD: CVE-2013-3066

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3066
value: HIGH

Trust: 1.0

NVD: CVE-2013-3066
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-04042
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201304-496
value: HIGH

Trust: 0.6

VULHUB: VHN-63068
value: HIGH

Trust: 0.1

VULMON: CVE-2013-3066
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3066
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2013-04042
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63068
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04042 // VULHUB: VHN-63068 // VULMON: CVE-2013-3066 // JVNDB: JVNDB-2013-006648 // CNNVD: CNNVD-201304-496 // NVD: CVE-2013-3066

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-63068 // JVNDB: JVNDB-2013-006648 // NVD: CVE-2013-3066

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-496

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201304-496

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006648

PATCH
title:Linksys Home Networkingurl:http://www.linksys.com/en-apac/home
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006648

EXTERNAL IDS
db:NVDid:CVE-2013-3066
Trust: 3.5
db:BIDid:59305
Trust: 1.7
db:JVNDBid:JVNDB-2013-006648
Trust: 0.8
db:CNNVDid:CNNVD-201304-496
Trust: 0.7
db:CNVDid:CNVD-2013-04042
Trust: 0.6
db:VULHUBid:VHN-63068
Trust: 0.1
db:VULMONid:CVE-2013-3066
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04042 // 
            
            
            
            VULHUB: VHN-63068 // 
            
            
            
            VULMON: CVE-2013-3066 // 
            
            
            
            BID: 59305 // 
            
            
            
            JVNDB: JVNDB-2013-006648 // 
            
            
            
            CNNVD: CNNVD-201304-496 // 
            
            
            
            NVD: CVE-2013-3066

REFERENCES
url:http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php
Trust: 2.6
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 1.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3066
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3066
Trust: 0.8
url:http://www.securityfocus.com/bid/59305
Trust: 0.7
url:http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/netgear_wndr4700.jsp
Trust: 0.6
url:http://www.netgear.com/wndr4700#
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04042 // 
            
            
            
            VULHUB: VHN-63068 // 
            
            
            
            VULMON: CVE-2013-3066 // 
            
            
            
            BID: 59305 // 
            
            
            
            JVNDB: JVNDB-2013-006648 // 
            
            
            
            CNNVD: CNNVD-201304-496 // 
            
            
            
            NVD: CVE-2013-3066

CREDITS
Jacob Holcomb
Trust: 0.9
sources:
            
            
            BID: 59305 // 
            
            
            
            CNNVD: CNNVD-201304-496

SOURCES
db:CNVDid:CNVD-2013-04042
db:VULHUBid:VHN-63068
db:VULMONid:CVE-2013-3066
db:BIDid:59305
db:JVNDBid:JVNDB-2013-006648
db:CNNVDid:CNNVD-201304-496
db:NVDid:CVE-2013-3066

LAST UPDATE DATE
2024-08-14T14:58:09.751000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04042date:2013-04-24T00:00:00
db:VULHUBid:VHN-63068date:2014-09-30T00:00:00
db:VULMONid:CVE-2013-3066date:2014-09-30T00:00:00
db:BIDid:59305date:2013-04-17T00:00:00
db:JVNDBid:JVNDB-2013-006648date:2014-10-01T00:00:00
db:CNNVDid:CNNVD-201304-496date:2014-10-08T00:00:00
db:NVDid:CVE-2013-3066date:2014-09-30T18:25:30.117

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04042date:2013-04-24T00:00:00
db:VULHUBid:VHN-63068date:2014-09-29T00:00:00
db:VULMONid:CVE-2013-3066date:2014-09-29T00:00:00
db:BIDid:59305date:2013-04-17T00:00:00
db:JVNDBid:JVNDB-2013-006648date:2014-10-01T00:00:00
db:CNNVDid:CNNVD-201304-496date:2013-04-24T00:00:00
db:NVDid:CVE-2013-3066date:2014-09-29T22:55:08.237