Details of VAR-201512-0078

ID

VAR-201512-0078

CVE

CVE-2015-5995

TITLE

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#630872

DESCRIPTION

Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. There are also authentication bypass vulnerabilities and cross-site request forgery vulnerabilities. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is "Cookie: language-en; admin:language-en" If the authentication information is not known, it may be accessed with administrator privileges. CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision https://cwe.mitre.org/data/definitions/784.html In addition, National Vulnerability Database (NVD) Then CWE-264 It is published as Cross-site request forgery (CWE-352) - CVE-2015-5996 The product contains a cross-site request forgery vulnerability. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlA remote attacker may be able to cause unintended operations by users who are logged into the product. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. A security vulnerability exists in the Authorization feature of Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N. Local attackers can modify the requested cookie header to \342\200\230Cookie: language-en; admin:language-en\342\200\231 to bypass access restrictions. 1. An authentication-bypass vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible. Mediabridge Medialink MWN-WAPR300N is a product of American Mediabridge Company. Tenda N3 Wireless N150 is a product of the Chinese company Tenda

Trust: 3.33

sources: NVD: CVE-2015-5995 // CERT/CC: VU#630872 // JVNDB: JVNDB-2015-004731 // CNVD: CNVD-2015-06115 // BID: 76609 // VULHUB: VHN-83956 // VULMON: CVE-2015-5995

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06115

AFFECTED PRODUCTS

vendor:	mediabridge	model:	medialink mwn-wapr300n	scope:	lte	version:	5.07.50	Trust: 1.0
vendor:	tenda	model:	n3 wireless n150	scope:	eq	version:	*	Trust: 1.0
vendor:	mediabridge	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	-	version:	-	Trust: 0.8
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	eq	version:	version 5.07.50	Trust: 0.8
vendor:	mediabridge	model:	products medialink wireless-n broadband router mwn-wapr300n	scope:	-	version:	-	Trust: 0.6
vendor:	tenda	model:	n3 wireless n150	scope:	-	version:	-	Trust: 0.6
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	eq	version:	5.07.50	Trust: 0.3

sources: CERT/CC: VU#630872 // CNVD: CNVD-2015-06115 // BID: 76609 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-205 // NVD: CVE-2015-5995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5995
value:	CRITICAL
Trust: 1.0
IPA:	JVNDB-2015-004731
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06115
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-205
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-83956
value:	HIGH
Trust: 0.1
VULMON:	CVE-2015-5995
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-5995
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
IPA:	JVNDB-2015-004731
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-06115
severity:	MEDIUM
baseScore:	4.4
vectorString:	AV:L/AC:M/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.4
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83956
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-5995
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2015-06115 // VULHUB: VHN-83956 // VULMON: CVE-2015-5995 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-205 // NVD: CVE-2015-5995

PROBLEMTYPE DATA

problemtype:	CWE-264	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-352	Trust: 0.8
problemtype:	CWE-255	Trust: 0.8

sources: VULHUB: VHN-83956 // JVNDB: JVNDB-2015-004731 // NVD: CVE-2015-5995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-205

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201509-205

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004731

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-83956 // VULMON: CVE-2015-5995

PATCH

title:	Medialink Wireless-N Broadband Router with Internal Antennas (300 Mbps)	url:	http://www.mediabridgeproducts.com/store/pc/viewPrd.asp?idproduct=374	Trust: 0.8
title:	TendaSpill	url:	https://github.com/shaheemirza/TendaSpill	Trust: 0.1
title:	TendaSpill	url:	https://github.com/beetles-cyber-security/TendaSpill	Trust: 0.1

sources: VULMON: CVE-2015-5995 // JVNDB: JVNDB-2015-004731

EXTERNAL IDS

db:	CERT/CC	id:	VU#630872	Trust: 4.3
db:	NVD	id:	CVE-2015-5995	Trust: 3.5
db:	JVN	id:	JVNVU94201169	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004731	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-205	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06115	Trust: 0.6
db:	BID	id:	76609	Trust: 0.3
db:	EXPLOIT-DB	id:	41402	Trust: 0.2
db:	VULHUB	id:	VHN-83956	Trust: 0.1
db:	VULMON	id:	CVE-2015-5995	Trust: 0.1

sources: CERT/CC: VU#630872 // CNVD: CNVD-2015-06115 // VULHUB: VHN-83956 // VULMON: CVE-2015-5995 // BID: 76609 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-205 // NVD: CVE-2015-5995

REFERENCES

url:	https://www.kb.cert.org/vuls/id/630872	Trust: 3.6
url:	https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374&idcategory=198	Trust: 0.8
url:	http://www.tekrevue.com/one-mistake-fall-mediabridge/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/784.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.8
url:	http://seclists.org/fulldisclosure/2016/may/60	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5994	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5995	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5996	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94201169/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5994	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5995	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5996	Trust: 0.8
url:	https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374	Trust: 0.6
url:	http://www.mediabridgeproducts.com/store/pc/home.asp	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://github.com/shaheemirza/tendaspill	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://www.exploit-db.com/exploits/41402/	Trust: 0.1

CREDITS

Joel Land of the CERT/CC.

Trust: 0.3

sources: BID: 76609

SOURCES

db:	CERT/CC	id:	VU#630872
db:	CNVD	id:	CNVD-2015-06115
db:	VULHUB	id:	VHN-83956
db:	VULMON	id:	CVE-2015-5995
db:	BID	id:	76609
db:	JVNDB	id:	JVNDB-2015-004731
db:	CNNVD	id:	CNNVD-201509-205
db:	NVD	id:	CVE-2015-5995

LAST UPDATE DATE

2024-11-23T22:13:21.973000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#630872	date:	2016-05-31T00:00:00
db:	CNVD	id:	CNVD-2015-06115	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83956	date:	2015-12-31T00:00:00
db:	VULMON	id:	CVE-2015-5995	date:	2015-12-31T00:00:00
db:	BID	id:	76609	date:	2015-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-004731	date:	2016-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201509-205	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-5995	date:	2024-11-21T02:34:15.883

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#630872	date:	2015-09-03T00:00:00
db:	CNVD	id:	CNVD-2015-06115	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83956	date:	2015-12-31T00:00:00
db:	VULMON	id:	CVE-2015-5995	date:	2015-12-31T00:00:00
db:	BID	id:	76609	date:	2015-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-004731	date:	2015-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201509-205	date:	2015-09-17T00:00:00
db:	NVD	id:	CVE-2015-5995	date:	2015-12-31T05:59:12.800