Details of VAR-201512-0079

ID

VAR-201512-0079

CVE

CVE-2015-5996

TITLE

Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-06114 // CNNVD: CNNVD-201509-206

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is "Cookie: language-en; admin:language-en" If the authentication information is not known, it may be accessed with administrator privileges. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. Mediabridge Medialink Wireless-N Broadband Router is prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible

Trust: 3.24

sources: NVD: CVE-2015-5996 // CERT/CC: VU#630872 // JVNDB: JVNDB-2015-004731 // CNVD: CNVD-2015-06114 // BID: 76609 // VULHUB: VHN-83957

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06114

AFFECTED PRODUCTS

vendor:	mediabridge	model:	medialink mwn-wapr300n	scope:	lte	version:	5.07.50	Trust: 1.0
vendor:	mediabridge	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	tenda	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	-	version:	-	Trust: 0.8
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	eq	version:	version 5.07.50	Trust: 0.8
vendor:	mediabridge	model:	products medialink wireless-n broadband router mwn-wapr300n	scope:	-	version:	-	Trust: 0.6
vendor:	mediabridge	model:	medialink mwn-wapr300n	scope:	eq	version:	5.07.50	Trust: 0.6
vendor:	mediabridge	model:	medialink wireless-n broadband router mwn-wapr300n	scope:	eq	version:	5.07.50	Trust: 0.3

sources: CERT/CC: VU#630872 // CNVD: CNVD-2015-06114 // BID: 76609 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-206 // NVD: CVE-2015-5996

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5996
value:	HIGH
Trust: 1.0
IPA:	JVNDB-2015-004731
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06114
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-206
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83957
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5996
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2015-004731
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2015-06114
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83957
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-5996
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2015-06114 // VULHUB: VHN-83957 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-206 // NVD: CVE-2015-5996

PROBLEMTYPE DATA

problemtype:	CWE-352	Trust: 1.9
problemtype:	CWE-Other	Trust: 0.8
problemtype:	CWE-255	Trust: 0.8
problemtype:	CWE-264	Trust: 0.8

sources: VULHUB: VHN-83957 // JVNDB: JVNDB-2015-004731 // NVD: CVE-2015-5996

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-206

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201509-206

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004731

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-83957

PATCH

title:

Medialink Wireless-N Broadband Router with Internal Antennas (300 Mbps)

url:

http://www.mediabridgeproducts.com/store/pc/viewPrd.asp?idproduct=374

Trust: 0.8

sources: JVNDB: JVNDB-2015-004731

EXTERNAL IDS

db:	CERT/CC	id:	VU#630872	Trust: 4.2
db:	NVD	id:	CVE-2015-5996	Trust: 3.4
db:	EXPLOIT-DB	id:	45078	Trust: 1.1
db:	JVN	id:	JVNVU94201169	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004731	Trust: 0.8
db:	CNNVD	id:	CNNVD-201509-206	Trust: 0.7
db:	CNVD	id:	CNVD-2015-06114	Trust: 0.6
db:	BID	id:	76609	Trust: 0.3
db:	PACKETSTORM	id:	148667	Trust: 0.1
db:	VULHUB	id:	VHN-83957	Trust: 0.1

sources: CERT/CC: VU#630872 // CNVD: CNVD-2015-06114 // VULHUB: VHN-83957 // BID: 76609 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-206 // NVD: CVE-2015-5996

REFERENCES

url:	https://www.kb.cert.org/vuls/id/630872	Trust: 3.4
url:	https://www.exploit-db.com/exploits/45078/	Trust: 1.1
url:	https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374&idcategory=198	Trust: 0.8
url:	http://www.tekrevue.com/one-mistake-fall-mediabridge/	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/255.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/784.html	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.8
url:	http://seclists.org/fulldisclosure/2016/may/60	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5994	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5995	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5996	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu94201169/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5994	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5995	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5996	Trust: 0.8
url:	https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374	Trust: 0.6
url:	http://www.mediabridgeproducts.com/store/pc/home.asp	Trust: 0.3

sources: CERT/CC: VU#630872 // CNVD: CNVD-2015-06114 // VULHUB: VHN-83957 // BID: 76609 // JVNDB: JVNDB-2015-004731 // CNNVD: CNNVD-201509-206 // NVD: CVE-2015-5996

CREDITS

Joel Land of the CERT/CC.

Trust: 0.3

sources: BID: 76609

SOURCES

db:	CERT/CC	id:	VU#630872
db:	CNVD	id:	CNVD-2015-06114
db:	VULHUB	id:	VHN-83957
db:	BID	id:	76609
db:	JVNDB	id:	JVNDB-2015-004731
db:	CNNVD	id:	CNNVD-201509-206
db:	NVD	id:	CVE-2015-5996

LAST UPDATE DATE

2024-11-23T22:13:21.932000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#630872	date:	2016-05-31T00:00:00
db:	CNVD	id:	CNVD-2015-06114	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83957	date:	2018-07-28T00:00:00
db:	BID	id:	76609	date:	2015-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-004731	date:	2016-01-07T00:00:00
db:	CNNVD	id:	CNNVD-201509-206	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-5996	date:	2024-11-21T02:34:15.997

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#630872	date:	2015-09-03T00:00:00
db:	CNVD	id:	CNVD-2015-06114	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83957	date:	2015-12-31T00:00:00
db:	BID	id:	76609	date:	2015-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2015-004731	date:	2015-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201509-206	date:	2015-09-17T00:00:00
db:	NVD	id:	CVE-2015-5996	date:	2015-12-31T05:59:13.863