Sign-up

ID

VAR-201801-1316


CVE

CVE-2018-6193


TITLE

Routers2 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-04403 // CNNVD: CNNVD-201801-905

DESCRIPTION

A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, affecting the 'rtr' GET parameter in a page=graph action to cgi-bin/routers2.pl. Routers2 Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Routers2 is a front-end routing setup tool. A remote attacker could exploit this vulnerability to inject malicious scripts into a client browser

Trust: 2.25

sources: NVD: CVE-2018-6193 // JVNDB: JVNDB-2018-001595 // CNVD: CNVD-2018-04403 // VULHUB: VHN-136225

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-04403

AFFECTED PRODUCTS

vendor:routers2model:routers2scope:eqversion:2.24

Trust: 2.2

vendor:steve shipwaymodel:routers2scope:eqversion:2.24

Trust: 0.8

sources: CNVD: CNVD-2018-04403 // JVNDB: JVNDB-2018-001595 // CNNVD: CNNVD-201801-905 // NVD: CVE-2018-6193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6193
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-6193
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-04403
value: LOW

Trust: 0.6

CNNVD: CNNVD-201801-905
value: LOW

Trust: 0.6

VULHUB: VHN-136225
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-6193
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-04403
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-136225
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6193
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.6
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-04403 // VULHUB: VHN-136225 // JVNDB: JVNDB-2018-001595 // CNNVD: CNNVD-201801-905 // NVD: CVE-2018-6193

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-136225 // JVNDB: JVNDB-2018-001595 // NVD: CVE-2018-6193

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-905

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201801-905

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001595

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-136225

PATCH
title:XSS - `rtr` param #1url:https://github.com/sshipway/routers2/issues/1
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-001595

EXTERNAL IDS
db:NVDid:CVE-2018-6193
Trust: 3.1
db:EXPLOIT-DBid:44216
Trust: 1.7
db:JVNDBid:JVNDB-2018-001595
Trust: 0.8
db:EXPLOITDBid:44216
Trust: 0.6
db:CNVDid:CNVD-2018-04403
Trust: 0.6
db:CNNVDid:CNNVD-201801-905
Trust: 0.6
db:PACKETSTORMid:146591
Trust: 0.1
db:VULHUBid:VHN-136225
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-04403 // 
            
            
            
            VULHUB: VHN-136225 // 
            
            
            
            JVNDB: JVNDB-2018-001595 // 
            
            
            
            CNNVD: CNNVD-201801-905 // 
            
            
            
            NVD: CVE-2018-6193

REFERENCES
url:https://www.exploit-db.com/exploits/44216/
Trust: 1.7
url:https://github.com/sshipway/routers2/issues/1
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2018-6193
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6193
Trust: 0.8
sources:
            
            
            CNVD: CNVD-2018-04403 // 
            
            
            
            VULHUB: VHN-136225 // 
            
            
            
            JVNDB: JVNDB-2018-001595 // 
            
            
            
            CNNVD: CNNVD-201801-905 // 
            
            
            
            NVD: CVE-2018-6193

SOURCES
db:CNVDid:CNVD-2018-04403
db:VULHUBid:VHN-136225
db:JVNDBid:JVNDB-2018-001595
db:CNNVDid:CNNVD-201801-905
db:NVDid:CVE-2018-6193

LAST UPDATE DATE
2024-11-23T22:30:31.639000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-04403date:2018-03-06T00:00:00
db:VULHUBid:VHN-136225date:2018-03-03T00:00:00
db:JVNDBid:JVNDB-2018-001595date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-905date:2018-01-25T00:00:00
db:NVDid:CVE-2018-6193date:2024-11-21T04:10:15.977

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-04403date:2018-03-06T00:00:00
db:VULHUBid:VHN-136225date:2018-01-24T00:00:00
db:JVNDBid:JVNDB-2018-001595date:2018-02-26T00:00:00
db:CNNVDid:CNNVD-201801-905date:2018-01-25T00:00:00
db:NVDid:CVE-2018-6193date:2018-01-24T21:29:00.513