Details of VAR-202001-0860

ID

VAR-202001-0860

CVE

CVE-2013-3317

TITLE

Netgear WNR1000v3 Vulnerabilities related to authentication in firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-007118

DESCRIPTION

Netgear WNR1000v3 with firmware before 1.0.2.60 contains an Authentication Bypass via the NtgrBak key. Netgear WNR1000v3 Contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The NetGear WNR1000 is a wireless router device. The NetGear WNR1000 device does not properly limit the restrictions on user-submitted URL requests, allowing an attacker to exploit the vulnerability to add \".jpg\" to the URL to bypass restrictions and access arbitrary files, such as configuration files

Trust: 2.16

sources: NVD: CVE-2013-3317 // JVNDB: JVNDB-2013-007118 // CNVD: CNVD-2013-03626

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-03626

AFFECTED PRODUCTS

vendor:	netgear	model:	wnr1000	scope:	lt	version:	1.0.2.60	Trust: 1.0
vendor:	ネットギア	model:	wnr1000v3	scope:	eq	version:	-	Trust: 0.8
vendor:	ネットギア	model:	wnr1000v3	scope:	lt	version:	wnr1000v3 firmware 1.0.2.6	Trust: 0.8
vendor:	netgear	model:	wnr1000	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-03626 // JVNDB: JVNDB-2013-007118 // NVD: CVE-2013-3317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3317
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2013-3317
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2013-03626
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202001-1320
value:	CRITICAL
Trust: 0.6

nvd@nist.gov:	CVE-2013-3317
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-03626
severity:	MEDIUM
baseScore:	4.8
vectorString:	AV:A/AC:L/AU:N/C:P/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-3317
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2013-3317
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-03626 // JVNDB: JVNDB-2013-007118 // CNNVD: CNNVD-202001-1320 // NVD: CVE-2013-3317

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.0
problemtype:	Incorrect authentication (CWE-287) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2013-007118 // NVD: CVE-2013-3317

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202001-1320

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202001-1320

PATCH

title:	WNR1000v3	url:	https://www.netgear.com/support/product/WNR1000v3	Trust: 0.8
title:	NetGear WNR1000 '.jpg' security bypass vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/33527	Trust: 0.6
title:	Netgear WNR1000v3 Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=109815	Trust: 0.6

sources: CNVD: CNVD-2013-03626 // JVNDB: JVNDB-2013-007118 // CNNVD: CNNVD-202001-1320

EXTERNAL IDS

db:	EXPLOIT-DB	id:	24916	Trust: 3.0
db:	NVD	id:	CVE-2013-3317	Trust: 2.4
db:	JVNDB	id:	JVNDB-2013-007118	Trust: 0.8
db:	SECUNIA	id:	52856	Trust: 0.6
db:	CNVD	id:	CNVD-2013-03626	Trust: 0.6
db:	CNNVD	id:	CNNVD-202001-1320	Trust: 0.6

sources: CNVD: CNVD-2013-03626 // JVNDB: JVNDB-2013-007118 // CNNVD: CNNVD-202001-1320 // NVD: CVE-2013-3317

REFERENCES

url:	http://www.exploit-db.com/exploits/24916/	Trust: 2.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3317	Trust: 1.4
url:	https://www.exploit-db.com/exploits/24916	Trust: 0.8
url:	http://www.secunia.com/advisories/52856/	Trust: 0.6

sources: CNVD: CNVD-2013-03626 // JVNDB: JVNDB-2013-007118 // CNNVD: CNNVD-202001-1320 // NVD: CVE-2013-3317

SOURCES

db:	CNVD	id:	CNVD-2013-03626
db:	JVNDB	id:	JVNDB-2013-007118
db:	CNNVD	id:	CNNVD-202001-1320
db:	NVD	id:	CVE-2013-3317

LAST UPDATE DATE

2024-08-14T14:32:23.659000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-03626	date:	2013-05-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-007118	date:	2020-02-13T00:00:00
db:	CNNVD	id:	CNNVD-202001-1320	date:	2022-07-01T00:00:00
db:	NVD	id:	CVE-2013-3317	date:	2020-02-01T17:02:56.693

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-03626	date:	2013-04-22T00:00:00
db:	JVNDB	id:	JVNDB-2013-007118	date:	2020-02-13T00:00:00
db:	CNNVD	id:	CNNVD-202001-1320	date:	2020-01-29T00:00:00
db:	NVD	id:	CVE-2013-3317	date:	2020-01-29T22:15:11.157