Sign-up

ID

VAR-202002-0518


CVE

CVE-2013-2676


TITLE

Brother MFC-9970CDW Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2013-05296 // CNNVD: CNNVD-201305-198

DESCRIPTION

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. Brother MFC-9970CDW Printer is prone to a remote information-disclosure vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ========================================= Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html ========================================= Keywords ========================================= XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676 ========================================= Summary ========================================= A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions. ========================================= Overview ========================================= Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup. ========================================= The Bug ========================================= Reflected Cross Site Scripting, CWE-79 ========================================= Vulnerable Parameters = id , val, kind + Query String Signature = "><script>alert(1)</script> ========================================= Version Identification ========================================= Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10 Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94 ========================================= PoC ========================================= PoC URL http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script> alert(1)</script> ========================================= CVE Information ========================================= CVE-2013-2507 is specific to Firmware G. XSS at: admin/log_to_net.html id parameter fax/copy_settings.html kind parameter CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L. XSS at: admin/admin_main.html name of an arbitrarily assigned URL parameter CVE-2013-2671 is for the XSS issues that are only present in Firmware L. CVEs for Firmware L: Cleartext submission of password CVE-2013-2672 Password field with autocomplete enabled CVE-2013-2673 Cross-domain Referer leakage CVE-2013-2674 Frameable response (Clickjacking) CVE-2013-2675 Private IP addresses disclosed CVE-2013-2676 CVSS 2 Score = 4.5 Timeline Attempt contact via e-mail in January 2013. Call the Toll Free Support Line in March 2013. Callback from Vendor in April 2013. E-mail sent to Vendor in April 2013. VENDOR UNRESPONSIVE Published May 3, 2013 Hoyt LLC Research Public Domain Report http://xss.cx/ ========================================= END ========================================= -----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526 wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2013-2676 // JVNDB: JVNDB-2013-007222 // CNVD: CNVD-2013-05296 // BID: 59726 // VULMON: CVE-2013-2676 // PACKETSTORM: 121553

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-05296

AFFECTED PRODUCTS

vendor:brothermodel:mfc-9970cdwscope:eqversion:1.10

Trust: 1.0

vendor:brothermodel:mfc-9970cdw lscope:eqversion:1.10

Trust: 0.9

vendor:brother industriesmodel:mfc-9970cdwscope:eqversion:1.10

Trust: 0.8

sources: CNVD: CNVD-2013-05296 // BID: 59726 // JVNDB: JVNDB-2013-007222 // NVD: CVE-2013-2676

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2676
value: HIGH

Trust: 1.0

NVD: JVNDB-2013-007222
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-05296
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-198
value: HIGH

Trust: 0.6

VULMON: CVE-2013-2676
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-2676
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

NVD: JVNDB-2013-007222
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-05296
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-2676
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2013-007222
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2013-05296 // VULMON: CVE-2013-2676 // JVNDB: JVNDB-2013-007222 // CNNVD: CNNVD-201305-198 // NVD: CVE-2013-2676

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2013-007222 // NVD: CVE-2013-2676

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-198

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201305-198

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-007222

PATCH
title:Top Pageurl:https://global.brother/en
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-007222

EXTERNAL IDS
db:NVDid:CVE-2013-2676
Trust: 3.5
db:BIDid:59726
Trust: 3.4
db:PACKETSTORMid:121553
Trust: 1.8
db:JVNDBid:JVNDB-2013-007222
Trust: 0.8
db:CNVDid:CNVD-2013-05296
Trust: 0.6
db:CNNVDid:CNNVD-201305-198
Trust: 0.6
db:VULMONid:CVE-2013-2676
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-05296 // 
            
            
            
            VULMON: CVE-2013-2676 // 
            
            
            
            BID: 59726 // 
            
            
            
            JVNDB: JVNDB-2013-007222 // 
            
            
            
            PACKETSTORM: 121553 // 
            
            
            
            CNNVD: CNNVD-201305-198 // 
            
            
            
            NVD: CVE-2013-2676

REFERENCES
url:https://www.securityfocus.com/bid/59726
Trust: 2.6
url:http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/84090
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2013-2676
Trust: 1.5
url:http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2676
Trust: 0.8
url:http://www.brother.com
Trust: 0.3
url:http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script>
Trust: 0.1
url:http://xss.cx/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2507
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2671
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2674
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2670
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2672
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2675
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2673
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-05296 // 
            
            
            
            VULMON: CVE-2013-2676 // 
            
            
            
            BID: 59726 // 
            
            
            
            JVNDB: JVNDB-2013-007222 // 
            
            
            
            PACKETSTORM: 121553 // 
            
            
            
            CNNVD: CNNVD-201305-198 // 
            
            
            
            NVD: CVE-2013-2676

CREDITS
Hoyt LLC Research
Trust: 0.9
sources:
            
            
            BID: 59726 // 
            
            
            
            CNNVD: CNNVD-201305-198

SOURCES
db:CNVDid:CNVD-2013-05296
db:VULMONid:CVE-2013-2676
db:BIDid:59726
db:JVNDBid:JVNDB-2013-007222
db:PACKETSTORMid:121553
db:CNNVDid:CNNVD-201305-198
db:NVDid:CVE-2013-2676

LAST UPDATE DATE
2024-08-14T13:48:30.494000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05296date:2013-05-14T00:00:00
db:VULMONid:CVE-2013-2676date:2020-02-12T00:00:00
db:BIDid:59726date:2013-05-06T00:00:00
db:JVNDBid:JVNDB-2013-007222date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-201305-198date:2020-05-26T00:00:00
db:NVDid:CVE-2013-2676date:2020-02-12T14:59:59.060

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-05296date:2013-05-14T00:00:00
db:VULMONid:CVE-2013-2676date:2020-02-04T00:00:00
db:BIDid:59726date:2013-05-06T00:00:00
db:JVNDBid:JVNDB-2013-007222date:2020-02-28T00:00:00
db:PACKETSTORMid:121553date:2013-05-08T02:27:54
db:CNNVDid:CNNVD-201305-198date:2013-05-09T00:00:00
db:NVDid:CVE-2013-2676date:2020-02-04T15:15:11.287