Sign-up

ID

VAR-202002-0571


CVE

CVE-2013-3568


TITLE

Cisco Linksys WRT110 Cross-site request forgery vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2013-007218

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Cisco Linksys WRT110 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors. Cisco Linksys WRT110 Exists in a cross-site request forgery vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. The Linksys WRT110 is a wireless router device. The Linksys WRT110 WEB interface does not filter PING target data, nor does it lack CSRF token protection, allowing remote attackers to execute system commands by requesting forgery attacks across sites. Linksys WRT110 is prone to cross-site request-forgery and command-injection vulnerabilities. Exploiting these issues may allow a remote attacker to perform certain administrative actions and execute arbitrary shell commands with root privileges. Other attacks are also possible. Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin has responded to my report to say that the vulnerability is mitigated by a 10 minute idle-timeout feature which is available for the admin portal on this device. It is likely that other devices with similar firmware are prone to this as well. The command execution will not return output but it is possible to direct output into files which are available upon subsequent HTTP requests. This issue was assigned as CVE-2013-3568. Kind Regards, Craig Young (@CraigTweets)

Trust: 2.52

sources: NVD: CVE-2013-3568 // JVNDB: JVNDB-2013-007218 // CNVD: CNVD-2013-09658 // BID: 61151 // PACKETSTORM: 122376

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-09658

AFFECTED PRODUCTS

vendor:ciscomodel:linksys wrt110scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:linksys wrt110scope: - version: -

Trust: 0.8

vendor:linksysmodel:wrt110scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2013-09658 // JVNDB: JVNDB-2013-007218 // NVD: CVE-2013-3568

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3568
value: HIGH

Trust: 1.0

NVD: JVNDB-2013-007218
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-09658
value: LOW

Trust: 0.6

CNNVD: CNNVD-201307-248
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-3568
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2013-007218
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-09658
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-3568
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: JVNDB-2013-007218
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2013-09658 // JVNDB: JVNDB-2013-007218 // CNNVD: CNNVD-201307-248 // NVD: CVE-2013-3568

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.8

sources: JVNDB: JVNDB-2013-007218 // NVD: CVE-2013-3568

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-248

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201307-248

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-007218

PATCH
title:Top Pageurl:https://www.cisco.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-007218

EXTERNAL IDS
db:NVDid:CVE-2013-3568
Trust: 3.4
db:BIDid:61151
Trust: 3.3
db:EXPLOIT-DBid:28484
Trust: 1.6
db:JVNDBid:JVNDB-2013-007218
Trust: 0.8
db:CNVDid:CNVD-2013-09658
Trust: 0.6
db:CNNVDid:CNNVD-201307-248
Trust: 0.6
db:PACKETSTORMid:122376
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-09658 // 
            
            
            
            BID: 61151 // 
            
            
            
            JVNDB: JVNDB-2013-007218 // 
            
            
            
            PACKETSTORM: 122376 // 
            
            
            
            CNNVD: CNNVD-201307-248 // 
            
            
            
            NVD: CVE-2013-3568

REFERENCES
url:http://www.securityfocus.com/bid/61151
Trust: 3.0
url:http://www.exploit-db.com/exploits/28484
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/85642
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2013-3568
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3568
Trust: 0.8
url:http://www.linksys.com
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-09658 // 
            
            
            
            BID: 61151 // 
            
            
            
            JVNDB: JVNDB-2013-007218 // 
            
            
            
            PACKETSTORM: 122376 // 
            
            
            
            CNNVD: CNNVD-201307-248 // 
            
            
            
            NVD: CVE-2013-3568

CREDITS
Craig Young
Trust: 1.0
sources:
            
            
            BID: 61151 // 
            
            
            
            PACKETSTORM: 122376 // 
            
            
            
            CNNVD: CNNVD-201307-248

SOURCES
db:CNVDid:CNVD-2013-09658
db:BIDid:61151
db:JVNDBid:JVNDB-2013-007218
db:PACKETSTORMid:122376
db:CNNVDid:CNNVD-201307-248
db:NVDid:CVE-2013-3568

LAST UPDATE DATE
2024-11-23T22:51:30.187000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-09658date:2013-07-25T00:00:00
db:BIDid:61151date:2013-09-21T00:15:00
db:JVNDBid:JVNDB-2013-007218date:2020-02-28T00:00:00
db:CNNVDid:CNNVD-201307-248date:2020-05-26T00:00:00
db:NVDid:CVE-2013-3568date:2024-11-21T01:53:54.220

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-09658date:2013-07-17T00:00:00
db:BIDid:61151date:2013-07-12T00:00:00
db:JVNDBid:JVNDB-2013-007218date:2020-02-28T00:00:00
db:PACKETSTORMid:122376date:2013-07-12T11:11:11
db:CNNVDid:CNNVD-201307-248date:2013-07-15T00:00:00
db:NVDid:CVE-2013-3568date:2020-02-06T22:15:10.577