Details of VAR-202302-0091

ID

VAR-202302-0091

CVE

CVE-2023-0639

TITLE

TRENDnet TEW-652BRP Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2023-003134

DESCRIPTION

A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the file get_set.ccp of the component Web Management Interface. The manipulation of the argument nextPage leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-220019. TRENDnet TEW-652BRP Exists in a cross-site scripting vulnerability.Information may be obtained and information may be tampered with. TRENDnet TEW-652BRP is a wireless router produced by TRENDnet in the United States. There is a cross-site scripting vulnerability in TRENDnet TEW-652BRP get_set.ccp, which allows remote attackers to exploit the vulnerability to inject malicious scripts or HTML codes. When malicious data is viewed, sensitive information can be obtained or user sessions can be hijacked

Trust: 2.25

sources: NVD: CVE-2023-0639 // JVNDB: JVNDB-2023-003134 // CNVD: CNVD-2023-22720 // VULMON: CVE-2023-0639

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2023-22720

AFFECTED PRODUCTS

vendor:	trendnet	model:	tew-652brp	scope:	eq	version:	3.04b01	Trust: 1.0
vendor:	trendnet	model:	tew-652brp	scope:	eq	version:	tew-652brp firmware 3.04b01	Trust: 0.8
vendor:	trendnet	model:	tew-652brp	scope:	eq	version:	-	Trust: 0.8
vendor:	trendnet	model:	tew-652brp 3.04b01	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2023-22720 // JVNDB: JVNDB-2023-003134 // NVD: CVE-2023-0639

CVSS

SEVERITY

CVSSV2

CVSSV3

cna@vuldb.com:	CVE-2023-0639
value:	LOW
Trust: 1.0
nvd@nist.gov:	CVE-2023-0639
value:	MEDIUM
Trust: 1.0
OTHER:	JVNDB-2023-003134
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2023-22720
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202302-141
value:	MEDIUM
Trust: 0.6

cna@vuldb.com:	CVE-2023-0639
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
OTHER:	JVNDB-2023-003134
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2023-22720
severity:	LOW
baseScore:	3.3
vectorString:	AV:N/AC:L/AU:M/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	MULTIPLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.4
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

cna@vuldb.com:	CVE-2023-0639
baseSeverity:	LOW
baseScore:	2.4
vectorString:	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	1.4
version:	3.1
Trust: 1.0
nvd@nist.gov:	CVE-2023-0639
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	JVNDB-2023-003134
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2023-22720 // JVNDB: JVNDB-2023-003134 // CNNVD: CNNVD-202302-141 // NVD: CVE-2023-0639 // NVD: CVE-2023-0639

PROBLEMTYPE DATA

problemtype:	CWE-79	Trust: 1.0
problemtype:	Cross-site scripting (CWE-79) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-003134 // NVD: CVE-2023-0639

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202302-141

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-202302-141

PATCH

title:	Top Page	url:	https://www.trendnet.com/home	Trust: 0.8
title:	Patch for TRENDnet TEW-652BRP cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/416781	Trust: 0.6
title:	-	url:	https://github.com/Live-Hack-CVE/CVE-2023-0639	Trust: 0.1

sources: CNVD: CNVD-2023-22720 // VULMON: CVE-2023-0639 // JVNDB: JVNDB-2023-003134

EXTERNAL IDS

db:	NVD	id:	CVE-2023-0639	Trust: 3.9
db:	VULDB	id:	220019	Trust: 1.7
db:	JVNDB	id:	JVNDB-2023-003134	Trust: 0.8
db:	CNVD	id:	CNVD-2023-22720	Trust: 0.6
db:	CNNVD	id:	CNNVD-202302-141	Trust: 0.6
db:	VULMON	id:	CVE-2023-0639	Trust: 0.1

sources: CNVD: CNVD-2023-22720 // VULMON: CVE-2023-0639 // JVNDB: JVNDB-2023-003134 // CNNVD: CNNVD-202302-141 // NVD: CVE-2023-0639

REFERENCES

url:	https://vuldb.com/?id.220019	Trust: 1.7
url:	https://vuldb.com/?ctiid.220019	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2023-0639	Trust: 1.4
url:	https://cxsecurity.com/cveshow/cve-2023-0639/	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/79.html	Trust: 0.1
url:	https://github.com/live-hack-cve/cve-2023-0639	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2023-22720 // VULMON: CVE-2023-0639 // JVNDB: JVNDB-2023-003134 // CNNVD: CNNVD-202302-141 // NVD: CVE-2023-0639

SOURCES

db:	CNVD	id:	CNVD-2023-22720
db:	VULMON	id:	CVE-2023-0639
db:	JVNDB	id:	JVNDB-2023-003134
db:	CNNVD	id:	CNNVD-202302-141
db:	NVD	id:	CVE-2023-0639

LAST UPDATE DATE

2024-08-14T14:17:28.489000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2023-22720	date:	2023-03-31T00:00:00
db:	VULMON	id:	CVE-2023-0639	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-003134	date:	2023-09-01T02:36:00
db:	CNNVD	id:	CNNVD-202302-141	date:	2023-02-13T00:00:00
db:	NVD	id:	CVE-2023-0639	date:	2024-05-17T02:17:27.273

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2023-22720	date:	2023-03-31T00:00:00
db:	VULMON	id:	CVE-2023-0639	date:	2023-02-02T00:00:00
db:	JVNDB	id:	JVNDB-2023-003134	date:	2023-09-01T00:00:00
db:	CNNVD	id:	CNNVD-202302-141	date:	2023-02-02T00:00:00
db:	NVD	id:	CVE-2023-0639	date:	2023-02-02T09:15:08.787