ID
VAR-200205-0035
CVE
CVE-2002-0238
TITLE
Netgear RT314/RT311 Gateway Router Cross-site execution script vulnerability
Trust: 0.6
DESCRIPTION
Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. The Netgear RT314/RT311 Gateway Router models allow Cable/DSL users to share a connection. These products provide a web-based administrative interface. The affected products run a ZyXel-RomPager web server to provide easy web-based configuration. The web interface for the router is prone to cross-site scripting attacks. This may be exploited by an attacker who knows the internal IP address of the router. Arbitrary script code may be included in a malicious link, which is executed in the browser of the victim, in the context of the router. It is possible that an attacker may capitalize on this opportunity to gain unauthorized administrative access to the router. This may occur if the attacker can successfully steal cookie-based authentication credentials from a user who has access to the administrative interface. It should be noted that there is a distinct possibility that any other router products running the ZyXel-RomPager web server (versions 3.02 or earlier) may also be prone to this issue. This issue reportedly does not affect the Netgear RP114 Cable/DSL Web Safe Router. Netgear\'\'s RT314 is a four-port router, suitable for home or small office network. But this WEB Server has a cross-site execution script vulnerability, see CERT CA-2000-02 two years ago
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | netgear | model: | rt314 | scope: | eq | version: | 3.22 | Trust: 1.6 |
| vendor: | netgear | model: | rt314 | scope: | eq | version: | 3.24 | Trust: 1.6 |
| vendor: | netgear | model: | rt314 | scope: | eq | version: | 3.25 | Trust: 1.6 |
| vendor: | netgear | model: | rt314/rt311 gateway router | scope: | eq | version: | 3.25 | Trust: 0.3 |
| vendor: | netgear | model: | rt314/rt311 gateway router | scope: | eq | version: | 3.24 | Trust: 0.3 |
| vendor: | netgear | model: | rt314/rt311 gateway router | scope: | eq | version: | 3.22 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
EXTERNAL IDS
| db: | NVD | id: | CVE-2002-0238 | Trust: 2.0 |
| db: | BID | id: | 4024 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200205-070 | Trust: 0.7 |
| db: | BUGTRAQ | id: | 20020203 NETGEAR RT311/RT314 | Trust: 0.6 |
| db: | XF | id: | 8082 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-4631 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/4024 | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/8082.php | Trust: 1.7 |
| url: | http://marc.info/?l=bugtraq&m=101286360203461&w=2 | Trust: 1.0 |
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=101286360203461&w=2 | Trust: 0.6 |
| url: | http://www.netgear.com/support_main.asp | Trust: 0.3 |
| url: | http://marc.info/?l=bugtraq&m=101286360203461&w=2 | Trust: 0.1 |
CREDITS
sq sq@cirt.net
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-4631 |
| db: | BID | id: | 4024 |
| db: | CNNVD | id: | CNNVD-200205-070 |
| db: | NVD | id: | CVE-2002-0238 |
LAST UPDATE DATE
2025-04-03T22:38:27.327000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-4631 | date: | 2016-10-18T00:00:00 |
| db: | BID | id: | 4024 | date: | 2009-07-11T09:56:00 |
| db: | CNNVD | id: | CNNVD-200205-070 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-0238 | date: | 2025-04-03T01:03:51.193 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-4631 | date: | 2002-05-29T00:00:00 |
| db: | BID | id: | 4024 | date: | 2002-02-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-200205-070 | date: | 2002-02-03T00:00:00 |
| db: | NVD | id: | CVE-2002-0238 | date: | 2002-05-29T04:00:00 |