Details of VAR-200707-0276

ID

VAR-200707-0276

CVE

CVE-2007-3784

TITLE

Belkin G Plus Router DHCP Client List HTML Injection Vulnerability

Trust: 0.9

sources: BID: 24881 // CNNVD: CNNVD-200707-270

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router F5D7231-4 with firmware 4.05.03 allows remote attackers to inject arbitrary web script or HTML via a hostname of a DHCP client. The Belkin G Plus Router is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting this issue may allow an attacker to execute HTML and script code in the context of the device, to steal cookie-based authentication credentials, or to control how the site is rendered to the user; other attacks are also possible. Firmware version 4.05.03 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Full Featured Secunia Network Software Inspector (NSI) is now available: http://secunia.com/network_software_inspector/ The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,000 different Windows applications. Input passed via the hostname when listing DHCP clients is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in an administrator's browser session in context of an affected interface. SOLUTION: List DHCP clients in a trusted network environment only. PROVIDED AND/OR DISCOVERED BY: Nico Leidecker, Portcullis Computer Security Ltd. ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0033.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-3784 // JVNDB: JVNDB-2007-002351 // BID: 24881 // VULHUB: VHN-27146 // PACKETSTORM: 57689

AFFECTED PRODUCTS

vendor:	belkin	model:	f5d7231-4	scope:	eq	version:	firmware_4.05.03	Trust: 1.6
vendor:	belkin	model:	f5d7231-4	scope:	eq	version:	firmware 4.05.03	Trust: 0.8
vendor:	belkin	model:	f5d7231-4 g plus router	scope:	eq	version:	4.5.3	Trust: 0.3

sources: BID: 24881 // JVNDB: JVNDB-2007-002351 // CNNVD: CNNVD-200707-270 // NVD: CVE-2007-3784

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-3784
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-3784
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200707-270
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-27146
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-3784
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-27146
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-27146 // JVNDB: JVNDB-2007-002351 // CNNVD: CNNVD-200707-270 // NVD: CVE-2007-3784

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-3784

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200707-270

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200707-270

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-002351

PATCH

title:

Top Page

url:

http://www.belkin.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-002351

EXTERNAL IDS

db:	NVD	id:	CVE-2007-3784	Trust: 2.8
db:	BID	id:	24881	Trust: 2.0
db:	SECUNIA	id:	26059	Trust: 1.8
db:	VUPEN	id:	ADV-2007-2527	Trust: 1.7
db:	OSVDB	id:	36361	Trust: 1.1
db:	JVNDB	id:	JVNDB-2007-002351	Trust: 0.8
db:	CNNVD	id:	CNNVD-200707-270	Trust: 0.7
db:	FULLDISC	id:	20070710 PORTCULLIS COMPUTER SECURITY LTD - ADVISORIES	Trust: 0.6
db:	XF	id:	35380	Trust: 0.6
db:	VULHUB	id:	VHN-27146	Trust: 0.1
db:	PACKETSTORM	id:	57689	Trust: 0.1

sources: VULHUB: VHN-27146 // BID: 24881 // JVNDB: JVNDB-2007-002351 // PACKETSTORM: 57689 // CNNVD: CNNVD-200707-270 // NVD: CVE-2007-3784

REFERENCES

url:	http://www.securityfocus.com/bid/24881	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2007-07/0179.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/fulldisclosure/2007-07/att-0179/belkin_router_fw_40503_xss_06_64.txt	Trust: 1.7
url:	http://www.portcullis-security.com/uplds/advisories/belkin_router_fw_40503_xss%2006_64.txt	Trust: 1.7
url:	http://secunia.com/advisories/26059	Trust: 1.7
url:	http://osvdb.org/36361	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2007/2527	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/35380	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-3784	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-3784	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/35380	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2007/2527	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3
url:	http://secunia.com/product/14778/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/network_software_inspector/	Trust: 0.1
url:	http://secunia.com/advisories/26059/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20070710/98374694/attachment-0033.txt	Trust: 0.1

sources: VULHUB: VHN-27146 // BID: 24881 // JVNDB: JVNDB-2007-002351 // PACKETSTORM: 57689 // CNNVD: CNNVD-200707-270 // NVD: CVE-2007-3784

CREDITS

Nico Leidecker of Portcullis Computer Security Ltd. is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 24881 // CNNVD: CNNVD-200707-270

SOURCES

db:	VULHUB	id:	VHN-27146
db:	BID	id:	24881
db:	JVNDB	id:	JVNDB-2007-002351
db:	PACKETSTORM	id:	57689
db:	CNNVD	id:	CNNVD-200707-270
db:	NVD	id:	CVE-2007-3784

LAST UPDATE DATE

2025-04-10T23:01:12.178000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27146	date:	2017-07-29T00:00:00
db:	BID	id:	24881	date:	2015-04-16T18:11:00
db:	JVNDB	id:	JVNDB-2007-002351	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200707-270	date:	2007-07-18T00:00:00
db:	NVD	id:	CVE-2007-3784	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-27146	date:	2007-07-15T00:00:00
db:	BID	id:	24881	date:	2007-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2007-002351	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	57689	date:	2007-07-13T00:55:11
db:	CNNVD	id:	CNNVD-200707-270	date:	2007-07-15T00:00:00
db:	NVD	id:	CVE-2007-3784	date:	2007-07-15T23:30:00