Details of VAR-200708-0284

ID

VAR-200708-0284

CVE

CVE-2007-4488

TITLE

Siemens Gigaset SE361 WLAN Router cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-006009

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the Siemens Gigaset SE361 WLAN router with firmware 1.00.0 allow remote attackers to inject arbitrary web script or HTML via the portion of the URI immediately following the filename for (1) a GIF filename, which triggers display of the GIF file in text format and an unspecified denial of service (crash); or (2) the login.tri filename, which triggers a continuous loop of the browser attempting to visit the login page. Siemens Gigaset SE361 WLAN The router contains a cross-site scripting vulnerability.By a third party URI Any part through Web Script or HTML May be inserted. Gigaset SE361 is prone to a cross-site scripting vulnerability

Trust: 2.16

sources: NVD: CVE-2007-4488 // JVNDB: JVNDB-2007-006009 // BID: 81594 // IVD: 53750534-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-27850

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: 53750534-2352-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	siemens	model:	gigaset se361 wlan router	scope:	eq	version:	0	Trust: 1.6
vendor:	siemens	model:	gigaset se361 wlan router	scope:	eq	version:	firmware 1.00.0	Trust: 0.8
vendor:	siemens	model:	gigaset se361	scope:	eq	version:	01.00	Trust: 0.3
vendor:	gigaset se361 wlan router	model:	-	scope:	eq	version:	0	Trust: 0.2

sources: IVD: 53750534-2352-11e6-abef-000c29c66e3d // BID: 81594 // JVNDB: JVNDB-2007-006009 // CNNVD: CNNVD-200708-370 // NVD: CVE-2007-4488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-4488
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-4488
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200708-370
value:	MEDIUM
Trust: 0.6
IVD:	53750534-2352-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-27850
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-4488
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	53750534-2352-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-27850
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 53750534-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-27850 // JVNDB: JVNDB-2007-006009 // CNNVD: CNNVD-200708-370 // NVD: CVE-2007-4488

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-370

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200708-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-006009

PATCH

title:

Top Page

url:

http://gigaset.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-006009

EXTERNAL IDS

db:	NVD	id:	CVE-2007-4488	Trust: 3.0
db:	SREASON	id:	3050	Trust: 2.0
db:	OSVDB	id:	45841	Trust: 1.7
db:	OSVDB	id:	45842	Trust: 1.7
db:	CNNVD	id:	CNNVD-200708-370	Trust: 0.8
db:	JVNDB	id:	JVNDB-2007-006009	Trust: 0.8
db:	BUGTRAQ	id:	20070821 SIEMENS GIGASET SE361 ROUTER XSS	Trust: 0.6
db:	BID	id:	81594	Trust: 0.4
db:	IVD	id:	53750534-2352-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-27850	Trust: 0.1

sources: IVD: 53750534-2352-11e6-abef-000c29c66e3d // VULHUB: VHN-27850 // BID: 81594 // JVNDB: JVNDB-2007-006009 // CNNVD: CNNVD-200708-370 // NVD: CVE-2007-4488

REFERENCES

url:	http://securityreason.com/securityalert/3050	Trust: 2.0
url:	http://osvdb.org/45841	Trust: 1.7
url:	http://osvdb.org/45842	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/477220/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/archive/1/477220/100/0/threaded	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4488	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4488	Trust: 0.8

sources: VULHUB: VHN-27850 // BID: 81594 // JVNDB: JVNDB-2007-006009 // CNNVD: CNNVD-200708-370 // NVD: CVE-2007-4488

CREDITS

Unknown

Trust: 0.3

sources: BID: 81594

SOURCES

db:	IVD	id:	53750534-2352-11e6-abef-000c29c66e3d
db:	VULHUB	id:	VHN-27850
db:	BID	id:	81594
db:	JVNDB	id:	JVNDB-2007-006009
db:	CNNVD	id:	CNNVD-200708-370
db:	NVD	id:	CVE-2007-4488

LAST UPDATE DATE

2025-04-10T23:23:41.743000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-27850	date:	2018-10-15T00:00:00
db:	BID	id:	81594	date:	2007-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2007-006009	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200708-370	date:	2007-08-28T00:00:00
db:	NVD	id:	CVE-2007-4488	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	53750534-2352-11e6-abef-000c29c66e3d	date:	2007-08-22T00:00:00
db:	VULHUB	id:	VHN-27850	date:	2007-08-22T00:00:00
db:	BID	id:	81594	date:	2007-08-22T00:00:00
db:	JVNDB	id:	JVNDB-2007-006009	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200708-370	date:	2007-08-22T00:00:00
db:	NVD	id:	CVE-2007-4488	date:	2007-08-22T23:17:00