Details of VAR-200709-0300

ID

VAR-200709-0300

CVE

CVE-2007-5027

TITLE

WBR3404TX Broadband router Web Cross-site scripting vulnerability in admin panel

Trust: 0.8

sources: JVNDB: JVNDB-2007-004423

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in the web management panel for the WBR3404TX broadband router with firmware R1.94p0vTIG allow remote attackers to inject arbitrary web script or HTML via the (1) DD or (2) DU parameter. The LevelOne WBR3404TX Broadband Router is prone to multiple cross-site scripting vulnerabilities because the software fails to sufficiently sanitize user-supplied input. These issues occurs in the web management panel. Exploiting these vulnerabilities may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected site. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks. LevelOne WBR3404TX firmware version R1.94p0vTIG is vulnerable; other versions may also be affected

Trust: 1.98

sources: NVD: CVE-2007-5027 // JVNDB: JVNDB-2007-004423 // BID: 25738 // VULHUB: VHN-28389

AFFECTED PRODUCTS

vendor:	level one	model:	wbr3404tx	scope:	eq	version:	*	Trust: 1.0
vendor:	level one	model:	wbr3404tx	scope:	eq	version:	firmware r1.94p0vtig	Trust: 0.8
vendor:	level one	model:	wbr3404tx	scope:	eq	version:	firmware_ver._r1.94p0vtig	Trust: 0.6
vendor:	level	model:	one wbr3404tx r1.94p0vtig	scope:	-	version:	-	Trust: 0.3

sources: BID: 25738 // JVNDB: JVNDB-2007-004423 // CNNVD: CNNVD-200709-318 // NVD: CVE-2007-5027

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-5027
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-5027
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200709-318
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-28389
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-5027
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-28389
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-28389 // JVNDB: JVNDB-2007-004423 // CNNVD: CNNVD-200709-318 // NVD: CVE-2007-5027

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-28389 // JVNDB: JVNDB-2007-004423 // NVD: CVE-2007-5027

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200709-318

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-200709-318

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-004423

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-28389

PATCH

title:

WBR3404TX

url:

http://global.level1.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-004423

EXTERNAL IDS

db:	NVD	id:	CVE-2007-5027	Trust: 2.8
db:	BID	id:	25738	Trust: 2.0
db:	OSVDB	id:	38886	Trust: 1.7
db:	SREASON	id:	3159	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-004423	Trust: 0.8
db:	XF	id:	36696	Trust: 0.6
db:	XF	id:	3404	Trust: 0.6
db:	BUGTRAQ	id:	20070919 WBR3404TX BROADBAND ROUTER XSS	Trust: 0.6
db:	CNNVD	id:	CNNVD-200709-318	Trust: 0.6
db:	EXPLOIT-DB	id:	30597	Trust: 0.1
db:	SEEBUG	id:	SSVID-83972	Trust: 0.1
db:	VULHUB	id:	VHN-28389	Trust: 0.1

sources: VULHUB: VHN-28389 // BID: 25738 // JVNDB: JVNDB-2007-004423 // CNNVD: CNNVD-200709-318 // NVD: CVE-2007-5027

REFERENCES

url:	http://www.securityfocus.com/bid/25738	Trust: 1.7
url:	http://osvdb.org/38886	Trust: 1.7
url:	http://securityreason.com/securityalert/3159	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/479994/100/0/threaded	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/36696	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5027	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5027	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/479994/100/0/threaded	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/36696	Trust: 0.6
url:	http://global.level1.com/products2.php?id=771	Trust: 0.3
url:	/archive/1/479994	Trust: 0.3

sources: VULHUB: VHN-28389 // BID: 25738 // JVNDB: JVNDB-2007-004423 // CNNVD: CNNVD-200709-318 // NVD: CVE-2007-5027

CREDITS

azizov@itdefence.ru is credited with the discovery of these vulnerabilities.

Trust: 0.3

sources: BID: 25738

SOURCES

db:	VULHUB	id:	VHN-28389
db:	BID	id:	25738
db:	JVNDB	id:	JVNDB-2007-004423
db:	CNNVD	id:	CNNVD-200709-318
db:	NVD	id:	CVE-2007-5027

LAST UPDATE DATE

2025-04-10T23:21:44.283000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-28389	date:	2018-10-15T00:00:00
db:	BID	id:	25738	date:	2015-05-07T17:35:00
db:	JVNDB	id:	JVNDB-2007-004423	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200709-318	date:	2007-09-26T00:00:00
db:	NVD	id:	CVE-2007-5027	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-28389	date:	2007-09-21T00:00:00
db:	BID	id:	25738	date:	2007-09-19T00:00:00
db:	JVNDB	id:	JVNDB-2007-004423	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200709-318	date:	2007-09-21T00:00:00
db:	NVD	id:	CVE-2007-5027	date:	2007-09-21T19:17:00