Details of VAR-200812-0531

ID

VAR-200812-0531

TITLE

COMTREND CT-536 Router Multiple Denial of Service and Information Disclosure Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2008-6288

DESCRIPTION

The Comtrend CT-536 is a small ADSL wireless broadband router. CT-536's micro_httpd service program does not properly validate user requests. Non-privileged users can access restricted resources by submitting malicious requests. During the authentication process, the credentials are sent in clear text, and any user can easily read the authentication credentials. CT-536 does not properly filter certain field autos and data, and remote attackers can exploit cross-site scripting and buffer overflow attacks to cause the httpd configuration server to denial of service. COMTREND CT-536 and HG-536 are prone to multiple remote vulnerabilities: - Multiple unauthorized-access vulnerabilities - An information-disclosure vulnerability - Multiple cross-site scripting vulnerabilities - A denial-of-service vulnerability - Multiple buffer-overflow vulnerabilities Attackers can exploit these issues to compromise the affected device, obtain sensitive information, execute arbitrary script code, steal cookie-based authentication credentials, and cause a denial-of-service condition. Other attacks are also possible. The following firmware versions are vulnerable; additional versions may also be affected: CT-536 A101-302JAZ-C01_R05 HG-536+ A101-302JAZ-C01_R05 and A101-302JAZ-C03_R14.A2pB021g.d15h

Trust: 0.81

sources: CNVD: CNVD-2008-6288 // BID: 32975

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2008-6288

AFFECTED PRODUCTS

vendor:	comtrend	model:	ct-5367 a111-312btc-c01 r12	scope:	-	version:	-	Trust: 0.6
vendor:	comtrend	model:	hg-536+ a101-302jaz-c03 r14.	scope:	-	version:	-	Trust: 0.3
vendor:	comtrend	model:	hg-536+ a101-302jaz-c01 r05	scope:	-	version:	-	Trust: 0.3
vendor:	comtrend	model:	ct-536 a101-302jaz-c01 r05	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2008-6288 // BID: 32975

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2008-6288
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2008-6288
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	6.8
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2008-6288

THREAT TYPE

network

Trust: 0.3

sources: BID: 32975

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 32975

EXTERNAL IDS

db:	BID	id:	32975	Trust: 0.9
db:	CNVD	id:	CNVD-2008-6288	Trust: 0.6

sources: CNVD: CNVD-2008-6288 // BID: 32975

REFERENCES

url:	http://marc.info/?l=bugtraq&m=122997803912052&w=2	Trust: 0.6
url:	http://lostmon.blogspot.com/2009/04/comtrend-hg536-vulnerabilities.html	Trust: 0.3
url:	http://www.comtrend.com/	Trust: 0.3
url:	/archive/1/499503	Trust: 0.3

sources: CNVD: CNVD-2008-6288 // BID: 32975

CREDITS

Daniel Fernandez Bleda

Trust: 0.3

sources: BID: 32975

SOURCES

db:	CNVD	id:	CNVD-2008-6288
db:	BID	id:	32975

LAST UPDATE DATE

2022-05-17T01:44:19.336000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2008-6288	date:	2008-12-22T00:00:00
db:	BID	id:	32975	date:	2009-04-27T19:26:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2008-6288	date:	2008-12-22T00:00:00
db:	BID	id:	32975	date:	2008-12-22T00:00:00