Sign-up

ID

VAR-200909-0002


CVE

CVE-2007-6730


TITLE

ZyXEL P-330W Router Web Management interface cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-005295

DESCRIPTION

Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup. ZyXEL P-330W 802.11g Secure Wireless Internet Sharing Router is prone to multiple cross-site scripting vulnerabilities and cross-site request-forgery vulnerabilities because it fails to properly sanitize user-supplied input. These issues affect the device's web-based administrative interface. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker may leverage the cross-site request-forgery issues to perform actions in the context of a device administrator, which can compromise the device. ZyXEL P-330W is a wireless broadband router. There is an input validation vulnerability when ZyXEL P-330W processes user requests, remote attackers may exploit this vulnerability to attack user systems. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: ZyXEL P-330W Cross-Site Scripting and Request Forgery Vulnerabilities SECUNIA ADVISORY ID: SA28172 VERIFY ADVISORY: http://secunia.com/advisories/28172/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote OPERATING SYSTEM: ZyXEL P-330W http://secunia.com/product/17060/ DESCRIPTION: Some vulnerabilities have been reported in ZyXEL P-330W, which can be exploited by malicious people to conduct cross-site scripting and request forgery attacks. 1) Input passed to the parameter "pingstr" in ping.asp is not properly sanitised before being returned to a user. 2) Various vulnerabilities are caused due to the device allowing users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. change the administrator's password. Note: Reportedly, the router runs a vulnerable version of GoAhead WebServer, which potentially can be exploited by malicious people to compromise the device. SOLUTION: Do not browse other websites while being logged into the device. PROVIDED AND/OR DISCOVERED BY: Santa Clause ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059295.html http://lists.grok.org.uk/pipermail/full-disclosure/2007-December/059316.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2007-6730 // JVNDB: JVNDB-2009-005295 // BID: 27024 // VULHUB: VHN-30092 // PACKETSTORM: 62241

AFFECTED PRODUCTS

vendor:zyxelmodel:p-330w routerscope:eqversion:*

Trust: 1.0

vendor:zyxelmodel:p-330wscope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-330w routerscope: - version: -

Trust: 0.6

vendor:zyxelmodel:p-330wscope:eqversion:0

Trust: 0.3

sources: BID: 27024 // JVNDB: JVNDB-2009-005295 // NVD: CVE-2007-6730 // CNNVD: CNNVD-200909-165

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-6730
value: HIGH

Trust: 1.8

CNNVD: CNNVD-200909-165
value: CRITICAL

Trust: 0.6

VULHUB: VHN-30092
value: HIGH

Trust: 0.1

NVD:
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: FALSE
obtainAllPrivilege: TRUE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.0

NVD: CVE-2007-6730
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-30092
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-30092 // JVNDB: JVNDB-2009-005295 // NVD: CVE-2007-6730 // CNNVD: CNNVD-200909-165

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-30092 // JVNDB: JVNDB-2009-005295 // NVD: CVE-2007-6730

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-165

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-200909-165

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-6730

PATCH
title:Top Pageurl:http://www.zyxel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-005295

EXTERNAL IDS
db:NVDid:CVE-2007-6730
Trust: 2.8
db:BIDid:27024
Trust: 2.0
db:SECUNIAid:28172
Trust: 1.8
db:JVNDBid:JVNDB-2009-005295
Trust: 0.8
db:FULLDISCid:20071225 HO HO H0-DAY - ZYXEL P-330W MULTIPLE XSS AND XSRF VULNERABILITIES
Trust: 0.6
db:CNNVDid:CNNVD-200909-165
Trust: 0.6
db:VULHUBid:VHN-30092
Trust: 0.1
db:PACKETSTORMid:62241
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30092 // 
            
            
            
            BID: 27024 // 
            
            
            
            JVNDB: JVNDB-2009-005295 // 
            
            
            
            PACKETSTORM: 62241 // 
            
            
            
            NVD: CVE-2007-6730 // 
            
            
            
            CNNVD: CNNVD-200909-165

REFERENCES
url:http://www.securityfocus.com/bid/27024
Trust: 1.7
url:http://seclists.org/fulldisclosure/2007/dec/0559.html
Trust: 1.7
url:http://secunia.com/advisories/28172
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-6730
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-6730
Trust: 0.8
url:http://www.us.zyxel.com/products/model.php?indexcate=1124750607&indexcate1=1121212137&indexflagvalue=1021876859
Trust: 0.3
url:http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0560.html
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/product/17060/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/059316.html
Trust: 0.1
url:http://secunia.com/advisories/28172/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://lists.grok.org.uk/pipermail/full-disclosure/2007-december/059295.html
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-30092 // 
            
            
            
            BID: 27024 // 
            
            
            
            JVNDB: JVNDB-2009-005295 // 
            
            
            
            PACKETSTORM: 62241 // 
            
            
            
            NVD: CVE-2007-6730 // 
            
            
            
            CNNVD: CNNVD-200909-165

CREDITS
Santa Clause   santa_clause@hush.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200909-165

SOURCES
db:VULHUBid:VHN-30092
db:BIDid:27024
db:JVNDBid:JVNDB-2009-005295
db:PACKETSTORMid:62241
db:NVDid:CVE-2007-6730
db:CNNVDid:CNNVD-200909-165

LAST UPDATE DATE
2023-12-18T13:35:05.246000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-30092date:2009-09-15T00:00:00
db:BIDid:27024date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2009-005295date:2012-12-20T00:00:00
db:NVDid:CVE-2007-6730date:2009-09-15T05:10:20.093
db:CNNVDid:CNNVD-200909-165date:2009-09-15T00:00:00

SOURCES RELEASE DATE
db:VULHUBid:VHN-30092date:2009-09-10T00:00:00
db:BIDid:27024date:2007-12-25T00:00:00
db:JVNDBid:JVNDB-2009-005295date:2012-12-20T00:00:00
db:PACKETSTORMid:62241date:2008-01-03T18:16:15
db:NVDid:CVE-2007-6730date:2009-09-10T10:30:00.280
db:CNNVDid:CNNVD-200909-165date:2007-12-25T00:00:00