Sign-up

ID

VAR-200909-0397


CVE

CVE-2009-3093


TITLE

ASUS WL-500W Unknown vulnerabilities in wireless routers

Trust: 0.8

sources: JVNDB: JVNDB-2009-003714

DESCRIPTION

Unspecified vulnerability on the ASUS WL-500W wireless router has unknown impact and remote attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Attackers can exploit these issues to completely compromise the vulnerable device; other attacks may also be possible. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: ASUS WL-500W Wireless Router Two Vulnerabilities SECUNIA ADVISORY ID: SA36439 VERIFY ADVISORY: http://secunia.com/advisories/36439/ DESCRIPTION: Two vulnerabilities have been reported in ASUS WL-500W wireless router. 1) An unspecified error can be exploited to cause a buffer overflow. 2) An unspecified error has an unknown impact. SOLUTION: Due to the very limited available information, it is not possible to suggest an effective workaround. PROVIDED AND/OR DISCOVERED BY: Reported as modules included in VulnDisco Pack. ORIGINAL ADVISORY: http://intevydis.com/vd-list.shtml ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.34

sources: NVD: CVE-2009-3093 // JVNDB: JVNDB-2009-003714 // BID: 79368 // BID: 36236 // VULHUB: VHN-40539 // PACKETSTORM: 81017

AFFECTED PRODUCTS

vendor:asusmodel:wl-500wscope:eqversion: -

Trust: 1.9

vendor:asustek computermodel:asus wl-500wscope: - version: -

Trust: 0.8

vendor:asusmodel:wl-500wscope:eqversion:0

Trust: 0.3

sources: BID: 79368 // BID: 36236 // JVNDB: JVNDB-2009-003714 // CNNVD: CNNVD-200909-106 // NVD: CVE-2009-3093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-3093
value: HIGH

Trust: 1.0

NVD: CVE-2009-3093
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200909-106
value: CRITICAL

Trust: 0.6

VULHUB: VHN-40539
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2009-3093
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-40539
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-40539 // JVNDB: JVNDB-2009-003714 // CNNVD: CNNVD-200909-106 // NVD: CVE-2009-3093

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-3093

THREAT TYPE

network

Trust: 0.6

sources: BID: 79368 // BID: 36236

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200909-106

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-003714

PATCH
title:Top Pageurl:http://www.asus.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-003714

EXTERNAL IDS
db:NVDid:CVE-2009-3093
Trust: 2.8
db:BIDid:36236
Trust: 2.3
db:SECUNIAid:36439
Trust: 1.8
db:JVNDBid:JVNDB-2009-003714
Trust: 0.8
db:CNNVDid:CNNVD-200909-106
Trust: 0.7
db:BIDid:79368
Trust: 0.4
db:VULHUBid:VHN-40539
Trust: 0.1
db:PACKETSTORMid:81017
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40539 // 
            
            
            
            BID: 79368 // 
            
            
            
            BID: 36236 // 
            
            
            
            JVNDB: JVNDB-2009-003714 // 
            
            
            
            PACKETSTORM: 81017 // 
            
            
            
            CNNVD: CNNVD-200909-106 // 
            
            
            
            NVD: CVE-2009-3093

REFERENCES
url:http://intevydis.com/vd-list.shtml
Trust: 2.1
url:http://www.securityfocus.com/bid/36236
Trust: 2.0
url:http://secunia.com/advisories/36439
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-3093
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-3093
Trust: 0.8
url:http://intevydis.com/company.shtml
Trust: 0.3
url:http://usa.asus.com/product.aspx?p_id=nrsjewu78wddxmoa
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/advisories/36439/
Trust: 0.1
url:http://secunia.com/advisories/business_solutions/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-40539 // 
            
            
            
            BID: 79368 // 
            
            
            
            BID: 36236 // 
            
            
            
            JVNDB: JVNDB-2009-003714 // 
            
            
            
            PACKETSTORM: 81017 // 
            
            
            
            CNNVD: CNNVD-200909-106 // 
            
            
            
            NVD: CVE-2009-3093

CREDITS
Intevydis
Trust: 0.9
sources:
            
            
            BID: 36236 // 
            
            
            
            CNNVD: CNNVD-200909-106

SOURCES
db:VULHUBid:VHN-40539
db:BIDid:79368
db:BIDid:36236
db:JVNDBid:JVNDB-2009-003714
db:PACKETSTORMid:81017
db:CNNVDid:CNNVD-200909-106
db:NVDid:CVE-2009-3093

LAST UPDATE DATE
2025-04-10T23:05:05.140000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-40539date:2009-09-09T00:00:00
db:BIDid:79368date:2009-09-08T00:00:00
db:BIDid:36236date:2009-09-09T16:21:00
db:JVNDBid:JVNDB-2009-003714date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-106date:2009-09-09T00:00:00
db:NVDid:CVE-2009-3093date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-40539date:2009-09-08T00:00:00
db:BIDid:79368date:2009-09-08T00:00:00
db:BIDid:36236date:2009-09-03T00:00:00
db:JVNDBid:JVNDB-2009-003714date:2012-06-26T00:00:00
db:PACKETSTORMid:81017date:2009-09-07T07:18:54
db:CNNVDid:CNNVD-200909-106date:2009-09-08T00:00:00
db:NVDid:CVE-2009-3093date:2009-09-08T18:30:00.627