Sign-up

ID

VAR-201002-0187


CVE

CVE-2010-0607


TITLE

Sterlite SAM300 AX Router of Forms/status_statistics_1 Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2010-005267

DESCRIPTION

Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 1.98

sources: NVD: CVE-2010-0607 // JVNDB: JVNDB-2010-005267 // BID: 39928 // VULHUB: VH-CVE-2010-0607

AFFECTED PRODUCTS

vendor:sterlitetechnologiesmodel:sam300 ax routerscope: - version: -

Trust: 1.4

vendor:sterlitetechnologiesmodel:sam300 ax routerscope:eqversion:*

Trust: 1.0

vendor:sterlitetechnologiesmodel:sam300 ax routerscope:eqversion:0

Trust: 0.3

sources: NVD: CVE-2010-0607 // CNNVD: CNNVD-201002-115 // JVNDB: JVNDB-2010-005267 // BID: 39928

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2010-0607
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-201002-115
value: MEDIUM

Trust: 0.6

VUL-HUB: VH-CVE-2010-0607
value: LOW RISK

Trust: 0.1

NVD: CVE-2010-0607
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: TRUE
version: 2.0

Trust: 1.8

VULHUB: VH-CVE-2010-0607
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: NVD: CVE-2010-0607 // CNNVD: CNNVD-201002-115 // JVNDB: JVNDB-2010-005267 // VULHUB: VH-CVE-2010-0607

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: NVD: CVE-2010-0607 // JVNDB: JVNDB-2010-005267 // VULHUB: VH-CVE-2010-0607

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201002-115

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201002-115

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2010-0607

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VH-CVE-2010-0607

PATCH
title:SAM300 AX Routerurl:http://www.sterlitetechnologies.com/productwithcontents.aspx?pid=62&pname=sam300%20multi%20port%20adsl%202+%20modem
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-005267

EXTERNAL IDS
db:NVDid:CVE-2010-0607
Trust: 2.8
db:OSVDBid:62211
Trust: 1.6
db:PACKETSTORMid:1002
Trust: 1.6
db:SECUNIAid:38463
Trust: 1.6
db:JVNDBid:JVNDB-2010-005267
Trust: 0.8
db:CNNVDid:CNNVD-201002-115
Trust: 0.7
db:FULLDISCid:20100204 STERLITE SAM300AX ADSL ROUTER - CROSS SITE
Trust: 0.6
db:BIDid:39928
Trust: 0.3
db:VULHUBid:VH-CVE-2010-0607
Trust: 0.1
sources:
            
            
            NVD: CVE-2010-0607 // 
            
            
            
            CNNVD: CNNVD-201002-115 // 
            
            
            
            JVNDB: JVNDB-2010-005267 // 
            
            
            
            BID: 39928 // 
            
            
            
            VULHUB: VH-CVE-2010-0607

REFERENCES
url:http://secunia.com/advisories/38463
Trust: 1.6
url:http://packetstormsecurity.org/1002-exploits/sterlite-xss.txt
Trust: 1.6
url:http://osvdb.org/62211
Trust: 1.6
url:http://marc.info/?l=full-disclosure&m=126531284626756&w=2
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-0607
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-0607
Trust: 0.8
url:http://archives.neohapsis.com/archives/fulldisclosure/2010-02/0075.html
Trust: 0.3
url:http://www.sterlitetechnologies.com/productwithcontents.aspx?pid=62&pname=sam300%20multi%20port%20adsl%202+%20modem
Trust: 0.3
sources:
            
            
            NVD: CVE-2010-0607 // 
            
            
            
            CNNVD: CNNVD-201002-115 // 
            
            
            
            JVNDB: JVNDB-2010-005267 // 
            
            
            
            BID: 39928

CREDITS
Karn Ganeshen
Trust: 0.3
sources:
            
            
            BID: 39928

SOURCES
db:NVDid:CVE-2010-0607
db:CNNVDid:CNNVD-201002-115
db:JVNDBid:JVNDB-2010-005267
db:BIDid:39928
db:VULHUBid:VH-CVE-2010-0607

LAST UPDATE DATE
2021-12-18T05:43:59.696000+00:00

SOURCES UPDATE DATE
db:NVDid:CVE-2010-0607date:2010-11-04T04:00:00
db:CNNVDid:CNNVD-201002-115date:2010-02-12T00:00:00
db:JVNDBid:JVNDB-2010-005267date:2012-12-20T00:00:00
db:BIDid:39928date:2010-02-04T00:00:00
db:VULHUBid:VH-CVE-2010-0607date:2010-11-04T00:00:00

SOURCES RELEASE DATE
db:NVDid:CVE-2010-0607date:2010-02-11T17:30:00
db:CNNVDid:CNNVD-201002-115date:2010-02-11T00:00:00
db:JVNDBid:JVNDB-2010-005267date:2012-12-20T00:00:00
db:BIDid:39928date:2010-02-04T00:00:00
db:VULHUBid:VH-CVE-2010-0607date:2010-02-11T00:00:00