Details of VAR-201211-0481

ID

VAR-201211-0481

TITLE

Cisco WAG120N Multiple Remote Command Execution Vulnerabilities

Trust: 1.5

sources: CNVD: CNVD-2012-7794 // BID: 56648 // CNNVD: CNNVD-201211-466

DESCRIPTION

Multiple remote command execution vulnerabilities exist in the Cisco WAG120N. Remote attackers exploit these vulnerabilities to perform arbitrary commands or root access to help fully control the affected device. The Cisco WAG120N is a wireless routing device. The Cisco WAG120N /setup.cgi?next_file=Setup_DDNS.htm script failed to properly filter user-submitted input, and all fields were not properly filtered, allowing attackers to inject something like \"qwe.com;cat /etc/passwd> /www/Routercfg. Cfg;\" string to the Hostname field, you can execute arbitrary commands with root privileges. This may facilitate a complete compromise of an affected device

Trust: 1.35

sources: CNVD: CNVD-2012-7794 // CNVD: CNVD-2012-6721 // BID: 56648

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2012-7794 // CNVD: CNVD-2012-6721

AFFECTED PRODUCTS

vendor:

cisco

model:

wag120n

scope:

version:

Trust: 1.2

sources: CNVD: CNVD-2012-7794 // CNVD: CNVD-2012-6721

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2012-7794
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2012-7794
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2012-7794

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201211-466

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 56648

EXTERNAL IDS

db:	BID	id:	56648	Trust: 2.1
db:	CNVD	id:	CNVD-2012-7794	Trust: 0.6
db:	CNVD	id:	CNVD-2012-6721	Trust: 0.6
db:	CNNVD	id:	CNNVD-201211-466	Trust: 0.6

sources: CNVD: CNVD-2012-7794 // CNVD: CNVD-2012-6721 // BID: 56648 // CNNVD: CNNVD-201211-466

REFERENCES

url:	http://www.securityfocus.com/bid/56648	Trust: 1.2
url:	http://archives.neohapsis.com/archives/fulldisclosure/current/0159.html	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	http://seclists.org/fulldisclosure/2012/nov/158	Trust: 0.3
url:	http://homesupport.cisco.com/en-us/support/gateways/wag120n	Trust: 0.3

sources: CNVD: CNVD-2012-7794 // CNVD: CNVD-2012-6721 // BID: 56648 // CNNVD: CNNVD-201211-466

CREDITS

Manuel Fern??ndez

Trust: 0.6

sources: CNNVD: CNNVD-201211-466

SOURCES

db:	CNVD	id:	CNVD-2012-7794
db:	CNVD	id:	CNVD-2012-6721
db:	BID	id:	56648
db:	CNNVD	id:	CNNVD-201211-466

LAST UPDATE DATE

2022-05-17T02:08:14.214000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-7794	date:	2012-11-27T00:00:00
db:	CNVD	id:	CNVD-2012-6721	date:	2012-11-27T00:00:00
db:	BID	id:	56648	date:	2012-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201211-466	date:	2012-11-29T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-7794	date:	2012-11-27T00:00:00
db:	CNVD	id:	CNVD-2012-6721	date:	2012-11-27T00:00:00
db:	BID	id:	56648	date:	2012-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201211-466	date:	2012-11-27T00:00:00