Details of VAR-201302-0489

ID

VAR-201302-0489

TITLE

Edimax EW-7206APg and EW-7209APg HTTP Header Injection Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-01114

DESCRIPTION

The Edimax EW-7206APg and EW-7209APg are wireless AP devices. Edimax EW-7206APg and EW-7209APg have open redirection vulnerabilities that allow attackers to exploit phishing attacks. There are HTML injection vulnerabilities in Edimax EW-7206APg and EW-7209APg that allow an attacker to exploit arbitrary HTML and script code in an affected browser. A cross-site scripting vulnerability exists in Edimax EW-7206APg and EW-7209APg that allows an attacker to exploit a vulnerability to steal cookie-based authentication credentials and control how the site is presented to the user. Edimax EW-7206APg and EW-7209APg are prone to the following vulnerabilities because they fail to sufficiently sanitize user-supplied input. 1. Multiple URI-redirection vulnerabilities 2. Multiple cross-site scripting vulnerabilities 3. Multiple HTML-injection vulnerabilities 4. Other attacks are also possible

Trust: 2.43

sources: CNVD: CNVD-2013-01114 // CNVD: CNVD-2013-01111 // CNVD: CNVD-2013-01113 // CNVD: CNVD-2013-01112 // BID: 57970

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 2.4

sources: CNVD: CNVD-2013-01114 // CNVD: CNVD-2013-01111 // CNVD: CNVD-2013-01113 // CNVD: CNVD-2013-01112

AFFECTED PRODUCTS

vendor:	edimax	model:	ew-7209apg	scope:	-	version:	-	Trust: 2.4
vendor:	edimax	model:	ew-7206apg	scope:	-	version:	-	Trust: 2.4

sources: CNVD: CNVD-2013-01114 // CNVD: CNVD-2013-01111 // CNVD: CNVD-2013-01113 // CNVD: CNVD-2013-01112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201302-395

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 57970

EXTERNAL IDS

db:	BID	id:	57970	Trust: 3.3
db:	CNVD	id:	CNVD-2013-01114	Trust: 0.6
db:	CNVD	id:	CNVD-2013-01111	Trust: 0.6
db:	CNVD	id:	CNVD-2013-01113	Trust: 0.6
db:	CNVD	id:	CNVD-2013-01112	Trust: 0.6
db:	CNNVD	id:	CNNVD-201302-395	Trust: 0.6

sources: CNVD: CNVD-2013-01114 // CNVD: CNVD-2013-01111 // CNVD: CNVD-2013-01113 // CNVD: CNVD-2013-01112 // BID: 57970 // CNNVD: CNNVD-201302-395

REFERENCES

url:

http://www.securityfocus.com/bid/57970

Trust: 3.0

sources: CNVD: CNVD-2013-01114 // CNVD: CNVD-2013-01111 // CNVD: CNVD-2013-01113 // CNVD: CNVD-2013-01112 // CNNVD: CNNVD-201302-395

CREDITS

Michael Messner

Trust: 0.9

sources: BID: 57970 // CNNVD: CNNVD-201302-395

SOURCES

db:	CNVD	id:	CNVD-2013-01114
db:	CNVD	id:	CNVD-2013-01111
db:	CNVD	id:	CNVD-2013-01113
db:	CNVD	id:	CNVD-2013-01112
db:	BID	id:	57970
db:	CNNVD	id:	CNNVD-201302-395

LAST UPDATE DATE

2022-05-17T01:43:25.741000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-01114	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01111	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01113	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01112	date:	2013-02-20T00:00:00
db:	BID	id:	57970	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-395	date:	2013-03-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-01114	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01111	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01113	date:	2013-02-20T00:00:00
db:	CNVD	id:	CNVD-2013-01112	date:	2013-02-20T00:00:00
db:	BID	id:	57970	date:	2013-02-15T00:00:00
db:	CNNVD	id:	CNNVD-201302-395	date:	2013-02-25T00:00:00