Details of VAR-201307-0369

ID

VAR-201307-0369

CVE

CVE-2013-3581

TITLE

Choice Wireless Green Packet 4G WiMax modem vulnerability

Trust: 0.8

sources: CERT/CC: VU#932044

DESCRIPTION

ajax.cgi in the web interface on the Choice Wireless Green Packet WIXFMR-111 4G WiMax modem allows remote attackers to obtain sensitive information via an Ajax (1) wmxState or (2) netState request. An attacker can exploit this issue to view system configuration information, execute commands and disclose sensitive information. Information obtained may aid in further attacks. This product provides internal routing, wireless link and other functions

Trust: 2.7

sources: NVD: CVE-2013-3581 // CERT/CC: VU#932044 // JVNDB: JVNDB-2013-003174 // BID: 60864 // VULHUB: VHN-63583

AFFECTED PRODUCTS

vendor:	choice	model:	wixfmr-111	scope:	eq	version:	-	Trust: 1.6
vendor:	choice	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	choice	model:	green packet 4g wimax modem wixfmr-111	scope:	-	version:	-	Trust: 0.8
vendor:	choice	model:	communications green packet 4g wimax modem wixfmr-111	scope:	-	version:	-	Trust: 0.3

sources: CERT/CC: VU#932044 // BID: 60864 // JVNDB: JVNDB-2013-003174 // CNNVD: CNNVD-201307-041 // NVD: CVE-2013-3581

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2013-3581
value:	HIGH
Trust: 1.6
nvd@nist.gov:	CVE-2013-3581
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-201307-041
value:	HIGH
Trust: 0.6
VULHUB:	VHN-63583
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2013-3581
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
NVD:	CVE-2013-3581
severity:	HIGH
baseScore:	9.3
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
VULHUB:	VHN-63583
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CERT/CC: VU#932044 // VULHUB: VHN-63583 // JVNDB: JVNDB-2013-003174 // CNNVD: CNNVD-201307-041 // NVD: CVE-2013-3581

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.9

sources: VULHUB: VHN-63583 // JVNDB: JVNDB-2013-003174 // NVD: CVE-2013-3581

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201307-041

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201307-041

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003174

PATCH

title:	Top Page	url:	http://choice-wireless.com/	Trust: 0.8
title:	GREENPACKET 4G MODEM	url:	http://vi.choice-wireless.com/greenpacket-4g-modem	Trust: 0.8

sources: JVNDB: JVNDB-2013-003174

EXTERNAL IDS

db:	CERT/CC	id:	VU#932044	Trust: 3.6
db:	NVD	id:	CVE-2013-3581	Trust: 2.8
db:	JVN	id:	JVNVU98995343	Trust: 0.8
db:	JVNDB	id:	JVNDB-2013-003174	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-041	Trust: 0.7
db:	BID	id:	60864	Trust: 0.4
db:	VULHUB	id:	VHN-63583	Trust: 0.1

sources: CERT/CC: VU#932044 // VULHUB: VHN-63583 // BID: 60864 // JVNDB: JVNDB-2013-003174 // CNNVD: CNNVD-201307-041 // NVD: CVE-2013-3581

REFERENCES

url:	http://www.kb.cert.org/vuls/id/932044	Trust: 2.8
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3581	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu98995343	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3581	Trust: 0.8
url:	http://us.choice-wireless.com/	Trust: 0.3

sources: CERT/CC: VU#932044 // VULHUB: VHN-63583 // BID: 60864 // JVNDB: JVNDB-2013-003174 // CNNVD: CNNVD-201307-041 // NVD: CVE-2013-3581

CREDITS

Chris Meller

Trust: 0.3

sources: BID: 60864

SOURCES

db:	CERT/CC	id:	VU#932044
db:	VULHUB	id:	VHN-63583
db:	BID	id:	60864
db:	JVNDB	id:	JVNDB-2013-003174
db:	CNNVD	id:	CNNVD-201307-041
db:	NVD	id:	CVE-2013-3581

LAST UPDATE DATE

2025-04-11T23:08:41.907000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#932044	date:	2013-06-28T00:00:00
db:	VULHUB	id:	VHN-63583	date:	2013-10-11T00:00:00
db:	BID	id:	60864	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003174	date:	2013-10-24T00:00:00
db:	CNNVD	id:	CNNVD-201307-041	date:	2013-07-05T00:00:00
db:	NVD	id:	CVE-2013-3581	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#932044	date:	2013-06-28T00:00:00
db:	VULHUB	id:	VHN-63583	date:	2013-07-02T00:00:00
db:	BID	id:	60864	date:	2013-06-28T00:00:00
db:	JVNDB	id:	JVNDB-2013-003174	date:	2013-07-03T00:00:00
db:	CNNVD	id:	CNNVD-201307-041	date:	2013-07-04T00:00:00
db:	NVD	id:	CVE-2013-3581	date:	2013-07-02T03:43:16.817