Details of VAR-201307-0443

ID

VAR-201307-0443

CVE

CVE-2013-5006

TITLE

plural Western Digital My Net Vulnerability to break plaintext management password in router product firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-003598

DESCRIPTION

main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. Western Digital My Net is a series of router products from Western Digital, USA. An information disclosure vulnerability exists in a number of Western Digital My Net devices that can expose administrator credentials. This vulnerability could be used by unauthorized attackers to gain sensitive information that can help launch further attacks. There is a security hole in the main_internet.php file

Trust: 3.06

sources: NVD: CVE-2013-5006 // JVNDB: JVNDB-2013-003598 // CNVD: CNVD-2013-10461 // CNNVD: CNNVD-201307-449 // BID: 61361 // VULHUB: VHN-65008

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-10461

AFFECTED PRODUCTS

vendor:	westerndigital	model:	my net n900c	scope:	eq	version:	-	Trust: 1.0
vendor:	westerndigital	model:	my net n900	scope:	eq	version:	-	Trust: 1.0
vendor:	westerndigital	model:	my net n750	scope:	eq	version:	-	Trust: 1.0
vendor:	western digital	model:	my net	scope:	eq	version:	1.03.12 (n600 and n750)	Trust: 0.8
vendor:	western digital	model:	my net	scope:	eq	version:	1.04.16 (n600 and n750)	Trust: 0.8
vendor:	western digital	model:	my net	scope:	eq	version:	1.05.12 (n900 and n900 central)	Trust: 0.8
vendor:	western digital	model:	my net	scope:	eq	version:	1.06.18 (n900 and n900 central)	Trust: 0.8
vendor:	western digital	model:	my net	scope:	eq	version:	1.06.28 (n900 and n900 central)	Trust: 0.8
vendor:	western digital	model:	my net n600	scope:	-	version:	-	Trust: 0.8
vendor:	western digital	model:	my net n750	scope:	-	version:	-	Trust: 0.8
vendor:	western digital	model:	my net n900	scope:	-	version:	-	Trust: 0.8
vendor:	western digital	model:	my net n900 central	scope:	-	version:	-	Trust: 0.8
vendor:	western	model:	digital my net devices	scope:	-	version:	-	Trust: 0.6
vendor:	wdc	model:	my net	scope:	eq	version:	1.06.18	Trust: 0.6
vendor:	wdc	model:	my net	scope:	eq	version:	1.03.12	Trust: 0.6
vendor:	wdc	model:	my net	scope:	eq	version:	1.06.28	Trust: 0.6
vendor:	wdc	model:	my net	scope:	eq	version:	1.04.16	Trust: 0.6
vendor:	wdc	model:	my net	scope:	eq	version:	1.05.12	Trust: 0.6

sources: CNVD: CNVD-2013-10461 // JVNDB: JVNDB-2013-003598 // CNNVD: CNNVD-201307-666 // NVD: CVE-2013-5006

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-5006
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-5006
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-10461
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201307-666
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-65008
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-5006
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-10461
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-65008
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-10461 // VULHUB: VHN-65008 // JVNDB: JVNDB-2013-003598 // CNNVD: CNNVD-201307-666 // NVD: CVE-2013-5006

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.9

sources: VULHUB: VHN-65008 // JVNDB: JVNDB-2013-003598 // NVD: CVE-2013-5006

THREAT TYPE

remote

Trust: 1.2

sources: CNNVD: CNNVD-201307-449 // CNNVD: CNNVD-201307-666

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201307-449

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-003598

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-65008

PATCH

title:	Downloads My Net N750	url:	http://support.wdc.com/product/download.asp?groupid=1702&lang=en	Trust: 0.8
title:	Downloads My Net N900	url:	http://support.wdc.com/product/download.asp?wdc_lang=en&fid=wdsfMyNetN900	Trust: 0.8
title:	Downloads My Net N900 Central	url:	http://support.wdc.com/product/download.asp?groupid=1704&lang=en	Trust: 0.8
title:	Downloads My Net N600	url:	http://support.wdc.com/product/download.asp?groupid=1701&lang=en	Trust: 0.8

sources: JVNDB: JVNDB-2013-003598

EXTERNAL IDS

db:	NVD	id:	CVE-2013-5006	Trust: 3.4
db:	OSVDB	id:	95519	Trust: 1.7
db:	BID	id:	61361	Trust: 1.6
db:	JVNDB	id:	JVNDB-2013-003598	Trust: 0.8
db:	CNNVD	id:	CNNVD-201307-666	Trust: 0.7
db:	CNVD	id:	CNVD-2013-10461	Trust: 0.6
db:	CNNVD	id:	CNNVD-201307-449	Trust: 0.6
db:	PACKETSTORM	id:	122640	Trust: 0.1
db:	SEEBUG	id:	SSVID-80902	Trust: 0.1
db:	EXPLOIT-DB	id:	27288	Trust: 0.1
db:	VULHUB	id:	VHN-65008	Trust: 0.1

sources: CNVD: CNVD-2013-10461 // VULHUB: VHN-65008 // BID: 61361 // JVNDB: JVNDB-2013-003598 // CNNVD: CNNVD-201307-449 // CNNVD: CNNVD-201307-666 // NVD: CVE-2013-5006

REFERENCES

url:	http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html	Trust: 2.5
url:	http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html	Trust: 2.5
url:	http://www.osvdb.org/95519	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/85903	Trust: 1.7
url:	http://www.securityfocus.com/bid/61361	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5006	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5006	Trust: 0.8

sources: CNVD: CNVD-2013-10461 // VULHUB: VHN-65008 // JVNDB: JVNDB-2013-003598 // CNNVD: CNNVD-201307-449 // CNNVD: CNNVD-201307-666 // NVD: CVE-2013-5006

CREDITS

kyle Lovett

Trust: 0.9

sources: BID: 61361 // CNNVD: CNNVD-201307-449

SOURCES

db:	CNVD	id:	CNVD-2013-10461
db:	VULHUB	id:	VHN-65008
db:	BID	id:	61361
db:	JVNDB	id:	JVNDB-2013-003598
db:	CNNVD	id:	CNNVD-201307-449
db:	CNNVD	id:	CNNVD-201307-666
db:	NVD	id:	CVE-2013-5006

LAST UPDATE DATE

2025-04-11T23:19:31.726000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-10461	date:	2013-08-22T00:00:00
db:	VULHUB	id:	VHN-65008	date:	2020-02-24T00:00:00
db:	BID	id:	61361	date:	2013-08-01T10:25:00
db:	JVNDB	id:	JVNDB-2013-003598	date:	2013-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201307-449	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-666	date:	2020-02-25T00:00:00
db:	NVD	id:	CVE-2013-5006	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-10461	date:	2013-07-23T00:00:00
db:	VULHUB	id:	VHN-65008	date:	2013-07-31T00:00:00
db:	BID	id:	61361	date:	2013-07-19T00:00:00
db:	JVNDB	id:	JVNDB-2013-003598	date:	2013-08-01T00:00:00
db:	CNNVD	id:	CNNVD-201307-449	date:	2013-07-22T00:00:00
db:	CNNVD	id:	CNNVD-201307-666	date:	2013-07-31T00:00:00
db:	NVD	id:	CVE-2013-5006	date:	2013-07-31T13:20:19.287