Details of VAR-201308-0473

ID

VAR-201308-0473

TITLE

Belkin F5D7234-4 G Wireless Router Input Verification Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-12670

DESCRIPTION

The Belkin F5D7234-4 G is a wireless router product. Belkin F5D7234-4 G Wireless Router, firmware version 5.00.12, has an authentication bypass vulnerability and a remote code execution vulnerability. An attacker could exploit these vulnerabilities to obtain a device administrator login password, cause a denial of service, and perform unauthorized operations. The authentication bypass vulnerability stems from a problem with the handler for http://$ip/login.stm that can result in a leaked administrator login password hash. The remote code execution vulnerability stems from a problem with the handler for http://$ip/cgi-bin/wireless_WPS_Enroll.exe, which can cause a buffer overflow. Failed exploit attempts may result in a denial-of-service condition

Trust: 1.35

sources: CNVD: CNVD-2013-12670 // CNNVD: CNNVD-201308-429 // BID: 61994

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-12670

AFFECTED PRODUCTS

vendor:

belkin

model:

f5d8236-4

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2013-12670

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-12670
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2013-12670
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-12670

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201308-429

TYPE

Design Error

Trust: 0.3

sources: BID: 61994

EXTERNAL IDS

db:	BID	id:	61994	Trust: 1.5
db:	PACKETSTORM	id:	122956	Trust: 0.6
db:	CNVD	id:	CNVD-2013-12670	Trust: 0.6
db:	CNNVD	id:	CNNVD-201308-429	Trust: 0.6

sources: CNVD: CNVD-2013-12670 // BID: 61994 // CNNVD: CNNVD-201308-429

REFERENCES

url:	http://packetstormsecurity.com/files/122956/belking-exec.txt	Trust: 0.6
url:	http://www.securityfocus.com/bid/61994	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3

sources: CNVD: CNVD-2013-12670 // BID: 61994 // CNNVD: CNNVD-201308-429

CREDITS

Aodrulez

Trust: 0.9

sources: BID: 61994 // CNNVD: CNNVD-201308-429

SOURCES

db:	CNVD	id:	CNVD-2013-12670
db:	BID	id:	61994
db:	CNNVD	id:	CNNVD-201308-429

LAST UPDATE DATE

2022-05-17T02:10:39.674000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-12670	date:	2013-08-29T00:00:00
db:	BID	id:	61994	date:	2013-09-04T02:11:00
db:	CNNVD	id:	CNNVD-201308-429	date:	2013-08-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-12670	date:	2013-08-29T00:00:00
db:	BID	id:	61994	date:	2013-08-26T00:00:00
db:	CNNVD	id:	CNNVD-201308-429	date:	2013-08-28T00:00:00