Sign-up

ID

VAR-201309-0500


TITLE

ONO Hitron CDE-30364 has multiple cross-site request forgery vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2013-13104

DESCRIPTION

The ONO Hitron CDE-30364 WEB interface has a cross-site request forgery vulnerability that allows remote attackers to exploit exploits to build specially crafted URIs, to entice login users to resolve, and to change router parameters. ONO Hitron CDE-30364 is a wireless router product. There are multiple cross-site request forgery vulnerabilities in ONO Hitron CDE-30364. Unauthorized attackers can use these vulnerabilities to perform administrator actions and gain access to affected devices

Trust: 1.35

sources: CNVD: CNVD-2013-13104 // CNNVD: CNNVD-201309-277 // BID: 62420

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-13104

AFFECTED PRODUCTS

vendor:onomodel:hitron cde-30364scope: - version: -

Trust: 0.6

vendor:onomodel:hitron cde-30364scope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2013-13104 // BID: 62420

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2013-13104
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2013-13104
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2013-13104

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-277

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201309-277

EXTERNAL IDS

db:BIDid:62420

Trust: 1.5

db:EXPLOIT-DBid:28279

Trust: 0.6

db:CNVDid:CNVD-2013-13104

Trust: 0.6

db:CNNVDid:CNNVD-201309-277

Trust: 0.6

sources: CNVD: CNVD-2013-13104 // BID: 62420 // CNNVD: CNNVD-201309-277

REFERENCES

url:http://www.exploit-db.com/exploits/28279/

Trust: 0.6

url:http://www.securityfocus.com/bid/62420

Trust: 0.6

url:http://www.ono.es/clientes/te-ayudamos/dudas/internet/equipos/hitron/hitron-cde-30364/

Trust: 0.3

sources: CNVD: CNVD-2013-13104 // BID: 62420 // CNNVD: CNNVD-201309-277

CREDITS

Matias Mingorance Svensson

Trust: 0.9

sources: BID: 62420 // CNNVD: CNNVD-201309-277

SOURCES

db:CNVDid:CNVD-2013-13104
db:BIDid:62420
db:CNNVDid:CNNVD-201309-277

LAST UPDATE DATE

2022-05-17T02:04:40.559000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-13104date:2013-09-18T00:00:00
db:BIDid:62420date:2013-09-14T00:00:00
db:CNNVDid:CNNVD-201309-277date:2013-09-18T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2013-13104date:2013-09-18T00:00:00
db:BIDid:62420date:2013-09-14T00:00:00
db:CNNVDid:CNNVD-201309-277date:2013-09-18T00:00:00