Details of VAR-201309-0566

ID

VAR-201309-0566

TITLE

ASUS RT-N66U 'apply.cgi' Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-13476

DESCRIPTION

ASUS RT-N66U 'apply.cgi' has a cross-site request forgery that allows remote attackers to exploit vulnerabilities to build malicious URIs, to trick users into parsing, and to execute arbitrary commands in the target user context. ASUS RT-N66U is a wireless router product from ASUS. A cross-site request forgery vulnerability exists in ASUS RT-N66U. An unauthorized attacker could use this vulnerability to perform administrator actions to gain access to the affected device. There are vulnerabilities in ASUS RT-N66U 3.0.0.4.374_720. Other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2013-13476 // CNNVD: CNNVD-201310-159 // BID: 62726

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13476

AFFECTED PRODUCTS

vendor:

asus

model:

rt-n66u 3.0.0.4.374 720

scope:

version:

Trust: 0.9

sources: CNVD: CNVD-2013-13476 // BID: 62726

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-13476
value:	LOW
Trust: 0.6

CNVD:	CNVD-2013-13476
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13476

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-159

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201310-159

EXTERNAL IDS

db:	BID	id:	62726	Trust: 1.5
db:	EXPLOIT-DB	id:	28652	Trust: 0.6
db:	CNVD	id:	CNVD-2013-13476	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-159	Trust: 0.6

sources: CNVD: CNVD-2013-13476 // BID: 62726 // CNNVD: CNNVD-201310-159

REFERENCES

url:	http://www.exploit-db.com/exploits/28652/	Trust: 0.6
url:	http://www.securityfocus.com/bid/62726	Trust: 0.6
url:	https://www.qxcg.net/arbitrary-command-execution-on-an-asus-rtn66u.html	Trust: 0.3
url:	http://www.asus.com/networking/rtn66u/	Trust: 0.3

sources: CNVD: CNVD-2013-13476 // BID: 62726 // CNNVD: CNNVD-201310-159

CREDITS

cgcai

Trust: 0.9

sources: BID: 62726 // CNNVD: CNNVD-201310-159

SOURCES

db:	CNVD	id:	CNVD-2013-13476
db:	BID	id:	62726
db:	CNNVD	id:	CNNVD-201310-159

LAST UPDATE DATE

2022-05-17T01:53:13.136000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13476	date:	2013-10-09T00:00:00
db:	BID	id:	62726	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201310-159	date:	2013-10-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13476	date:	2013-10-09T00:00:00
db:	BID	id:	62726	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201310-159	date:	2013-09-30T00:00:00