Details of VAR-201309-0573

ID

VAR-201309-0573

TITLE

Tenda W309R Router Cookie Verification Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2013-13546

DESCRIPTION

The Tenda W309R Router WEB console does not have a correct COOKIE management mechanism, which allows an attacker to access the router device without providing a password. Tenda W309R is a wireless router product from China's Tenda. An authentication bypass vulnerability exists in the Tenda W309R router. An attacker could use this vulnerability to gain access to affected devices and sensitive information. There are vulnerabilities in Tenda W309R version 5.07.46, other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2013-13546 // CNNVD: CNNVD-201310-160 // BID: 62733

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-13546

AFFECTED PRODUCTS

vendor:	-	model:	tenda technology co.,ltd. w309r router	scope:	eq	version:	5.07.46	Trust: 0.6
vendor:	tenda	model:	w309r	scope:	eq	version:	5.7.46	Trust: 0.3

sources: CNVD: CNVD-2013-13546 // BID: 62733

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-13546
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2013-13546
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-13546

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201310-160

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201310-160

EXTERNAL IDS

db:	BID	id:	62733	Trust: 1.5
db:	EXPLOIT-DB	id:	28649	Trust: 0.6
db:	CNVD	id:	CNVD-2013-13546	Trust: 0.6
db:	CNNVD	id:	CNNVD-201310-160	Trust: 0.6

sources: CNVD: CNVD-2013-13546 // BID: 62733 // CNNVD: CNNVD-201310-160

REFERENCES

url:	http://www.exploit-db.com/exploits/28649/	Trust: 0.6
url:	http://www.securityfocus.com/bid/62733	Trust: 0.6
url:	http://www.tenda.cn/tendacn/product/show.aspx?productid=382	Trust: 0.3

sources: CNVD: CNVD-2013-13546 // BID: 62733 // CNNVD: CNNVD-201310-160

CREDITS

SANTHO

Trust: 0.9

sources: BID: 62733 // CNNVD: CNNVD-201310-160

SOURCES

db:	CNVD	id:	CNVD-2013-13546
db:	BID	id:	62733
db:	CNNVD	id:	CNNVD-201310-160

LAST UPDATE DATE

2022-05-17T02:01:13.754000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-13546	date:	2013-10-10T00:00:00
db:	BID	id:	62733	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201310-160	date:	2013-10-12T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-13546	date:	2013-10-10T00:00:00
db:	BID	id:	62733	date:	2013-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201310-160	date:	2013-09-30T00:00:00