Details of VAR-201312-0505

ID

VAR-201312-0505

TITLE

IQ3 Series Trend LAN Controllers 'ovrideStart' Multiple Cross-Site Scripting Vulnerabilities

Trust: 0.8

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14934

DESCRIPTION

IQ3 Series Trend LAN Controllers is a building controller device. Multiple cross-site scripting vulnerabilities exist in IQ3 Series Trend LAN Controllers. Inputs passed to the K.htm, Z.htm, P.htm, and S.htm via the \"ovrideStart\" GET parameter are not filtered before returning to the user, allowing remote attackers to exploit the vulnerability to build malicious URIs, enticing the user to resolve, and when malicious data Get sensitive information or hijack user sessions when viewed

Trust: 0.72

sources: CNVD: CNVD-2013-14934 // IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:	['ICS', 'Network device']	sub_category:	-	Trust: 0.6
category:	['ICS']	sub_category:	-	Trust: 0.2

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14934

AFFECTED PRODUCTS

vendor:	trend	model:	control systems ltd iq3 series trend lan controllers	scope:	-	version:	-	Trust: 0.6
vendor:	trend	model:	control systems ltd iq3 series	scope:	eq	version:	*	Trust: 0.2
vendor:	trend	model:	lan controllers	scope:	eq	version:	*	Trust: 0.2

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14934

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-14934
value:	MEDIUM
Trust: 0.6
IVD:	6cab8828-1ef9-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2

CNVD:	CNVD-2013-14934
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	6cab8828-1ef9-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14934

TYPE

Cross-site scripting

Trust: 0.2

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d

EXTERNAL IDS

db:	CNVD	id:	CNVD-2013-14934	Trust: 0.8
db:	SECUNIA	id:	55827	Trust: 0.6
db:	IVD	id:	6CAB8828-1EF9-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 6cab8828-1ef9-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14934

REFERENCES

url:	http://secunia.com/advisories/55827/	Trust: 0.6
url:	http://dariusfreamon.wordpress.com/2013/10/23/iq3-trend-lan-controller-multiple-reflected-xss/	Trust: 0.6

sources: CNVD: CNVD-2013-14934

SOURCES

db:	IVD	id:	6cab8828-1ef9-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-14934

LAST UPDATE DATE

2022-05-17T01:53:12.642000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2013-14934

date:

2013-12-09T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	6cab8828-1ef9-11e6-abef-000c29c66e3d	date:	2013-12-09T00:00:00
db:	CNVD	id:	CNVD-2013-14934	date:	2013-12-09T00:00:00