Details of VAR-201312-0577

ID

VAR-201312-0577

TITLE

Multiple Cross-Site Request Forgery Vulnerabilities in Beetel TC1-450 Wireless Router

Trust: 0.6

sources: CNVD: CNVD-2013-15291

DESCRIPTION

The Beetel TC1-450 Wireless Router has multiple cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the target user context. Such as changing the WPA password, router reset, change management password, etc. Beetel TC1-450 wireless Router is a wireless router equipment of Beetel Company in India. There is a cross-site request forgery vulnerability in Beetel TC1-450 wireless routers using TM4-0Q-020 and earlier firmware. A remote attacker could use this vulnerability to perform administrator actions to control the affected device

Trust: 1.35

sources: CNVD: CNVD-2013-15291 // CNNVD: CNNVD-201312-345 // BID: 64344

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-15291

AFFECTED PRODUCTS

vendor:

beetel

model:

tc1-450 wireless router tm4-0q-020

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2013-15291

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-15291
value:	LOW
Trust: 0.6

CNVD:	CNVD-2013-15291
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2013-15291

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-345

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201312-345

EXTERNAL IDS

db:	BID	id:	64344	Trust: 1.5
db:	EXPLOIT-DB	id:	30361	Trust: 0.6
db:	CNVD	id:	CNVD-2013-15291	Trust: 0.6
db:	CNNVD	id:	CNNVD-201312-345	Trust: 0.6

sources: CNVD: CNVD-2013-15291 // BID: 64344 // CNNVD: CNNVD-201312-345

REFERENCES

url:	http://www.exploit-db.com/exploits/30361/	Trust: 0.6
url:	http://www.securityfocus.com/bid/64344	Trust: 0.6

sources: CNVD: CNVD-2013-15291 // CNNVD: CNNVD-201312-345

CREDITS

Samandeep Singh

Trust: 0.9

sources: BID: 64344 // CNNVD: CNNVD-201312-345

SOURCES

db:	CNVD	id:	CNVD-2013-15291
db:	BID	id:	64344
db:	CNNVD	id:	CNNVD-201312-345

LAST UPDATE DATE

2022-05-17T01:48:03.559000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-15291	date:	2013-12-18T00:00:00
db:	BID	id:	64344	date:	2013-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201312-345	date:	2013-12-18T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-15291	date:	2013-12-18T00:00:00
db:	BID	id:	64344	date:	2013-12-16T00:00:00
db:	CNNVD	id:	CNNVD-201312-345	date:	2013-12-18T00:00:00