Details of VAR-201401-0091

ID

VAR-201401-0091

CVE

CVE-2013-3084

TITLE

Belkin N Wireless Router Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005960

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model F5D8236-4 v2 router allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. The Belkin F5D8236-4 N is a wireless router device. Belkin F5D8236-4 N has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, gain sensitive information, or hijack user sessions. The Belkin F5D8236-4 Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Belkin Model F5D8236-4 v2 Router is a wireless router product of Belkin Company in the United States

Trust: 2.52

sources: NVD: CVE-2013-3084 // JVNDB: JVNDB-2013-005960 // CNVD: CNVD-2013-04021 // BID: 59477 // VULHUB: VHN-63086

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04021

AFFECTED PRODUCTS

vendor:	belkin	model:	f5d8236-4	scope:	eq	version:	v2	Trust: 1.6
vendor:	belkin	model:	n wireless router	scope:	eq	version:	f5d8236-4 v2 (firmware)	Trust: 0.8
vendor:	belkin	model:	f5d8236-4	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2013-04021 // JVNDB: JVNDB-2013-005960 // CNNVD: CNNVD-201304-552 // NVD: CVE-2013-3084

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3084
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3084
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04021
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201304-552
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63086
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3084
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04021
severity:	LOW
baseScore:	2.9
vectorString:	AV:A/AC:M/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63086
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04021 // VULHUB: VHN-63086 // JVNDB: JVNDB-2013-005960 // CNNVD: CNNVD-201304-552 // NVD: CVE-2013-3084

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-63086 // JVNDB: JVNDB-2013-005960 // NVD: CVE-2013-3084

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-552

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-552

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005960

PATCH

title:

N Wireless Router

url:

http://www.belkin.com/us/support-product/?pid=01t80000001JNW5AAO

Trust: 0.8

sources: JVNDB: JVNDB-2013-005960

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3084	Trust: 3.4
db:	BID	id:	59477	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-005960	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-552	Trust: 0.7
db:	CNVD	id:	CNVD-2013-04021	Trust: 0.6
db:	XF	id:	83839	Trust: 0.6
db:	XF	id:	20133084	Trust: 0.6
db:	VULHUB	id:	VHN-63086	Trust: 0.1

sources: CNVD: CNVD-2013-04021 // VULHUB: VHN-63086 // BID: 59477 // JVNDB: JVNDB-2013-005960 // CNNVD: CNNVD-201304-552 // NVD: CVE-2013-3084

REFERENCES

url:	http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/83839	Trust: 1.1
url:	http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp	Trust: 0.9
url:	http://securityevaluators.com/content/case-studies/routers/belkin_f5d8236-4v2.jsp	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3084	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3084	Trust: 0.8
url:	http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf	Trust: 0.8
url:	http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/83839	Trust: 0.6
url:	http://www.securityfocus.com/bid/59477	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3

sources: CNVD: CNVD-2013-04021 // VULHUB: VHN-63086 // BID: 59477 // JVNDB: JVNDB-2013-005960 // CNNVD: CNNVD-201304-552 // NVD: CVE-2013-3084

CREDITS

Jacob Holcomb of Independent Security Evaluators

Trust: 0.9

sources: BID: 59477 // CNNVD: CNNVD-201304-552

SOURCES

db:	CNVD	id:	CNVD-2013-04021
db:	VULHUB	id:	VHN-63086
db:	BID	id:	59477
db:	JVNDB	id:	JVNDB-2013-005960
db:	CNNVD	id:	CNNVD-201304-552
db:	NVD	id:	CVE-2013-3084

LAST UPDATE DATE

2025-04-11T23:02:50.790000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04021	date:	2013-05-28T00:00:00
db:	VULHUB	id:	VHN-63086	date:	2017-08-29T00:00:00
db:	BID	id:	59477	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-005960	date:	2014-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201304-552	date:	2014-02-07T00:00:00
db:	NVD	id:	CVE-2013-3084	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04021	date:	2013-04-24T00:00:00
db:	VULHUB	id:	VHN-63086	date:	2014-01-30T00:00:00
db:	BID	id:	59477	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-005960	date:	2014-02-03T00:00:00
db:	CNNVD	id:	CNNVD-201304-552	date:	2013-04-27T00:00:00
db:	NVD	id:	CVE-2013-3084	date:	2014-01-30T15:06:22.923