Sign-up

ID

VAR-201401-0092


CVE

CVE-2013-3087


TITLE

Belkin Advance N900 Dual-Band Wireless Router Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2013-005961

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 router allow remote attackers to inject arbitrary web script or HTML via the (1) ssid2 parameter to wl_channel.html or (2) guest_psk parameter to wl_guest.html. The Belkin N900 Dual-Band Wireless Router is a wireless router device. The Belkin N900 router is prone to an unspecified cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability is caused by the incorrect filtering of the 'ssid2' parameter in the wl_channel.html page and the incorrect filtering of the 'guest_psk' parameter in the wl_guest.html page

Trust: 2.52

sources: NVD: CVE-2013-3087 // JVNDB: JVNDB-2013-005961 // CNVD: CNVD-2013-04029 // BID: 59482 // VULHUB: VHN-63089

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04029

AFFECTED PRODUCTS

vendor:belkinmodel:n900scope:eqversion: -

Trust: 1.6

vendor:belkinmodel:advance n900 dual-band wireless routerscope: - version: -

Trust: 0.8

vendor:belkinmodel:n900 dual-band wireless routerscope:eqversion:1.00.23

Trust: 0.6

sources: CNVD: CNVD-2013-04029 // JVNDB: JVNDB-2013-005961 // CNNVD: CNNVD-201304-563 // NVD: CVE-2013-3087

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3087
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-3087
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04029
value: LOW

Trust: 0.6

CNNVD: CNNVD-201304-563
value: MEDIUM

Trust: 0.6

VULHUB: VHN-63089
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-3087
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2013-04029
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-63089
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-04029 // VULHUB: VHN-63089 // JVNDB: JVNDB-2013-005961 // CNNVD: CNNVD-201304-563 // NVD: CVE-2013-3087

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-63089 // JVNDB: JVNDB-2013-005961 // NVD: CVE-2013-3087

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-563

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-563

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005961

PATCH
title:Advance N900 Dual-Band Wireless Routerurl:http://www.belkin.com/us/support-product?pid=01t80000002wBUHAA2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-005961

EXTERNAL IDS
db:NVDid:CVE-2013-3087
Trust: 3.4
db:BIDid:59482
Trust: 1.0
db:JVNDBid:JVNDB-2013-005961
Trust: 0.8
db:CNNVDid:CNNVD-201304-563
Trust: 0.7
db:CNVDid:CNVD-2013-04029
Trust: 0.6
db:XFid:900
Trust: 0.6
db:XFid:83831
Trust: 0.6
db:VULHUBid:VHN-63089
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-04029 // 
            
            
            
            VULHUB: VHN-63089 // 
            
            
            
            BID: 59482 // 
            
            
            
            JVNDB: JVNDB-2013-005961 // 
            
            
            
            CNNVD: CNNVD-201304-563 // 
            
            
            
            NVD: CVE-2013-3087

REFERENCES
url:http://securityevaluators.com/content/case-studies/routers/vulnerability_catalog.pdf
Trust: 1.7
url:http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/83831
Trust: 1.1
url:http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp
Trust: 0.9
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3087
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3087
Trust: 0.8
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 0.8
url:http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/83831
Trust: 0.6
url:http://www.securityfocus.com/bid/59482
Trust: 0.6
url:http://www.belkin.com/index.asp
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04029 // 
            
            
            
            VULHUB: VHN-63089 // 
            
            
            
            BID: 59482 // 
            
            
            
            JVNDB: JVNDB-2013-005961 // 
            
            
            
            CNNVD: CNNVD-201304-563 // 
            
            
            
            NVD: CVE-2013-3087

CREDITS
Jacob Holcomb of Independent Security Evaluators
Trust: 0.9
sources:
            
            
            BID: 59482 // 
            
            
            
            CNNVD: CNNVD-201304-563

SOURCES
db:CNVDid:CNVD-2013-04029
db:VULHUBid:VHN-63089
db:BIDid:59482
db:JVNDBid:JVNDB-2013-005961
db:CNNVDid:CNNVD-201304-563
db:NVDid:CVE-2013-3087

LAST UPDATE DATE
2025-04-11T23:01:42.830000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04029date:2013-04-24T00:00:00
db:VULHUBid:VHN-63089date:2017-08-29T00:00:00
db:BIDid:59482date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-005961date:2014-02-03T00:00:00
db:CNNVDid:CNNVD-201304-563date:2014-02-07T00:00:00
db:NVDid:CVE-2013-3087date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04029date:2013-04-24T00:00:00
db:VULHUBid:VHN-63089date:2014-01-30T00:00:00
db:BIDid:59482date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-005961date:2014-02-03T00:00:00
db:CNNVDid:CNNVD-201304-563date:2013-04-27T00:00:00
db:NVDid:CVE-2013-3087date:2014-01-30T15:06:22.940