Sign-up

ID

VAR-201401-0479


CVE

CVE-2013-7282


TITLE

Nisuta NS-WIR150NE and Nisuta NS-WIR300N Vulnerability that bypasses authentication in router firmware

Trust: 0.8

sources: JVNDB: JVNDB-2013-005820

DESCRIPTION

The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header. Nisuta routers are router devices. Nisuta multiple router devices remotely manage the WEB interface for security vulnerabilities. Because the program uses built-in cookies to manage authentication, submitting a specially crafted HTTP request bypasses authentication and operates router settings. Nisuta NS-WIR150NE and NS-WIR300N devices are prone to a remote authentication-bypass vulnerability. Remote attackers can exploit this issue to gain unauthorized access and perform administrative actions. The following are vulnerable: Nisuta NS-WIR150NE running firmware version 5.07.41 Nisuta NS-WIR300N running firmware version 5.07.36_NIS01. Both Nisuta NS-WIR150NE and NS-WIR300N are wireless routers produced by Spanish Nisuta Company

Trust: 2.52

sources: NVD: CVE-2013-7282 // JVNDB: JVNDB-2013-005820 // CNVD: CNVD-2014-00131 // BID: 64665 // VULHUB: VHN-67284

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00131

AFFECTED PRODUCTS

vendor:nisutamodel:ns-wir150nescope:eqversion:5.07.41

Trust: 2.4

vendor:nisutamodel:ns-wir300nscope:eqversion:5.07.36_nis01

Trust: 2.4

vendor:nisutamodel:ns-wir150nescope:eqversion: -

Trust: 1.0

vendor:nisutamodel:ns-wir300nscope:eqversion: -

Trust: 1.0

vendor:nisutamodel:ns-wir150nescope: - version: -

Trust: 0.8

vendor:nisutamodel:ns-wir300nscope: - version: -

Trust: 0.8

vendor:nisutamodel:routersscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-00131 // JVNDB: JVNDB-2013-005820 // CNNVD: CNNVD-201401-065 // NVD: CVE-2013-7282

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7282
value: HIGH

Trust: 1.0

NVD: CVE-2013-7282
value: HIGH

Trust: 0.8

CNVD: CNVD-2014-00131
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-065
value: CRITICAL

Trust: 0.6

VULHUB: VHN-67284
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-7282
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00131
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67284
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00131 // VULHUB: VHN-67284 // JVNDB: JVNDB-2013-005820 // CNNVD: CNNVD-201401-065 // NVD: CVE-2013-7282

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-67284 // JVNDB: JVNDB-2013-005820 // NVD: CVE-2013-7282

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-065

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201401-065

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005820

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-67284

PATCH
title:Top Pageurl:http://www.nisuta.com/
Trust: 0.8
title:Nisuta Multiple Router Hardcoded Cookies Remote Authentication Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/42198
Trust: 0.6
title:NSWIR150NFurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47399
Trust: 0.6
title:NSWIR150NEurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=47398
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00131 // 
            
            
            
            JVNDB: JVNDB-2013-005820 // 
            
            
            
            CNNVD: CNNVD-201401-065

EXTERNAL IDS
db:NVDid:CVE-2013-7282
Trust: 3.4
db:BIDid:64665
Trust: 1.6
db:JVNDBid:JVNDB-2013-005820
Trust: 0.8
db:EXPLOIT-DBid:30665
Trust: 0.7
db:CNNVDid:CNNVD-201401-065
Trust: 0.7
db:PACKETSTORMid:124650
Trust: 0.6
db:CNVDid:CNVD-2014-00131
Trust: 0.6
db:SEEBUGid:SSVID-84040
Trust: 0.1
db:VULHUBid:VHN-67284
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-00131 // 
            
            
            
            VULHUB: VHN-67284 // 
            
            
            
            BID: 64665 // 
            
            
            
            JVNDB: JVNDB-2013-005820 // 
            
            
            
            CNNVD: CNNVD-201401-065 // 
            
            
            
            NVD: CVE-2013-7282

REFERENCES
url:http://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html
Trust: 2.5
url:http://www.ampliasecurity.com/advisories/amplia-ara050913.txt
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7282
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7282
Trust: 0.8
url:http://packetstormsecurity.com/files/124650/nisuta-ns-wir150ne-ns-wir300n-authentication-bypass.html
Trust: 0.6
url:http://www.exploit-db.com/exploits/30665/
Trust: 0.6
url:http://www.securityfocus.com/bid/64665
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00131 // 
            
            
            
            VULHUB: VHN-67284 // 
            
            
            
            JVNDB: JVNDB-2013-005820 // 
            
            
            
            CNNVD: CNNVD-201401-065 // 
            
            
            
            NVD: CVE-2013-7282

CREDITS
Amplia Security Research
Trust: 0.9
sources:
            
            
            BID: 64665 // 
            
            
            
            CNNVD: CNNVD-201401-065

SOURCES
db:CNVDid:CNVD-2014-00131
db:VULHUBid:VHN-67284
db:BIDid:64665
db:JVNDBid:JVNDB-2013-005820
db:CNNVDid:CNNVD-201401-065
db:NVDid:CVE-2013-7282

LAST UPDATE DATE
2025-04-11T23:15:23.547000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2014-00131date:2014-01-09T00:00:00
db:VULHUBid:VHN-67284date:2014-01-10T00:00:00
db:BIDid:64665date:2014-01-14T00:42:00
db:JVNDBid:JVNDB-2013-005820date:2014-01-14T00:00:00
db:CNNVDid:CNNVD-201401-065date:2014-01-13T00:00:00
db:NVDid:CVE-2013-7282date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CNVDid:CNVD-2014-00131date:2014-01-09T00:00:00
db:VULHUBid:VHN-67284date:2014-01-10T00:00:00
db:BIDid:64665date:2013-12-26T00:00:00
db:JVNDBid:JVNDB-2013-005820date:2014-01-14T00:00:00
db:CNNVDid:CNNVD-201401-065date:2013-12-26T00:00:00
db:NVDid:CVE-2013-7282date:2014-01-10T12:02:51.700