Sign-up

ID

VAR-201401-0526


CVE

CVE-2013-7293


TITLE

ASUS Wireless Router products contain a static DNS entry

Trust: 0.8

sources: CERT/CC: VU#191750

DESCRIPTION

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks

Trust: 3.24

sources: NVD: CVE-2013-7293 // CERT/CC: VU#191750 // JVNDB: JVNDB-2014-001127 // CNVD: CNVD-2014-00424 // BID: 64799 // VULHUB: VHN-67295

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-00424

AFFECTED PRODUCTS

vendor:asusmodel:wl-330nulscope:eqversion: -

Trust: 1.6

vendor:asustek computermodel: - scope: - version: -

Trust: 0.8

vendor:asustek computermodel:wl-330nulscope: - version: -

Trust: 0.8

vendor:asustek computermodel:asus wl-330nul pocket wifiscope: - version: -

Trust: 0.6

sources: CERT/CC: VU#191750 // CNVD: CNVD-2014-00424 // JVNDB: JVNDB-2014-001127 // CNNVD: CNNVD-201401-327 // NVD: CVE-2013-7293

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7293
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-7293
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-00424
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201401-327
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67295
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7293
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2014-00424
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67295
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2014-00424 // VULHUB: VHN-67295 // JVNDB: JVNDB-2014-001127 // CNNVD: CNNVD-201401-327 // NVD: CVE-2013-7293

PROBLEMTYPE DATA

problemtype:CWE-16

Trust: 1.9

problemtype:CWE-284

Trust: 1.1

sources: VULHUB: VHN-67295 // JVNDB: JVNDB-2014-001127 // NVD: CVE-2013-7293

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-327

TYPE

Configuration Error

Trust: 0.9

sources: BID: 64799 // CNNVD: CNNVD-201401-327

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001127

PATCH
title:Drivers and Downloadurl:http://support.asus.com/download/options.aspx
Trust: 0.8
title:ASUS WL-330NUL Pocket Wifi Router Static DNS Entry Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/42546
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-00424 // 
            
            
            
            JVNDB: JVNDB-2014-001127

EXTERNAL IDS
db:CERT/CCid:VU#191750
Trust: 3.9
db:NVDid:CVE-2013-7293
Trust: 3.4
db:BIDid:64799
Trust: 1.4
db:JVNid:JVNVU90604200
Trust: 0.8
db:JVNDBid:JVNDB-2014-001127
Trust: 0.8
db:CNNVDid:CNNVD-201401-327
Trust: 0.7
db:CNVDid:CNVD-2014-00424
Trust: 0.6
db:VULHUBid:VHN-67295
Trust: 0.1
sources:
            
            
            CERT/CC: VU#191750 // 
            
            
            
            CNVD: CNVD-2014-00424 // 
            
            
            
            VULHUB: VHN-67295 // 
            
            
            
            BID: 64799 // 
            
            
            
            JVNDB: JVNDB-2014-001127 // 
            
            
            
            CNNVD: CNNVD-201401-327 // 
            
            
            
            NVD: CVE-2013-7293

REFERENCES
url:http://www.kb.cert.org/vuls/id/191750
Trust: 3.1
url:http://www.securityfocus.com/bid/64799
Trust: 1.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://support.asus.com/download/options.aspx?slanguage=en
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7293
Trust: 0.8
url:http://jvn.jp/cert/jvnvu90604200/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7293
Trust: 0.8
sources:
            
            
            CERT/CC: VU#191750 // 
            
            
            
            CNVD: CNVD-2014-00424 // 
            
            
            
            VULHUB: VHN-67295 // 
            
            
            
            JVNDB: JVNDB-2014-001127 // 
            
            
            
            CNNVD: CNNVD-201401-327 // 
            
            
            
            NVD: CVE-2013-7293

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 64799

SOURCES
db:CERT/CCid:VU#191750
db:CNVDid:CNVD-2014-00424
db:VULHUBid:VHN-67295
db:BIDid:64799
db:JVNDBid:JVNDB-2014-001127
db:CNNVDid:CNNVD-201401-327
db:NVDid:CVE-2013-7293

LAST UPDATE DATE
2025-04-11T23:14:40.572000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#191750date:2016-05-11T00:00:00
db:CNVDid:CNVD-2014-00424date:2014-01-17T00:00:00
db:VULHUBid:VHN-67295date:2016-12-31T00:00:00
db:BIDid:64799date:2014-01-16T14:33:00
db:JVNDBid:JVNDB-2014-001127date:2014-01-20T00:00:00
db:CNNVDid:CNNVD-201401-327date:2014-01-22T00:00:00
db:NVDid:CVE-2013-7293date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:CERT/CCid:VU#191750date:2014-01-13T00:00:00
db:CNVDid:CNVD-2014-00424date:2014-01-17T00:00:00
db:VULHUBid:VHN-67295date:2014-01-15T00:00:00
db:BIDid:64799date:2013-11-25T00:00:00
db:JVNDBid:JVNDB-2014-001127date:2014-01-17T00:00:00
db:CNNVDid:CNNVD-201401-327date:2014-01-22T00:00:00
db:NVDid:CVE-2013-7293date:2014-01-15T16:13:03.757