Details of VAR-201401-0693

ID

VAR-201401-0693

TITLE

EE Bright Box Router Security Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-00683

DESCRIPTION

Because the device fails to restrict access to certain scripts, the attacker is allowed direct access to get administrator account information or other sensitive settings. Allows an attacker to build a malicious URI, entice a user to parse, and perform malicious actions, such as changing settings. EE bright box Router is a router product of British EE company. Cross-site request forgery vulnerability and security bypass vulnerability exist in EE bright box router. A remote attacker could use this vulnerability to perform unauthorized operations, bypass security restrictions, and gain access to affected devices. There may also be other forms of attack. Other attacks are also possible

Trust: 1.89

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682 // CNNVD: CNNVD-201401-525 // BID: 65143

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682

AFFECTED PRODUCTS

vendor:

model:

bright box ee bright box router

scope:

version:

Trust: 1.2

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-00683
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2014-00682
value:	LOW
Trust: 0.6

CNVD:	CNVD-2014-00683
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2014-00682
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-525

TYPE

Design Error

Trust: 0.3

sources: BID: 65143

EXTERNAL IDS

db:	BID	id:	65143	Trust: 2.1
db:	CNVD	id:	CNVD-2014-00683	Trust: 0.6
db:	CNVD	id:	CNVD-2014-00682	Trust: 0.6
db:	CNNVD	id:	CNNVD-201401-525	Trust: 0.6

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682 // BID: 65143 // CNNVD: CNNVD-201401-525

REFERENCES

url:	https://scotthelme.co.uk/ee-brightbox-router-hacked/	Trust: 1.2
url:	http://www.securityfocus.com/bid/65143	Trust: 0.6

sources: CNVD: CNVD-2014-00683 // CNVD: CNVD-2014-00682 // CNNVD: CNNVD-201401-525

CREDITS

Scott Helme

Trust: 0.9

sources: BID: 65143 // CNNVD: CNNVD-201401-525

SOURCES

db:	CNVD	id:	CNVD-2014-00683
db:	CNVD	id:	CNVD-2014-00682
db:	BID	id:	65143
db:	CNNVD	id:	CNNVD-201401-525

LAST UPDATE DATE

2022-05-17T02:00:02.833000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-00683	date:	2014-01-28T00:00:00
db:	CNVD	id:	CNVD-2014-00682	date:	2014-01-28T00:00:00
db:	BID	id:	65143	date:	2014-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201401-525	date:	2014-01-28T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-00683	date:	2014-01-28T00:00:00
db:	CNVD	id:	CNVD-2014-00682	date:	2014-01-28T00:00:00
db:	BID	id:	65143	date:	2014-01-24T00:00:00
db:	CNNVD	id:	CNNVD-201401-525	date:	2014-01-28T00:00:00