Sign-up

ID

VAR-201402-0470


TITLE

Trendchip HG520 Cross-Site Request Forgery Vulnerability

Trust: 1.4

sources: IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01081 // CNNVD: CNNVD-201402-243

DESCRIPTION

The Trendchip HG520 ADSL2+ is a wireless router. Trendchip HG520 ADSL2+ has a feature that allows remote attackers to build malicious URIs, entice users to parse, and perform malicious operations in the target user context, such as manipulating user data. Trendchip HG520 is a wireless cat product from Trendchip. There is a cross-site request forgery vulnerability in Trendchip HG520 running 2.11.38.0 (RE0.C2B) version 3.9.9.5 firmware. A remote attacker could use this vulnerability to perform unauthorized operations. Trendchip HG520 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks

Trust: 1.53

sources: CNVD: CNVD-2014-01081 // CNNVD: CNNVD-201402-243 // BID: 65589 // IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS', 'Network device']sub_category: -

Trust: 0.6

category:['ICS']sub_category: -

Trust: 0.2

sources: IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01081

AFFECTED PRODUCTS

vendor:trendchipmodel:hg520 adsl2+scope: - version: -

Trust: 0.6

vendor:trendchipmodel:hg520scope:eqversion:2.11.38

Trust: 0.3

vendor:trendchipmodel:hg520 adsl2+scope:eqversion:*

Trust: 0.2

sources: IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01081 // BID: 65589

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-01081
value: LOW

Trust: 0.6

IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d
value: LOW

Trust: 0.2

CNVD: CNVD-2014-01081
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01081

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201402-243

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201402-243

EXTERNAL IDS

db:BIDid:65589

Trust: 1.5

db:CNVDid:CNVD-2014-01081

Trust: 0.8

db:EXPLOIT-DBid:31690

Trust: 0.6

db:CNNVDid:CNNVD-201402-243

Trust: 0.6

db:IVDid:835CACAA-1EEA-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 835cacaa-1eea-11e6-abef-000c29c66e3d // CNVD: CNVD-2014-01081 // BID: 65589 // CNNVD: CNNVD-201402-243

REFERENCES

url:http://www.exploit-db.com/exploits/31690/

Trust: 0.6

url:http://www.securityfocus.com/bid/65589

Trust: 0.6

url:http://www.tp-link.com/en/

Trust: 0.3

sources: CNVD: CNVD-2014-01081 // BID: 65589 // CNNVD: CNNVD-201402-243

CREDITS

Dhruv Shah

Trust: 0.9

sources: BID: 65589 // CNNVD: CNNVD-201402-243

SOURCES

db:IVDid:835cacaa-1eea-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2014-01081
db:BIDid:65589
db:CNNVDid:CNNVD-201402-243

LAST UPDATE DATE

2022-05-17T01:41:21.580000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-01081date:2014-02-20T00:00:00
db:BIDid:65589date:2014-02-16T00:00:00
db:CNNVDid:CNNVD-201402-243date:2014-03-03T00:00:00

SOURCES RELEASE DATE

db:IVDid:835cacaa-1eea-11e6-abef-000c29c66e3ddate:2014-02-20T00:00:00
db:CNVDid:CNVD-2014-01081date:2014-02-20T00:00:00
db:BIDid:65589date:2014-02-16T00:00:00
db:CNNVDid:CNNVD-201402-243date:2014-02-16T00:00:00