Sign-up

ID

VAR-201403-0358


CVE

CVE-2014-0343


TITLE

Virtual Access GW6110A router privilege escalation vulnerability

Trust: 1.4

sources: CERT/CC: VU#213046 // CNVD: CNVD-2014-01950

DESCRIPTION

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. Virtual Access Provided by GW6110A Contains a privilege escalation vulnerability. Virtual Access Provided by GW6110A of Web The administration screen shows the problem of managing user rights (CWE-472) A privilege escalation vulnerability exists. CWE-472: External Control of Assumed-Immutable Web Parameter http://cwe.mitre.org/data/definitions/472.htmlPrivileges may be elevated by users who can log in to the product. As a result, you may be able to access features with administrator privileges. Virtual Access GW6110A routers is a router device. Remote attackers can exploit this issue to gain privileges and perform unauthorized actions

Trust: 3.24

sources: NVD: CVE-2014-0343 // CERT/CC: VU#213046 // JVNDB: JVNDB-2014-001793 // CNVD: CNVD-2014-01950 // BID: 66408 // VULHUB: VHN-67836

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01950

AFFECTED PRODUCTS

vendor:virtualaccessmodel:gw6110ascope:eqversion:9.50

Trust: 1.6

vendor:virtualaccessmodel:gw6110ascope:eqversion:9.00

Trust: 1.6

vendor:virtualaccessmodel:gw6110ascope:eqversion:10.00

Trust: 1.6

vendor:virtualaccessmodel:gw6110ascope:eqversion: -

Trust: 1.0

vendor:virtual accessmodel: - scope: - version: -

Trust: 0.8

vendor:virtual accessmodel:gw6110ascope: - version: -

Trust: 0.8

vendor:virtual accessmodel:gw6110ascope:ltversion:version 10.00.21 earlier 10.00 system

Trust: 0.8

vendor:virtual accessmodel:gw6110ascope:ltversion:version 9.09.27 earlier 9.00 system

Trust: 0.8

vendor:virtual accessmodel:gw6110ascope:ltversion:version 9.50.21 earlier 9.50 system

Trust: 0.8

vendor:virtualmodel:access gw6110ascope:eqversion:9.09.26

Trust: 0.6

vendor:virtualmodel:access gw6110ascope:eqversion:9.50.20

Trust: 0.6

vendor:virtualmodel:access gw6110ascope:eqversion:10.00.20

Trust: 0.6

sources: CERT/CC: VU#213046 // CNVD: CNVD-2014-01950 // JVNDB: JVNDB-2014-001793 // CNNVD: CNNVD-201403-447 // NVD: CVE-2014-0343

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0343
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0343
value: LOW

Trust: 0.8

NVD: CVE-2014-0343
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2014-01950
value: LOW

Trust: 0.6

CNNVD: CNNVD-201403-447
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67836
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0343
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2014-0343
severity: LOW
baseScore: 2.3
vectorString: NONE
accessVector: ADJACENT NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2014-01950
severity: LOW
baseScore: 2.3
vectorString: AV:A/AC:M/AU:S/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.4
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-67836
severity: MEDIUM
baseScore: 4.9
vectorString: AV:A/AC:M/AU:S/C:P/I:P/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.4
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#213046 // CNVD: CNVD-2014-01950 // VULHUB: VHN-67836 // JVNDB: JVNDB-2014-001793 // CNNVD: CNNVD-201403-447 // NVD: CVE-2014-0343

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2014-001793 // NVD: CVE-2014-0343

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201403-447

TYPE

Design Error

Trust: 0.3

sources: BID: 66408

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001793

PATCH
title:GW6000 Seriesurl:http://www.virtualaccess.com/GW6000-adsl2-router.php
Trust: 0.8
title:Virtual Access GW6110A Router Privilege Escalation Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/44519
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-01950 // 
            
            
            
            JVNDB: JVNDB-2014-001793

EXTERNAL IDS
db:CERT/CCid:VU#213046
Trust: 3.9
db:NVDid:CVE-2014-0343
Trust: 3.4
db:BIDid:66408
Trust: 1.0
db:JVNid:JVNVU94951842
Trust: 0.8
db:JVNDBid:JVNDB-2014-001793
Trust: 0.8
db:CNNVDid:CNNVD-201403-447
Trust: 0.7
db:OSVDBid:104946
Trust: 0.6
db:CNVDid:CNVD-2014-01950
Trust: 0.6
db:VULHUBid:VHN-67836
Trust: 0.1
sources:
            
            
            CERT/CC: VU#213046 // 
            
            
            
            CNVD: CNVD-2014-01950 // 
            
            
            
            VULHUB: VHN-67836 // 
            
            
            
            BID: 66408 // 
            
            
            
            JVNDB: JVNDB-2014-001793 // 
            
            
            
            CNNVD: CNNVD-201403-447 // 
            
            
            
            NVD: CVE-2014-0343

REFERENCES
url:http://www.kb.cert.org/vuls/id/213046
Trust: 3.1
url:about vulnerability notes
Trust: 0.8
url:contact us about this vulnerability
Trust: 0.8
url:provide a vendor statement
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0343
Trust: 0.8
url:http://jvn.jp/vu/jvnvu94951842/index.html
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0343
Trust: 0.8
url:http://osvdb.com/show/osvdb/104946
Trust: 0.6
sources:
            
            
            CERT/CC: VU#213046 // 
            
            
            
            CNVD: CNVD-2014-01950 // 
            
            
            
            VULHUB: VHN-67836 // 
            
            
            
            JVNDB: JVNDB-2014-001793 // 
            
            
            
            CNNVD: CNNVD-201403-447 // 
            
            
            
            NVD: CVE-2014-0343

CREDITS
James Premo
Trust: 0.3
sources:
            
            
            BID: 66408

SOURCES
db:CERT/CCid:VU#213046
db:CNVDid:CNVD-2014-01950
db:VULHUBid:VHN-67836
db:BIDid:66408
db:JVNDBid:JVNDB-2014-001793
db:CNNVDid:CNNVD-201403-447
db:NVDid:CVE-2014-0343

LAST UPDATE DATE
2025-04-13T23:32:50.605000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#213046date:2014-03-25T00:00:00
db:CNVDid:CNVD-2014-01950date:2014-03-27T00:00:00
db:VULHUBid:VHN-67836date:2014-03-26T00:00:00
db:BIDid:66408date:2014-03-25T00:00:00
db:JVNDBid:JVNDB-2014-001793date:2014-03-28T00:00:00
db:CNNVDid:CNNVD-201403-447date:2014-03-26T00:00:00
db:NVDid:CVE-2014-0343date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CERT/CCid:VU#213046date:2014-03-25T00:00:00
db:CNVDid:CNVD-2014-01950date:2014-03-27T00:00:00
db:VULHUBid:VHN-67836date:2014-03-25T00:00:00
db:BIDid:66408date:2014-03-25T00:00:00
db:JVNDBid:JVNDB-2014-001793date:2014-03-26T00:00:00
db:CNNVDid:CNNVD-201403-447date:2014-03-26T00:00:00
db:NVDid:CVE-2014-0343date:2014-03-25T20:55:07.027