Sign-up

ID

VAR-201403-0714


TITLE

Ubee EVW3200 Cross-Site Request Forgery Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2014-01916

DESCRIPTION

The Ubee EVW3200 is a TV broadband cat product. The Ubee EVW3200 has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context.

Trust: 0.6

sources: CNVD: CNVD-2014-01916

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-01916

AFFECTED PRODUCTS

vendor:ubeemodel:evw3200scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2014-01916

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-01916
value: LOW

Trust: 0.6

CNVD: CNVD-2014-01916
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-01916

EXTERNAL IDS

db:SECUNIAid:57398

Trust: 0.6

db:CNVDid:CNVD-2014-01916

Trust: 0.6

sources: CNVD: CNVD-2014-01916

REFERENCES

url:http://www.nerdbox.it/ubee-evw3200-multiple-vulnerabilities/

Trust: 0.6

url:http://secunia.com/advisories/57398/

Trust: 0.6

sources: CNVD: CNVD-2014-01916

SOURCES

db:CNVDid:CNVD-2014-01916

LAST UPDATE DATE

2022-05-17T02:10:38.281000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-01916date:2014-03-25T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-01916date:2014-03-25T00:00:00