Sign-up

ID

VAR-201404-0694


TITLE

ICOMM 610 Wireless Modem Cross-Site Request Forgery Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-02141 // CNNVD: CNNVD-201406-148

DESCRIPTION

The ICOMM 610 Wireless Modem has a cross-site request forgery vulnerability that allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. ICOMM Tele ICOMM 610 is a wireless broadband modem (Modem) product from India's ICOMM Tele. A cross-site request forgery vulnerability exists in ICOMM Tele ICOMM 610 01.01.08.991 and earlier versions. A remote attacker could use this vulnerability to perform unauthorized operations. ICOMM 610 is prone to a cross-site request-forgery vulnerability. This may lead to further attacks. ICOMM 610 01.01.08.991 and prior are vulnerable

Trust: 1.35

sources: CNVD: CNVD-2014-02141 // CNNVD: CNNVD-201406-148 // BID: 66593

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02141

AFFECTED PRODUCTS

vendor:icommmodel:wireless modemscope:eqversion:610

Trust: 0.6

sources: CNVD: CNVD-2014-02141

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-02141
value: LOW

Trust: 0.6

CNVD: CNVD-2014-02141
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-02141

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-148

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201406-148

EXTERNAL IDS

db:BIDid:66593

Trust: 1.5

db:EXPLOIT-DBid:32659

Trust: 0.6

db:CNVDid:CNVD-2014-02141

Trust: 0.6

db:CNNVDid:CNNVD-201406-148

Trust: 0.6

sources: CNVD: CNVD-2014-02141 // BID: 66593 // CNNVD: CNNVD-201406-148

REFERENCES

url:http://www.exploit-db.com/exploits/32659/

Trust: 0.6

url:http://www.securityfocus.com/bid/66593

Trust: 0.6

sources: CNVD: CNVD-2014-02141 // CNNVD: CNNVD-201406-148

CREDITS

Blessen Thomas

Trust: 0.9

sources: BID: 66593 // CNNVD: CNNVD-201406-148

SOURCES

db:CNVDid:CNVD-2014-02141
db:BIDid:66593
db:CNNVDid:CNNVD-201406-148

LAST UPDATE DATE

2022-05-17T01:43:22.822000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02141date:2014-04-04T00:00:00
db:BIDid:66593date:2014-04-02T00:00:00
db:CNNVDid:CNNVD-201406-148date:2014-06-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-02141date:2014-04-04T00:00:00
db:BIDid:66593date:2014-04-02T00:00:00
db:CNNVDid:CNNVD-201406-148date:2014-04-02T00:00:00