Sign-up

ID

VAR-201404-0716


TITLE

Halon Security Router Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 66707 // CNNVD: CNNVD-201406-142

DESCRIPTION

Halon Security Router is a router product from Halon Security, USA. There are multiple security vulnerabilities in Halon Security Router 3.2-winter-r1 and earlier versions: 1. Cross-site scripting vulnerability 2. Cross-site request forgery vulnerability 3. Open redirection vulnerability. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication, performing unauthorized operations, or redirecting users to malicious websites. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-02387 // CNNVD: CNNVD-201406-142 // BID: 66707

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-02387

AFFECTED PRODUCTS

vendor:halonmodel:security halon security router 3.2-winter-r1scope: - version: -

Trust: 0.6

vendor:halonmodel:security router 3.2-winter-r1scope: - version: -

Trust: 0.3

vendor:halonmodel:security router 3.2r2scope:neversion: -

Trust: 0.3

sources: CNVD: CNVD-2014-02387 // BID: 66707

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2014-02387
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2014-02387
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2014-02387

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201406-142

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 66707

PATCH

title:Halon Security Router has multiple security vulnerabilitiesurl:https://www.cnvd.org.cn/patchinfo/show/44907

Trust: 0.6

sources: CNVD: CNVD-2014-02387

EXTERNAL IDS

db:BIDid:66707

Trust: 1.5

db:EXPLOITDBid:32743

Trust: 0.6

db:EXPLOIT-DBid:32743

Trust: 0.6

db:OSVDBid:105583

Trust: 0.6

db:CNVDid:CNVD-2014-02387

Trust: 0.6

db:CNNVDid:CNNVD-201406-142

Trust: 0.6

sources: CNVD: CNVD-2014-02387 // BID: 66707 // CNNVD: CNNVD-201406-142

REFERENCES

url:http://www.exploit-db.com/exploits/32743/

Trust: 0.6

url:http://osvdb.com/show/osvdb/105583

Trust: 0.6

url:http://www.securityfocus.com/bid/66707

Trust: 0.6

url:http://www.halon.se/products/security-router/

Trust: 0.3

sources: CNVD: CNVD-2014-02387 // BID: 66707 // CNNVD: CNNVD-201406-142

CREDITS

Juan Manuel Garcia

Trust: 0.9

sources: BID: 66707 // CNNVD: CNNVD-201406-142

SOURCES

db:CNVDid:CNVD-2014-02387
db:BIDid:66707
db:CNNVDid:CNNVD-201406-142

LAST UPDATE DATE

2022-05-17T02:08:08.410000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2014-02387date:2014-04-18T00:00:00
db:BIDid:66707date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201406-142date:2014-06-11T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2014-02387date:2014-04-17T00:00:00
db:BIDid:66707date:2014-04-07T00:00:00
db:CNNVDid:CNNVD-201406-142date:2014-04-07T00:00:00