Details of VAR-201405-0589

ID

VAR-201405-0589

TITLE

Multiple Cross-Site Request Forgery Vulnerabilities in Binatone DT 850W Wireless Router

Trust: 0.6

sources: CNVD: CNVD-2014-03269

DESCRIPTION

The Binatone DT 850W Wireless Router has multiple cross-site request forgery vulnerabilities that allow remote attackers to build malicious URIs, entice users to resolve, and perform malicious operations in the target user context. Such as changing the WIFI password, managing passwords, etc. Binatone DT 850W wireless router is a wireless router product from India's Binatone. A cross-site request forgery vulnerability exists in the Binatone DT 850W wireless router running T6W-A1.005 and earlier firmware. A remote attacker could use this vulnerability to perform administrator actions to control the affected device. Binatone DT 850W running firmware versions T6W-A1.005 and prior are vulnerable; other versions may also be affected

Trust: 1.35

sources: CNVD: CNVD-2014-03269 // CNNVD: CNNVD-201405-537 // BID: 67541

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03269

AFFECTED PRODUCTS

vendor:

binatone telecommunication pvt

model:

dt 850w t6w-a1.005

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2014-03269

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-03269
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-03269
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:M/AU:N/C:C/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	7.8
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-03269

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-537

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201405-537

EXTERNAL IDS

db:	BID	id:	67541	Trust: 1.5
db:	OSVDB	id:	107243	Trust: 0.6
db:	EXPLOITDB	id:	33455	Trust: 0.6
db:	EXPLOIT-DB	id:	33455	Trust: 0.6
db:	CNVD	id:	CNVD-2014-03269	Trust: 0.6
db:	CNNVD	id:	CNNVD-201405-537	Trust: 0.6

sources: CNVD: CNVD-2014-03269 // BID: 67541 // CNNVD: CNNVD-201405-537

REFERENCES

url:	http://www.exploit-db.com/exploits/33455/	Trust: 0.6
url:	http://osvdb.com/show/osvdb/107243	Trust: 0.6
url:	http://www.securityfocus.com/bid/67541	Trust: 0.6

sources: CNVD: CNVD-2014-03269 // CNNVD: CNNVD-201405-537

CREDITS

Samandeep Singh

Trust: 0.9

sources: BID: 67541 // CNNVD: CNNVD-201405-537

SOURCES

db:	CNVD	id:	CNVD-2014-03269
db:	BID	id:	67541
db:	CNNVD	id:	CNNVD-201405-537

LAST UPDATE DATE

2022-05-17T01:41:20.593000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03269	date:	2014-05-27T00:00:00
db:	BID	id:	67541	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-537	date:	2014-05-30T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03269	date:	2014-05-27T00:00:00
db:	BID	id:	67541	date:	2014-05-21T00:00:00
db:	CNNVD	id:	CNNVD-201405-537	date:	2014-05-30T00:00:00