Details of VAR-201409-0053

ID

VAR-201409-0053

CVE

CVE-2013-3086

TITLE

Belkin Advance N900 Dual-Band Wireless Router of util_system.html Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-006654

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports. The Belkin N900 Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device. Belkin N900 Router is a wireless router product of Belkin Company in the United States

Trust: 2.07

sources: NVD: CVE-2013-3086 // JVNDB: JVNDB-2013-006654 // BID: 59478 // VULHUB: VHN-63088 // VULMON: CVE-2013-3086

AFFECTED PRODUCTS

vendor:	belkin	model:	n900	scope:	eq	version:	1.00.23	Trust: 2.4
vendor:	belkin	model:	n900	scope:	eq	version:	-	Trust: 1.0
vendor:	belkin	model:	advance n900 dual-band wireless router	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2013-006654 // CNNVD: CNNVD-201304-551 // NVD: CVE-2013-3086

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3086
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3086
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201304-551
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63088
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2013-3086
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3086
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-63088
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-63088 // VULMON: CVE-2013-3086 // JVNDB: JVNDB-2013-006654 // CNNVD: CNNVD-201304-551 // NVD: CVE-2013-3086

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63088 // JVNDB: JVNDB-2013-006654 // NVD: CVE-2013-3086

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-551

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201304-551

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006654

PATCH

title:

Advance N900 Dual-Band Wireless Router

url:

http://www.belkin.com/us/support-product?pid=01t80000002wBUHAA2

Trust: 0.8

sources: JVNDB: JVNDB-2013-006654

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3086	Trust: 2.9
db:	BID	id:	59478	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-006654	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-551	Trust: 0.7
db:	VULHUB	id:	VHN-63088	Trust: 0.1
db:	VULMON	id:	CVE-2013-3086	Trust: 0.1

sources: VULHUB: VHN-63088 // VULMON: CVE-2013-3086 // BID: 59478 // JVNDB: JVNDB-2013-006654 // CNNVD: CNNVD-201304-551 // NVD: CVE-2013-3086

REFERENCES

url:	http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Trust: 2.6
url:	http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf	Trust: 1.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3086	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3086	Trust: 0.8
url:	http://www.securityfocus.com/bid/59478	Trust: 0.6
url:	http://www.belkin.com/index.asp	Trust: 0.3
url:	http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/352.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-63088 // VULMON: CVE-2013-3086 // BID: 59478 // JVNDB: JVNDB-2013-006654 // CNNVD: CNNVD-201304-551 // NVD: CVE-2013-3086

CREDITS

Jacob Holcomb, Independent Security Evaluators

Trust: 0.9

sources: BID: 59478 // CNNVD: CNNVD-201304-551

SOURCES

db:	VULHUB	id:	VHN-63088
db:	VULMON	id:	CVE-2013-3086
db:	BID	id:	59478
db:	JVNDB	id:	JVNDB-2013-006654
db:	CNNVD	id:	CNNVD-201304-551
db:	NVD	id:	CVE-2013-3086

LAST UPDATE DATE

2025-04-13T23:22:32.761000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-63088	date:	2014-10-01T00:00:00
db:	VULMON	id:	CVE-2013-3086	date:	2014-10-01T00:00:00
db:	BID	id:	59478	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006654	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201304-551	date:	2014-10-08T00:00:00
db:	NVD	id:	CVE-2013-3086	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-63088	date:	2014-09-29T00:00:00
db:	VULMON	id:	CVE-2013-3086	date:	2014-09-29T00:00:00
db:	BID	id:	59478	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006654	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201304-551	date:	2013-04-27T00:00:00
db:	NVD	id:	CVE-2013-3086	date:	2014-09-29T22:55:08.377