Sign-up

ID

VAR-201409-0055


CVE

CVE-2013-3092


TITLE

Belkin N300 Wi-Fi N Router Vulnerabilities that bypass authentication

Trust: 0.8

sources: JVNDB: JVNDB-2013-006656

DESCRIPTION

The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header. Belkin N900 And N300 are prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in launching further attacks. Belkin N300 (F7D7301v1) Router is a broadband wireless router product of Belkin Company of the United States. There is a security vulnerability in the Belkin N300 (F7D7301v1) Router. The vulnerability is caused by the program not correctly verifying the HTTP Authorization header

Trust: 1.98

sources: NVD: CVE-2013-3092 // JVNDB: JVNDB-2013-006656 // BID: 59499 // VULHUB: VHN-63094

AFFECTED PRODUCTS

vendor:belkinmodel:n300scope:eqversion:1.00.06

Trust: 2.4

vendor:belkinmodel:n300scope:eqversion: -

Trust: 1.0

vendor:belkinmodel:n300 wi-fi n routerscope:eqversion:(f7d7301v1)

Trust: 0.8

vendor:belkinmodel:n900 f9k1104v1scope:eqversion:1.0.23

Trust: 0.3

vendor:belkinmodel:n300 f7d7301v1scope:eqversion:1.00.06

Trust: 0.3

sources: BID: 59499 // JVNDB: JVNDB-2013-006656 // CNNVD: CNNVD-201304-588 // NVD: CVE-2013-3092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3092
value: HIGH

Trust: 1.0

NVD: CVE-2013-3092
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201304-588
value: HIGH

Trust: 0.6

VULHUB: VHN-63094
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2013-3092
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2013-3092
severity: MEDIUM
baseScore: 6.8
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-63094
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-63094 // JVNDB: JVNDB-2013-006656 // CNNVD: CNNVD-201304-588 // NVD: CVE-2013-3092

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-63094 // JVNDB: JVNDB-2013-006656 // NVD: CVE-2013-3092

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201304-588

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201304-588

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006656

PATCH
title:N300 Wi-Fi N Routerurl:http://www.belkin.com/us/support-product?pid=01t80000002wBTUAA2
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-006656

EXTERNAL IDS
db:NVDid:CVE-2013-3092
Trust: 2.8
db:BIDid:59499
Trust: 1.0
db:JVNDBid:JVNDB-2013-006656
Trust: 0.8
db:CNNVDid:CNNVD-201304-588
Trust: 0.7
db:VULHUBid:VHN-63094
Trust: 0.1
sources:
            
            
            VULHUB: VHN-63094 // 
            
            
            
            BID: 59499 // 
            
            
            
            JVNDB: JVNDB-2013-006656 // 
            
            
            
            CNNVD: CNNVD-201304-588 // 
            
            
            
            NVD: CVE-2013-3092

REFERENCES
url:http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php
Trust: 2.5
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3092
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3092
Trust: 0.8
url:http://www.securityfocus.com/bid/59499
Trust: 0.6
url:http://www.belkin.com/index.asp
Trust: 0.3
url:http://securityevaluators.com/content/case-studies/routers/belkin_n900.jsp
Trust: 0.3
sources:
            
            
            VULHUB: VHN-63094 // 
            
            
            
            BID: 59499 // 
            
            
            
            JVNDB: JVNDB-2013-006656 // 
            
            
            
            CNNVD: CNNVD-201304-588 // 
            
            
            
            NVD: CVE-2013-3092

CREDITS
Jacob Holcomb
Trust: 0.9
sources:
            
            
            BID: 59499 // 
            
            
            
            CNNVD: CNNVD-201304-588

SOURCES
db:VULHUBid:VHN-63094
db:BIDid:59499
db:JVNDBid:JVNDB-2013-006656
db:CNNVDid:CNNVD-201304-588
db:NVDid:CVE-2013-3092

LAST UPDATE DATE
2025-04-13T23:04:50.411000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-63094date:2014-10-01T00:00:00
db:BIDid:59499date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-006656date:2014-10-02T00:00:00
db:CNNVDid:CNNVD-201304-588date:2014-10-08T00:00:00
db:NVDid:CVE-2013-3092date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-63094date:2014-09-29T00:00:00
db:BIDid:59499date:2013-04-25T00:00:00
db:JVNDBid:JVNDB-2013-006656date:2014-10-02T00:00:00
db:CNNVDid:CNNVD-201304-588date:2013-04-27T00:00:00
db:NVDid:CVE-2013-3092date:2014-09-29T22:55:08.473