Details of VAR-201409-0057

ID

VAR-201409-0057

CVE

CVE-2013-3065

TITLE

Linksys EA6500 Of firmware Parental Controls Section cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006647

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Parental Controls section in Linksys EA6500 with firmware 1.1.28.147876 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Blocked Specific Sites section. Linksys EA6500 is a wireless router device. Linksys EA6500 has a cross-site scripting vulnerability. Linksys EA6500 is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible

Trust: 2.52

sources: NVD: CVE-2013-3065 // JVNDB: JVNDB-2013-006647 // CNVD: CNVD-2014-06826 // BID: 70291 // VULHUB: VHN-63067

AFFECTED PRODUCTS

vendor:	linksys	model:	ea6500	scope:	eq	version:	1.1.28.147876	Trust: 1.9
vendor:	linksys	model:	ea6500	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco linksys	model:	ea6500	scope:	-	version:	-	Trust: 0.8
vendor:	cisco linksys	model:	ea6500	scope:	eq	version:	1.1.28.147876	Trust: 0.8
vendor:	cisco	model:	linksys ea6500	scope:	eq	version:	1.1.28.147876	Trust: 0.6

sources: CNVD: CNVD-2014-06826 // BID: 70291 // JVNDB: JVNDB-2013-006647 // CNNVD: CNNVD-201409-1109 // NVD: CVE-2013-3065

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3065
value:	LOW
Trust: 1.0
NVD:	CVE-2013-3065
value:	LOW
Trust: 0.8
CNVD:	CNVD-2014-06826
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201409-1109
value:	LOW
Trust: 0.6
VULHUB:	VHN-63067
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2013-3065
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-06826
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63067
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-06826 // VULHUB: VHN-63067 // JVNDB: JVNDB-2013-006647 // CNNVD: CNNVD-201409-1109 // NVD: CVE-2013-3065

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-63067 // JVNDB: JVNDB-2013-006647 // NVD: CVE-2013-3065

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201409-1109

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201409-1109

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006647

PATCH

title:

Linksys Home Networking

url:

http://www.linksys.com/en-apac/home

Trust: 0.8

sources: JVNDB: JVNDB-2013-006647

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3065	Trust: 3.4
db:	BID	id:	70291	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-006647	Trust: 0.8
db:	CNNVD	id:	CNNVD-201409-1109	Trust: 0.7
db:	CNVD	id:	CNVD-2014-06826	Trust: 0.6
db:	VULHUB	id:	VHN-63067	Trust: 0.1

sources: CNVD: CNVD-2014-06826 // VULHUB: VHN-63067 // BID: 70291 // JVNDB: JVNDB-2013-006647 // CNNVD: CNNVD-201409-1109 // NVD: CVE-2013-3065

REFERENCES

url:	http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php	Trust: 2.8
url:	http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf	Trust: 2.6
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3065	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3065	Trust: 0.8
url:	http://home.cisco.com/en-us/home	Trust: 0.3

sources: CNVD: CNVD-2014-06826 // VULHUB: VHN-63067 // BID: 70291 // JVNDB: JVNDB-2013-006647 // CNNVD: CNNVD-201409-1109 // NVD: CVE-2013-3065

CREDITS

Jacob Thompson

Trust: 0.3

sources: BID: 70291

SOURCES

db:	CNVD	id:	CNVD-2014-06826
db:	VULHUB	id:	VHN-63067
db:	BID	id:	70291
db:	JVNDB	id:	JVNDB-2013-006647
db:	CNNVD	id:	CNNVD-201409-1109
db:	NVD	id:	CVE-2013-3065

LAST UPDATE DATE

2025-04-13T23:31:37.643000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06826	date:	2014-10-16T00:00:00
db:	VULHUB	id:	VHN-63067	date:	2014-09-30T00:00:00
db:	BID	id:	70291	date:	2014-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2013-006647	date:	2014-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201409-1109	date:	2014-09-30T00:00:00
db:	NVD	id:	CVE-2013-3065	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06826	date:	2014-10-16T00:00:00
db:	VULHUB	id:	VHN-63067	date:	2014-09-29T00:00:00
db:	BID	id:	70291	date:	2014-09-29T00:00:00
db:	JVNDB	id:	JVNDB-2013-006647	date:	2014-10-01T00:00:00
db:	CNNVD	id:	CNNVD-201409-1109	date:	2014-09-30T00:00:00
db:	NVD	id:	CVE-2013-3065	date:	2014-09-29T22:55:08.190