Details of VAR-201409-0059

ID

VAR-201409-0059

CVE

CVE-2013-3068

TITLE

Linksys WRT310N of apply.cgi Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2013-006657

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in apply.cgi in Linksys WRT310Nv2 2.0.0.1 allows remote attackers to hijack the authentication of administrators for requests that change passwords and modify remote management ports. The Linksys WRT310N is a wireless router device. The Cisco Linksys WRT310N Router is prone to a cross-site request-forgery vulnerability. Attackers can exploit this issue to perform certain administrative actions and gain unauthorized access to the affected device

Trust: 2.52

sources: NVD: CVE-2013-3068 // JVNDB: JVNDB-2013-006657 // CNVD: CNVD-2013-04040 // BID: 59444 // VULHUB: VHN-63070

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04040

AFFECTED PRODUCTS

vendor:	cisco	model:	linksys wrt310n router	scope:	eq	version:	2.0.0.1	Trust: 1.6
vendor:	cisco	model:	linksys wrt350n	scope:	eq	version:	2.0	Trust: 1.0
vendor:	cisco linksys	model:	wrt310n	scope:	eq	version:	v2	Trust: 0.8
vendor:	cisco linksys	model:	wrt310n	scope:	eq	version:	2.0.0.1	Trust: 0.8
vendor:	linksys	model:	wrt310n	scope:	eq	version:	2.0.0.1	Trust: 0.6
vendor:	cisco	model:	linksys wrt310n	scope:	eq	version:	2.0.0.1	Trust: 0.3

sources: CNVD: CNVD-2013-04040 // BID: 59444 // JVNDB: JVNDB-2013-006657 // CNNVD: CNNVD-201304-539 // NVD: CVE-2013-3068

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3068
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3068
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04040
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201304-539
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-63070
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-3068
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04040
severity:	LOW
baseScore:	2.7
vectorString:	AV:A/AC:L/AU:S/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	5.1
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-63070
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2013-04040 // VULHUB: VHN-63070 // JVNDB: JVNDB-2013-006657 // CNNVD: CNNVD-201304-539 // NVD: CVE-2013-3068

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-63070 // JVNDB: JVNDB-2013-006657 // NVD: CVE-2013-3068

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-539

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201304-539

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006657

PATCH

title:

Wireless-N Gigabit Router (WRT310N)

url:

http://support.linksys.com/en-us/support/routers/WRT310N

Trust: 0.8

sources: JVNDB: JVNDB-2013-006657

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3068	Trust: 3.4
db:	BID	id:	59444	Trust: 1.0
db:	JVNDB	id:	JVNDB-2013-006657	Trust: 0.8
db:	CNNVD	id:	CNNVD-201304-539	Trust: 0.7
db:	CNVD	id:	CNVD-2013-04040	Trust: 0.6
db:	VULHUB	id:	VHN-63070	Trust: 0.1

sources: CNVD: CNVD-2013-04040 // VULHUB: VHN-63070 // BID: 59444 // JVNDB: JVNDB-2013-006657 // CNNVD: CNNVD-201304-539 // NVD: CVE-2013-3068

REFERENCES

url:	http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php	Trust: 2.5
url:	http://securityevaluators.com/knowledge/case_studies/routers/soho_router_hacks.php	Trust: 2.5
url:	http://securityevaluators.com/content/case-studies/routers/linksys_wrt310v2.jsp	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3068	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3068	Trust: 0.8
url:	http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/	Trust: 0.6
url:	http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp	Trust: 0.6
url:	http://www.securityfocus.com/bid/59444	Trust: 0.6
url:	http://support.linksys.com/en-us/support/routers/wrt310n	Trust: 0.3

sources: CNVD: CNVD-2013-04040 // VULHUB: VHN-63070 // BID: 59444 // JVNDB: JVNDB-2013-006657 // CNNVD: CNNVD-201304-539 // NVD: CVE-2013-3068

CREDITS

Jacob Holcomb, Independent Security Evaluators

Trust: 0.9

sources: BID: 59444 // CNNVD: CNNVD-201304-539

SOURCES

db:	CNVD	id:	CNVD-2013-04040
db:	VULHUB	id:	VHN-63070
db:	BID	id:	59444
db:	JVNDB	id:	JVNDB-2013-006657
db:	CNNVD	id:	CNNVD-201304-539
db:	NVD	id:	CVE-2013-3068

LAST UPDATE DATE

2025-04-13T23:26:49.179000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04040	date:	2013-05-27T00:00:00
db:	VULHUB	id:	VHN-63070	date:	2014-10-01T00:00:00
db:	BID	id:	59444	date:	2013-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-006657	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201304-539	date:	2014-10-08T00:00:00
db:	NVD	id:	CVE-2013-3068	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04040	date:	2013-04-24T00:00:00
db:	VULHUB	id:	VHN-63070	date:	2014-09-29T00:00:00
db:	BID	id:	59444	date:	2013-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2013-006657	date:	2014-10-02T00:00:00
db:	CNNVD	id:	CNNVD-201304-539	date:	2013-04-25T00:00:00
db:	NVD	id:	CVE-2013-3068	date:	2014-09-29T22:55:08.283