Details of VAR-201410-1447

ID

VAR-201410-1447

TITLE

Multiple vulnerabilities in Draytek Vigor 2130 Router

Trust: 0.6

sources: CNVD: CNVD-2014-06681

DESCRIPTION

Draytek Vigor 2130 Router is a wireless router product with firewall function from DrayTek. Code injection vulnerabilities and cross-site request forgery vulnerabilities exist in Draytek Vigor 2130 routers with firmware versions prior to 1.5.4.9. Attackers can use these vulnerabilities to bypass security restrictions, gain system access and sensitive information, perform unauthorized administrator operations, and steal cookie-based authentication certificates. Draytek Vigor 2130 router is prone to the following security vulnerabilities: 1. A command-injection vulnerability 2. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-06681 // CNNVD: CNNVD-201410-1249 // BID: 70260

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06681

AFFECTED PRODUCTS

vendor:	draytek	model:	corp vigor running	scope:	eq	version:	21301.5.4.9	Trust: 0.6
vendor:	draytek	model:	vigor	scope:	eq	version:	21301.5.4.9	Trust: 0.3

sources: CNVD: CNVD-2014-06681 // BID: 70260

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-06681
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-06681
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-06681

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1249

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201410-1249

EXTERNAL IDS

db:	BID	id:	70260	Trust: 1.5
db:	CNVD	id:	CNVD-2014-06681	Trust: 0.6
db:	CNNVD	id:	CNNVD-201410-1249	Trust: 0.6

sources: CNVD: CNVD-2014-06681 // BID: 70260 // CNNVD: CNNVD-201410-1249

REFERENCES

url:	http://www.securityfocus.com/archive/1/533626	Trust: 0.6
url:	http://www.securityfocus.com/bid/70260	Trust: 0.6
url:	http://seclists.org/bugtraq/2014/oct/35	Trust: 0.3
url:	http://www.draytek.co.uk/products/soho/vigor-2130n	Trust: 0.3

sources: CNVD: CNVD-2014-06681 // BID: 70260 // CNNVD: CNNVD-201410-1249

CREDITS

Erik-Paul Dittmer

Trust: 0.9

sources: BID: 70260 // CNNVD: CNNVD-201410-1249

SOURCES

db:	CNVD	id:	CNVD-2014-06681
db:	BID	id:	70260
db:	CNNVD	id:	CNNVD-201410-1249

LAST UPDATE DATE

2022-05-17T01:57:47.962000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06681	date:	2014-10-14T00:00:00
db:	BID	id:	70260	date:	2014-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201410-1249	date:	2014-10-24T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06681	date:	2014-10-13T00:00:00
db:	BID	id:	70260	date:	2014-10-06T00:00:00
db:	CNNVD	id:	CNNVD-201410-1249	date:	2014-10-24T00:00:00