Details of VAR-201412-0663

ID

VAR-201412-0663

TITLE

Multiple vulnerabilities in Prolink PRN2001 Router

Trust: 0.6

sources: CNVD: CNVD-2014-08743

DESCRIPTION

The Prolink PRN2001 Router is a router device. The Prolink PRN2001 Router has multiple security vulnerabilities, allowing attackers to create administrator privileges, upgrade device firmware, upload and download configuration files, enhance privileges, and obtain sensitive information. Fida International Prolink PRN2001 is a wireless router product from Singapore Fida International. There is a security vulnerability in Fida International Prolink PRN2001 Router. An attacker could use this vulnerability to execute arbitrary HTML or JavaScript code in the context of the affected site, steal cookie-based authentication or control the way the site is presented to the user, crash the application, bypass security restrictions, and gain access to sensitive information . Vulnerabilities exist in the PRN2001 Router using version 1.2 firmware, other versions may also be affected. Other attacks are also possible

Trust: 1.35

sources: CNVD: CNVD-2014-08743 // CNNVD: CNNVD-201412-071 // BID: 71427

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-08743

AFFECTED PRODUCTS

vendor:	prolink	model:	prn2001 router	scope:	-	version:	-	Trust: 0.6
vendor:	prolink	model:	prn2001	scope:	eq	version:	1.2	Trust: 0.3

sources: CNVD: CNVD-2014-08743 // BID: 71427

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-08743
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-08743
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-08743

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201412-071

TYPE

Unknown

Trust: 0.3

sources: BID: 71427

EXTERNAL IDS

db:	BID	id:	71427	Trust: 1.5
db:	EXPLOIT-DB	id:	35419	Trust: 0.6
db:	EXPLOITDB	id:	35419	Trust: 0.6
db:	CNVD	id:	CNVD-2014-08743	Trust: 0.6
db:	CNNVD	id:	CNNVD-201412-071	Trust: 0.6

sources: CNVD: CNVD-2014-08743 // BID: 71427 // CNNVD: CNNVD-201412-071

REFERENCES

url:	http://www.securityfocus.com/bid/71427	Trust: 1.2
url:	http://www.exploit-db.com/exploits/35419/	Trust: 0.6
url:	http://www.prolink2u.com/new/products/index.php?cid=375	Trust: 0.3

sources: CNVD: CNVD-2014-08743 // BID: 71427 // CNNVD: CNNVD-201412-071

CREDITS

Herman Groeneveld

Trust: 0.9

sources: BID: 71427 // CNNVD: CNNVD-201412-071

SOURCES

db:	CNVD	id:	CNVD-2014-08743
db:	BID	id:	71427
db:	CNNVD	id:	CNNVD-201412-071

LAST UPDATE DATE

2022-05-17T01:47:58.334000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-08743	date:	2014-12-05T00:00:00
db:	BID	id:	71427	date:	2014-12-01T00:00:00
db:	CNNVD	id:	CNNVD-201412-071	date:	2014-12-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-08743	date:	2014-12-05T00:00:00
db:	BID	id:	71427	date:	2014-12-01T00:00:00
db:	CNNVD	id:	CNNVD-201412-071	date:	2014-12-04T00:00:00