Details of VAR-201502-0509

ID

VAR-201502-0509

TITLE

Multiple vulnerabilities in multiple D-Link and TRENDnet routers 'ncc/ncc2' Service

Trust: 0.6

sources: CNVD: CNVD-2015-01453

DESCRIPTION

D-Link DIR-820L is a dual-band cloud management wireless intelligent router from D-Link. TRENDnet TEW-731BR is a dual-band wireless router from TRENDnet. The following security vulnerabilities exist in various D-Link and RENDnet routers: 1. Local unauthorized vulnerabilities 2. Remote unauthorized vulnerabilities 3. Cross-site request forgery vulnerabilities. Attackers can use these vulnerabilities to perform unauthorized operations, gain unauthorized root permissions on the affected device, and take complete control of the affected device. The following products and versions are affected: D-Link DIR-820L (firmware version: Rev A) version 1.02B10, DIR-820L (firmware version: Rev A) version 1.05B03, DIR-820L (firmware version: Rev B) 2.01b02 Version; TRENDnet TEW-731BR (firmware version: Rev 2) version 2.01b01. Multiple D-Link and TRENDnet routers are prone to a local unauthenticated vulnerability, a remote unauthenticated vulnerability and a cross-site request-forgery vulnerability

Trust: 1.35

sources: CNVD: CNVD-2015-01453 // CNNVD: CNNVD-201507-146 // BID: 72816

IOT TAXONOMY

category:

['IoT', 'Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-01453

AFFECTED PRODUCTS

vendor:	d link	model:	dir-820l 1.02b10	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dir-820l 1.05b03	scope:	-	version:	-	Trust: 0.9
vendor:	d link	model:	dir-820l 2.01b02	scope:	-	version:	-	Trust: 0.9
vendor:	trendnet	model:	tew-731br (rev 2.01b01	scope:	eq	version:	2)	Trust: 0.9
vendor:	trendnet	model:	tew-731br (rev 2.02b01	scope:	ne	version:	2)	Trust: 0.3

sources: CNVD: CNVD-2015-01453 // BID: 72816

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2015-01453
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2015-01453
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2015-01453

THREAT TYPE

remote ※ local

Trust: 0.6

sources: CNNVD: CNNVD-201507-146

TYPE

Design Error

Trust: 0.3

sources: BID: 72816

PATCH

title:

Patches with multiple vulnerabilities for multiple D-Link and TRENDnet routers 'ncc/ncc2' Service

url:

https://www.cnvd.org.cn/patchinfo/show/55874

Trust: 0.6

sources: CNVD: CNVD-2015-01453

EXTERNAL IDS

db:	BID	id:	72816	Trust: 1.5
db:	CNVD	id:	CNVD-2015-01453	Trust: 0.6
db:	CNNVD	id:	CNNVD-201507-146	Trust: 0.6

sources: CNVD: CNVD-2015-01453 // BID: 72816 // CNNVD: CNNVD-201507-146

REFERENCES

url:	http://www.securityfocus.com/bid/72816	Trust: 1.2
url:	http://seclists.org/bugtraq/2015/feb/164	Trust: 0.3
url:	http://www.dlink.com/	Trust: 0.3
url:	http://www.trendnet.com/	Trust: 0.3

sources: CNVD: CNVD-2015-01453 // BID: 72816 // CNNVD: CNNVD-201507-146

CREDITS

Peter Adkins

Trust: 0.9

sources: BID: 72816 // CNNVD: CNNVD-201507-146

SOURCES

db:	CNVD	id:	CNVD-2015-01453
db:	BID	id:	72816
db:	CNNVD	id:	CNNVD-201507-146

LAST UPDATE DATE

2022-05-17T02:05:53.882000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-01453	date:	2015-03-05T00:00:00
db:	BID	id:	72816	date:	2015-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201507-146	date:	2015-07-06T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-01453	date:	2015-03-05T00:00:00
db:	BID	id:	72816	date:	2015-02-26T00:00:00
db:	CNNVD	id:	CNNVD-201507-146	date:	2015-02-26T00:00:00