Details of VAR-201506-0178

ID

VAR-201506-0178

CVE

CVE-2015-4679

TITLE

Airties RT-210 of Web Interface cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-003223

DESCRIPTION

Multiple cross-site scripting (XSS) vulnerabilities in the web interface in Airties RT-210 allow remote attackers to inject arbitrary web script or HTML via the (1) ddns_domainame or (2) ddns_account parameter to ddns.stm. Airties RT-210 is a Turkish router product. User session. Airties RT-210 is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The vulnerability stems from the fact that the ddns.stm file does not adequately filter the 'ddns_domainname' and 'ddns_account' parameters

Trust: 2.52

sources: NVD: CVE-2015-4679 // JVNDB: JVNDB-2015-003223 // CNVD: CNVD-2015-03992 // BID: 75342 // VULHUB: VHN-82640

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03992

AFFECTED PRODUCTS

vendor:	airties	model:	rt-210	scope:	-	version:	-	Trust: 2.2
vendor:	airties	model:	rt-210	scope:	eq	version:	*	Trust: 1.0
vendor:	airties	model:	rt210	scope:	-	version:	-	Trust: 0.6
vendor:	airties	model:	rt-210	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2015-03992 // BID: 75342 // JVNDB: JVNDB-2015-003223 // CNNVD: CNNVD-201506-346 // NVD: CVE-2015-4679

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4679
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4679
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03992
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-346
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82640
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4679
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03992
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82640
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03992 // VULHUB: VHN-82640 // JVNDB: JVNDB-2015-003223 // CNNVD: CNNVD-201506-346 // NVD: CVE-2015-4679

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-82640 // JVNDB: JVNDB-2015-003223 // NVD: CVE-2015-4679

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-346

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-346

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003223

PATCH

title:

Top Page

url:

http://www.airties.com/

Trust: 0.8

sources: JVNDB: JVNDB-2015-003223

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4679	Trust: 3.4
db:	PACKETSTORM	id:	132178	Trust: 3.1
db:	BID	id:	75342	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-003223	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-346	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03992	Trust: 0.6
db:	VULHUB	id:	VHN-82640	Trust: 0.1

sources: CNVD: CNVD-2015-03992 // VULHUB: VHN-82640 // BID: 75342 // JVNDB: JVNDB-2015-003223 // CNNVD: CNNVD-201506-346 // NVD: CVE-2015-4679

REFERENCES

url:	http://packetstormsecurity.com/files/132178/airties-rt210-cross-site-scripting.html	Trust: 3.1
url:	http://www.securityfocus.com/bid/75342	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4679	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4679	Trust: 0.8
url:	http://www.airties.com/products/wap	Trust: 0.3

sources: CNVD: CNVD-2015-03992 // VULHUB: VHN-82640 // BID: 75342 // JVNDB: JVNDB-2015-003223 // CNNVD: CNNVD-201506-346 // NVD: CVE-2015-4679

CREDITS

B3mB4m

Trust: 0.3

sources: BID: 75342

SOURCES

db:	CNVD	id:	CNVD-2015-03992
db:	VULHUB	id:	VHN-82640
db:	BID	id:	75342
db:	JVNDB	id:	JVNDB-2015-003223
db:	CNNVD	id:	CNNVD-201506-346
db:	NVD	id:	CVE-2015-4679

LAST UPDATE DATE

2025-04-13T23:39:38.375000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03992	date:	2015-06-25T00:00:00
db:	VULHUB	id:	VHN-82640	date:	2016-12-07T00:00:00
db:	BID	id:	75342	date:	2015-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-003223	date:	2015-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201506-346	date:	2015-06-23T00:00:00
db:	NVD	id:	CVE-2015-4679	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03992	date:	2015-06-25T00:00:00
db:	VULHUB	id:	VHN-82640	date:	2015-06-19T00:00:00
db:	BID	id:	75342	date:	2015-06-19T00:00:00
db:	JVNDB	id:	JVNDB-2015-003223	date:	2015-06-23T00:00:00
db:	CNNVD	id:	CNNVD-201506-346	date:	2015-06-23T00:00:00
db:	NVD	id:	CVE-2015-4679	date:	2015-06-19T14:59:06.973