Details of VAR-201506-0191

ID

VAR-201506-0191

CVE

CVE-2015-4587

TITLE

Alcatel-Lucent CellPipe 7130 Router Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-03916 // CNNVD: CNNVD-201506-331

DESCRIPTION

Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent CellPipe 7130 router with firmware 1.0.0.20h.HOL allows remote attackers to inject arbitrary web script or HTML via the "Custom application" field in the "port triggering" menu. Alcatel-Lucent CellPipe 7130 Router is a router product from Alcatel-Lucent, France. A cross-site scripting vulnerability exists in the Alcatel-Lucent CellPipe 7130 router. An attacker could leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could allow the attacker to steal cookie-based authentication credentials and launch other attacks. Alcatel-Lucent CellPipe 7130 Router running firmware 1.0.0.20h.HOL is vulnerable

Trust: 2.52

sources: NVD: CVE-2015-4587 // JVNDB: JVNDB-2015-003212 // CNVD: CNVD-2015-03916 // BID: 75305 // VULHUB: VHN-82548

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-03916

AFFECTED PRODUCTS

vendor:	alcatel lucent	model:	cellpipe 7130 router	scope:	eq	version:	1.0.0.20h.hol	Trust: 1.6
vendor:	alcatel lucent	model:	cellpipe 7130 rg	scope:	-	version:	-	Trust: 0.8
vendor:	alcatel lucent	model:	cellpipe 7130 rg	scope:	eq	version:	1.0.0.20h.hol	Trust: 0.8
vendor:	alcatel lucent	model:	cellpipe router with 1.0.0.20h.hol	scope:	eq	version:	7130	Trust: 0.6
vendor:	alcatel lucent	model:	cellpipe 1.0.0.20h.hol	scope:	eq	version:	7130	Trust: 0.3

sources: CNVD: CNVD-2015-03916 // BID: 75305 // JVNDB: JVNDB-2015-003212 // CNNVD: CNNVD-201506-331 // NVD: CVE-2015-4587

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4587
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4587
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-03916
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-331
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82548
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4587
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-03916
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82548
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-03916 // VULHUB: VHN-82548 // JVNDB: JVNDB-2015-003212 // CNNVD: CNNVD-201506-331 // NVD: CVE-2015-4587

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-82548 // JVNDB: JVNDB-2015-003212 // NVD: CVE-2015-4587

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-331

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201506-331

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003212

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-82548

PATCH

title:

Top Page

url:

https://www.alcatel-lucent.com/

Trust: 0.8

sources: JVNDB: JVNDB-2015-003212

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4587	Trust: 3.4
db:	PACKETSTORM	id:	132327	Trust: 3.1
db:	BID	id:	75305	Trust: 2.0
db:	JVNDB	id:	JVNDB-2015-003212	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-331	Trust: 0.7
db:	CNVD	id:	CNVD-2015-03916	Trust: 0.6
db:	VULHUB	id:	VHN-82548	Trust: 0.1

sources: CNVD: CNVD-2015-03916 // VULHUB: VHN-82548 // BID: 75305 // JVNDB: JVNDB-2015-003212 // CNNVD: CNNVD-201506-331 // NVD: CVE-2015-4587

REFERENCES

url:	http://packetstormsecurity.com/files/132327/cellpipe-7130-cross-site-scripting.html	Trust: 3.1
url:	http://www.securityfocus.com/bid/75305	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4587	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4587	Trust: 0.8
url:	http://setuprouter.com/router/alcatel-lucent/cellpipe-7130/login.htm	Trust: 0.3
url:	http://www.alcatel-lucent.com/	Trust: 0.3

sources: CNVD: CNVD-2015-03916 // VULHUB: VHN-82548 // BID: 75305 // JVNDB: JVNDB-2015-003212 // CNNVD: CNNVD-201506-331 // NVD: CVE-2015-4587

CREDITS

Dionisia Lerataki

Trust: 0.3

sources: BID: 75305

SOURCES

db:	CNVD	id:	CNVD-2015-03916
db:	VULHUB	id:	VHN-82548
db:	BID	id:	75305
db:	JVNDB	id:	JVNDB-2015-003212
db:	CNNVD	id:	CNNVD-201506-331
db:	NVD	id:	CVE-2015-4587

LAST UPDATE DATE

2025-04-13T23:41:20.931000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-03916	date:	2015-06-24T00:00:00
db:	VULHUB	id:	VHN-82548	date:	2016-12-07T00:00:00
db:	BID	id:	75305	date:	2015-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-003212	date:	2015-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201506-331	date:	2015-06-19T00:00:00
db:	NVD	id:	CVE-2015-4587	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-03916	date:	2015-06-24T00:00:00
db:	VULHUB	id:	VHN-82548	date:	2015-06-18T00:00:00
db:	BID	id:	75305	date:	2015-06-18T00:00:00
db:	JVNDB	id:	JVNDB-2015-003212	date:	2015-06-22T00:00:00
db:	CNNVD	id:	CNNVD-201506-331	date:	2015-06-19T00:00:00
db:	NVD	id:	CVE-2015-4587	date:	2015-06-18T18:59:05.130