Details of VAR-201509-0225

ID

VAR-201509-0225

CVE

CVE-2015-5992

TITLE

Phillipine Long Distance Telephone SpeedSurf 504AN and Kasda KW58293 Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2015-06099 // CNNVD: CNNVD-201509-215

DESCRIPTION

Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. The Phillipine Long Distance Telephone (PLDT) company provides internet access in the Phillippines. The SpeedSurf 504AN and Kasda KW58293 modems distributed by PLDT contain multiple vulnerabilities. The BaudTec ADSL2+ Router may also be affected. The PLDT SpeedSurf 504AN and Kasda KW58293 form2WlanSetup.cgi pages fail to adequately filter the \342\200\230ssid\342\200\231 parameter, allowing remote attackers to exploit the vulnerability to inject malicious scripts or HTML code to obtain sensitive information or hijack user sessions when malicious data is viewed. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The former is a product of the Philippine PLDT company. The latter is a product of China Hongcheng (Kasda) Digital Technology Co., Ltd. There is a cross-site scripting vulnerability in the form2WlanSetup.cgi file of PLDT SpeedSurf 504AN devices and Kasda KW58293 using GAN9.8U26-4-TX-R6B018-PH.EN firmware

Trust: 3.24

sources: NVD: CVE-2015-5992 // CERT/CC: VU#525276 // JVNDB: JVNDB-2015-004950 // CNVD: CNVD-2015-06099 // BID: 76516 // VULHUB: VHN-83953

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-06099

AFFECTED PRODUCTS

vendor:	philippine long distance telephone	model:	speedsurf 504an	scope:	eq	version:	gan9.8u26-4-tx-r6b018-hp.en	Trust: 1.6
vendor:	philippine long distance telephone	model:	kasda kw58293	scope:	eq	version:	-	Trust: 1.6
vendor:	philippine long distance telephone	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	kasda	model:	kw58293	scope:	eq	version:	none	Trust: 0.8
vendor:	kasda	model:	kw58293	scope:	eq	version:	firmware	Trust: 0.8
vendor:	philippine long distance telephone pldt	model:	speedsurf 504an	scope:	-	version:	-	Trust: 0.8
vendor:	philippine long distance telephone pldt	model:	speedsurf 504an	scope:	eq	version:	gan9.8u26-4-tx-r6b018-ph.en	Trust: 0.8
vendor:	philippine long distance telephone	model:	speedsurf 504an gan9.8u26-4-tx-r6b018-ph.en	scope:	-	version:	-	Trust: 0.6
vendor:	philippine long distance telephone	model:	kasda kw58293	scope:	-	version:	-	Trust: 0.6
vendor:	philippine long distance telephone	model:	speedsurf 504an gan9.8u26-4-tx-r6b01	scope:	-	version:	-	Trust: 0.3
vendor:	philippine long distance telephone	model:	kasda kw58293	scope:	eq	version:	0	Trust: 0.3

sources: CERT/CC: VU#525276 // CNVD: CNVD-2015-06099 // BID: 76516 // JVNDB: JVNDB-2015-004950 // CNNVD: CNNVD-201509-215 // NVD: CVE-2015-5992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-5992
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-5992
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-06099
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201509-215
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-83953
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-5992
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-06099
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-83953
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-06099 // VULHUB: VHN-83953 // JVNDB: JVNDB-2015-004950 // CNNVD: CNNVD-201509-215 // NVD: CVE-2015-5992

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-83953 // JVNDB: JVNDB-2015-004950 // NVD: CVE-2015-5992

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-215

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201509-215

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004950

PATCH

title:	KW58293	url:	http://www.kasda.cn/product_info.asp?id=232	Trust: 0.8
title:	PLDT - Philippine Long Distance Telephone Company	url:	http://www.pldt.com/	Trust: 0.8

sources: JVNDB: JVNDB-2015-004950

EXTERNAL IDS

db:	CERT/CC	id:	VU#525276	Trust: 4.2
db:	NVD	id:	CVE-2015-5992	Trust: 3.4
db:	JVN	id:	JVNVU98946427	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-004950	Trust: 0.8
db:	CNVD	id:	CNVD-2015-06099	Trust: 0.6
db:	CNNVD	id:	CNNVD-201509-215	Trust: 0.6
db:	BID	id:	76516	Trust: 0.4
db:	VULHUB	id:	VHN-83953	Trust: 0.1

sources: CERT/CC: VU#525276 // CNVD: CNVD-2015-06099 // VULHUB: VHN-83953 // BID: 76516 // JVNDB: JVNDB-2015-004950 // CNNVD: CNNVD-201509-215 // NVD: CVE-2015-5992

REFERENCES

url:	http://www.kb.cert.org/vuls/id/525276	Trust: 3.4
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5992	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu98946427/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5992	Trust: 0.8
url:	http://www.pldt.com/	Trust: 0.3

sources: CERT/CC: VU#525276 // CNVD: CNVD-2015-06099 // VULHUB: VHN-83953 // BID: 76516 // JVNDB: JVNDB-2015-004950 // CNNVD: CNNVD-201509-215 // NVD: CVE-2015-5992

CREDITS

Eskie Cirrus James Maquilang

Trust: 0.3

sources: BID: 76516

SOURCES

db:	CERT/CC	id:	VU#525276
db:	CNVD	id:	CNVD-2015-06099
db:	VULHUB	id:	VHN-83953
db:	BID	id:	76516
db:	JVNDB	id:	JVNDB-2015-004950
db:	CNNVD	id:	CNNVD-201509-215
db:	NVD	id:	CVE-2015-5992

LAST UPDATE DATE

2025-04-12T23:14:18.064000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#525276	date:	2016-04-17T00:00:00
db:	CNVD	id:	CNVD-2015-06099	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83953	date:	2015-09-22T00:00:00
db:	BID	id:	76516	date:	2015-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-004950	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-215	date:	2015-09-22T00:00:00
db:	NVD	id:	CVE-2015-5992	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#525276	date:	2015-08-31T00:00:00
db:	CNVD	id:	CNVD-2015-06099	date:	2015-09-22T00:00:00
db:	VULHUB	id:	VHN-83953	date:	2015-09-21T00:00:00
db:	BID	id:	76516	date:	2015-08-31T00:00:00
db:	JVNDB	id:	JVNDB-2015-004950	date:	2015-09-30T00:00:00
db:	CNNVD	id:	CNNVD-201509-215	date:	2015-08-31T00:00:00
db:	NVD	id:	CVE-2015-5992	date:	2015-09-21T10:59:07.663