Sign-up

ID

VAR-201511-0428


TITLE

Belkin N150 Wireless Home Router Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 78292 // CNNVD: CNNVD-201512-425

DESCRIPTION

Belkin N150 Wireless Home is a wireless router product from Belkin. There are multiple security holes in Belkin N150 Wireless Home Router: 1. HTML injection vulnerability 2. Session hijacking vulnerability 3. Insecure default password vulnerability 4. Cross-site request forgery vulnerability. Attackers can use these vulnerabilities to bypass security restrictions and authentication mechanisms, perform unauthorized operations and brute force attacks, and gain access to sensitive information. An HTML-Injection Vulnerability 2. A session-hijacking Vulnerability 3. This may lead to further attacks

Trust: 2.97

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301 // CNNVD: CNNVD-201512-425 // BID: 78292

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 2.4

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301

AFFECTED PRODUCTS

vendor:belkinmodel:n150 wireless home routerscope: - version: -

Trust: 2.4

vendor:belkinmodel:n150 wireless routerscope:eqversion:1.0.9

Trust: 0.3

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301 // BID: 78292

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2015-08303
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-08302
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-08304
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-08301
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2015-08303
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-08302
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-08304
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2015-08301
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-425

TYPE

Unknown

Trust: 0.3

sources: BID: 78292

EXTERNAL IDS

db:BIDid:78292

Trust: 3.3

db:CNVDid:CNVD-2015-08303

Trust: 0.6

db:CNVDid:CNVD-2015-08302

Trust: 0.6

db:CNVDid:CNVD-2015-08304

Trust: 0.6

db:CNVDid:CNVD-2015-08301

Trust: 0.6

db:CNNVDid:CNNVD-201512-425

Trust: 0.6

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301 // BID: 78292 // CNNVD: CNNVD-201512-425

REFERENCES

url:http://www.securityfocus.com/bid/78292

Trust: 3.0

url:http://www.belkin.com

Trust: 0.3

url:https://0x62626262.wordpress.com/2015/11/30/belkin-n150-router-multiple-vulnerabilities/

Trust: 0.3

url:http://seclists.org/bugtraq/2015/nov/142

Trust: 0.3

sources: CNVD: CNVD-2015-08303 // CNVD: CNVD-2015-08302 // CNVD: CNVD-2015-08304 // CNVD: CNVD-2015-08301 // BID: 78292 // CNNVD: CNNVD-201512-425

CREDITS

Rahul Pratap Singh

Trust: 0.9

sources: BID: 78292 // CNNVD: CNNVD-201512-425

SOURCES

db:CNVDid:CNVD-2015-08303
db:CNVDid:CNVD-2015-08302
db:CNVDid:CNVD-2015-08304
db:CNVDid:CNVD-2015-08301
db:BIDid:78292
db:CNNVDid:CNNVD-201512-425

LAST UPDATE DATE

2022-05-17T02:07:08.018000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2015-08303date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08302date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08304date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08301date:2015-12-18T00:00:00
db:BIDid:78292date:2015-11-30T00:00:00
db:CNNVDid:CNNVD-201512-425date:2015-12-15T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2015-08303date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08302date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08304date:2015-12-18T00:00:00
db:CNVDid:CNVD-2015-08301date:2015-12-17T00:00:00
db:BIDid:78292date:2015-11-30T00:00:00
db:CNNVDid:CNNVD-201512-425date:2015-11-30T00:00:00