Details of VAR-201512-0088

ID

VAR-201512-0088

CVE

CVE-2015-7278

TITLE

Amped Wireless R10000 router contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#763576

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. A cross-site request forgery vulnerability exists in AmpedWirelessR10000deviceswithfirmware2.5.2.11. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 3.24

sources: NVD: CVE-2015-7278 // CERT/CC: VU#763576 // JVNDB: JVNDB-2015-006585 // CNVD: CNVD-2016-00145 // BID: 78818 // VULHUB: VHN-85239

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00145

AFFECTED PRODUCTS

vendor:	ampedwireless	model:	r10000	scope:	eq	version:	2.5.2.11	Trust: 1.6
vendor:	amped	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	amped	model:	wireless r10000	scope:	-	version:	-	Trust: 0.8
vendor:	amped	model:	wireless r10000	scope:	eq	version:	2.5.2.11	Trust: 0.8
vendor:	amped	model:	wireless r10000 devices with	scope:	eq	version:	2.5.2.11	Trust: 0.6

sources: CERT/CC: VU#763576 // CNVD: CNVD-2016-00145 // JVNDB: JVNDB-2015-006585 // CNNVD: CNNVD-201512-317 // NVD: CVE-2015-7278

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7278
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-7278
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00145
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-317
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85239
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7278
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-00145
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85239
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7278
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0

sources: CNVD: CNVD-2016-00145 // VULHUB: VHN-85239 // JVNDB: JVNDB-2015-006585 // CNNVD: CNNVD-201512-317 // NVD: CVE-2015-7278

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-85239 // JVNDB: JVNDB-2015-006585 // NVD: CVE-2015-7278

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-317

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201512-317

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006585

PATCH

title:

High Power Wireless-N 600mW Smart Router R10000

url:

http://www.ampedwireless.com/products/r10000.html

Trust: 0.8

sources: JVNDB: JVNDB-2015-006585

EXTERNAL IDS

db:	CERT/CC	id:	VU#763576	Trust: 3.9
db:	NVD	id:	CVE-2015-7278	Trust: 3.4
db:	BID	id:	78818	Trust: 2.0
db:	JVN	id:	JVNVU99863047	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-006585	Trust: 0.8
db:	CNNVD	id:	CNNVD-201512-317	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00145	Trust: 0.6
db:	VULHUB	id:	VHN-85239	Trust: 0.1

sources: CERT/CC: VU#763576 // CNVD: CNVD-2016-00145 // VULHUB: VHN-85239 // BID: 78818 // JVNDB: JVNDB-2015-006585 // CNNVD: CNNVD-201512-317 // NVD: CVE-2015-7278

REFERENCES

url:	https://www.kb.cert.org/vuls/id/763576	Trust: 3.1
url:	http://www.securityfocus.com/bid/78818	Trust: 1.7
url:	about vulnerability notes	Trust: 0.8
url:	contact us about this vulnerability	Trust: 0.8
url:	provide a vendor statement	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7278	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu99863047/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7278	Trust: 0.8

sources: CERT/CC: VU#763576 // CNVD: CNVD-2016-00145 // VULHUB: VHN-85239 // JVNDB: JVNDB-2015-006585 // CNNVD: CNNVD-201512-317 // NVD: CVE-2015-7278

CREDITS

Joel Land of the CERT/CC

Trust: 0.9

sources: BID: 78818 // CNNVD: CNNVD-201512-317

SOURCES

db:	CERT/CC	id:	VU#763576
db:	CNVD	id:	CNVD-2016-00145
db:	VULHUB	id:	VHN-85239
db:	BID	id:	78818
db:	JVNDB	id:	JVNDB-2015-006585
db:	CNNVD	id:	CNNVD-201512-317
db:	NVD	id:	CVE-2015-7278

LAST UPDATE DATE

2025-04-13T23:03:36.695000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#763576	date:	2015-12-10T00:00:00
db:	CNVD	id:	CNVD-2016-00145	date:	2016-01-12T00:00:00
db:	VULHUB	id:	VHN-85239	date:	2016-11-28T00:00:00
db:	BID	id:	78818	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006585	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201512-317	date:	2016-01-04T00:00:00
db:	NVD	id:	CVE-2015-7278	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#763576	date:	2015-12-10T00:00:00
db:	CNVD	id:	CNVD-2016-00145	date:	2016-01-12T00:00:00
db:	VULHUB	id:	VHN-85239	date:	2015-12-31T00:00:00
db:	BID	id:	78818	date:	2015-12-10T00:00:00
db:	JVNDB	id:	JVNDB-2015-006585	date:	2016-01-05T00:00:00
db:	CNNVD	id:	CNNVD-201512-317	date:	2015-12-11T00:00:00
db:	NVD	id:	CVE-2015-7278	date:	2015-12-31T05:59:20.400