Details of VAR-201512-0513

ID

VAR-201512-0513

CVE

CVE-2015-7790

TITLE

ASUS Japan WL-330NUL Device Cross-Site Scripting Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2016-00018 // CNNVD: CNNVD-201512-702

DESCRIPTION

Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. ASUS WL-330NUL router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.52

sources: NVD: CVE-2015-7790 // JVNDB: JVNDB-2015-000195 // CNVD: CNVD-2016-00018 // BID: 79730 // VULHUB: VHN-85751

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-00018

AFFECTED PRODUCTS

vendor:	asus	model:	wl-330nul	scope:	lte	version:	3.0.0.41	Trust: 1.0
vendor:	asus	model:	wl-330nul	scope:	eq	version:	3.0.0.41	Trust: 0.9
vendor:	asus	model:	wl-330nul	scope:	eq	version:	firmware prior to 3.0.0.42	Trust: 0.8
vendor:	asus	model:	wl-330nul	scope:	lt	version:	3.0.0.42	Trust: 0.6
vendor:	asus	model:	wl-330nul	scope:	ne	version:	3.0.0.42	Trust: 0.3

sources: CNVD: CNVD-2016-00018 // BID: 79730 // JVNDB: JVNDB-2015-000195 // CNNVD: CNNVD-201512-702 // NVD: CVE-2015-7790

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-7790
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2015-000195
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2016-00018
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201512-702
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-85751
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-7790
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2015-000195
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-00018
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-85751
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-7790
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0
IPA:	JVNDB-2015-000195
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2016-00018 // VULHUB: VHN-85751 // JVNDB: JVNDB-2015-000195 // CNNVD: CNNVD-201512-702 // NVD: CVE-2015-7790

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-85751 // JVNDB: JVNDB-2015-000195 // NVD: CVE-2015-7790

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-702

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201512-702

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-000195

PATCH

title:	Released firmware updates for vulnerabilities on ASUS WL-330NUL Wireless-N Pocket Router	url:	http://www.asus.com/jp/News/FX04LE8HN0qBoqFI	Trust: 0.8
title:	Patch for ASUSJapan WL-330NUL device cross-site scripting vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/69418	Trust: 0.6
title:	ASUS Japan WL-330NUL Fixes for device cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59393	Trust: 0.6

sources: CNVD: CNVD-2016-00018 // JVNDB: JVNDB-2015-000195 // CNNVD: CNNVD-201512-702

EXTERNAL IDS

db:	JVN	id:	JVN89965717	Trust: 3.4
db:	NVD	id:	CVE-2015-7790	Trust: 3.4
db:	JVNDB	id:	JVNDB-2015-000195	Trust: 2.5
db:	CNNVD	id:	CNNVD-201512-702	Trust: 0.7
db:	CNVD	id:	CNVD-2016-00018	Trust: 0.6
db:	BID	id:	79730	Trust: 0.4
db:	VULHUB	id:	VHN-85751	Trust: 0.1

sources: CNVD: CNVD-2016-00018 // VULHUB: VHN-85751 // BID: 79730 // JVNDB: JVNDB-2015-000195 // CNNVD: CNNVD-201512-702 // NVD: CVE-2015-7790

REFERENCES

url:	http://jvn.jp/en/jp/jvn89965717/index.html	Trust: 2.6
url:	http://www.asus.com/jp/news/fx04le8hn0qboqfi	Trust: 2.0
url:	http://jvndb.jvn.jp/jvndb/jvndb-2015-000195	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7790	Trust: 0.8
url:	https://jvn.jp/jp/jvn89965717/index.html	Trust: 0.8
url:	https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7790	Trust: 0.8
url:	http://www.asus.com/	Trust: 0.3

sources: CNVD: CNVD-2016-00018 // VULHUB: VHN-85751 // BID: 79730 // JVNDB: JVNDB-2015-000195 // CNNVD: CNNVD-201512-702 // NVD: CVE-2015-7790

CREDITS

TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc.

Trust: 0.3

sources: BID: 79730

SOURCES

db:	CNVD	id:	CNVD-2016-00018
db:	VULHUB	id:	VHN-85751
db:	BID	id:	79730
db:	JVNDB	id:	JVNDB-2015-000195
db:	CNNVD	id:	CNNVD-201512-702
db:	NVD	id:	CVE-2015-7790

LAST UPDATE DATE

2025-04-13T23:21:13.806000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-00018	date:	2016-01-04T00:00:00
db:	VULHUB	id:	VHN-85751	date:	2015-12-30T00:00:00
db:	BID	id:	79730	date:	2015-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-000195	date:	2016-01-13T00:00:00
db:	CNNVD	id:	CNNVD-201512-702	date:	2015-12-31T00:00:00
db:	NVD	id:	CVE-2015-7790	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-00018	date:	2016-01-04T00:00:00
db:	VULHUB	id:	VHN-85751	date:	2015-12-30T00:00:00
db:	BID	id:	79730	date:	2015-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2015-000195	date:	2015-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201512-702	date:	2015-12-31T00:00:00
db:	NVD	id:	CVE-2015-7790	date:	2015-12-30T05:59:10.893