Sign-up

ID

VAR-201512-0515


CVE

CVE-2015-7792


TITLE

CG-WLBARGS does not properly perform authentication

Trust: 0.8

sources: JVNDB: JVNDB-2015-000201

DESCRIPTION

Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. A cross-site scripting vulnerability exists in WL-330NUL. Allows an attacker to exploit this vulnerability to inject arbitrary web scripts or HTML code. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2015-7792 // JVNDB: JVNDB-2015-000201 // CNVD: CNVD-2015-08529 // BID: 79683 // VULHUB: VHN-85753

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08529

AFFECTED PRODUCTS

vendor:coregamodel:cg-wlbargsscope: - version: -

Trust: 1.4

vendor:coregamodel:cg-wlbargsscope:eqversion:*

Trust: 1.0

vendor:asusmodel:wl-330nulscope:ltversion:3.0.0.42

Trust: 0.6

sources: CNVD: CNVD-2015-08529 // JVNDB: JVNDB-2015-000201 // CNNVD: CNNVD-201512-601 // NVD: CVE-2015-7792

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7792
value: CRITICAL

Trust: 1.0

IPA: JVNDB-2015-000201
value: CRITICAL

Trust: 0.8

CNVD: CNVD-2015-08529
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201512-601
value: CRITICAL

Trust: 0.6

VULHUB: VHN-85753
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-7792
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2015-000201
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2015-08529
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-85753
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-7792
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2015-000201
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2015-08529 // VULHUB: VHN-85753 // JVNDB: JVNDB-2015-000201 // CNNVD: CNNVD-201512-601 // NVD: CVE-2015-7792

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

problemtype:CWE-DesignError

Trust: 0.8

sources: VULHUB: VHN-85753 // JVNDB: JVNDB-2015-000201 // NVD: CVE-2015-7792

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-601

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201512-601

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-000201

PATCH
title:About the authentication flawurl:http://corega.jp/support/security/20151224_wlbargs.htm
Trust: 0.8
title:Patch for WL-330NUL Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/69289
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08529 // 
            
            
            
            JVNDB: JVNDB-2015-000201

EXTERNAL IDS
db:NVDid:CVE-2015-7792
Trust: 3.4
db:JVNDBid:JVNDB-2015-000201
Trust: 2.5
db:JVNid:JVN51349622
Trust: 2.5
db:BIDid:79683
Trust: 2.0
db:CNNVDid:CNNVD-201512-601
Trust: 0.7
db:JVNDBid:JVNDB-2015-000195
Trust: 0.6
db:CNVDid:CNVD-2015-08529
Trust: 0.6
db:VULHUBid:VHN-85753
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08529 // 
            
            
            
            VULHUB: VHN-85753 // 
            
            
            
            BID: 79683 // 
            
            
            
            JVNDB: JVNDB-2015-000201 // 
            
            
            
            CNNVD: CNNVD-201512-601 // 
            
            
            
            NVD: CVE-2015-7792

REFERENCES
url:http://jvn.jp/en/jp/jvn51349622/index.html
Trust: 2.5
url:http://www.securityfocus.com/bid/79683
Trust: 1.7
url:http://corega.jp/support/security/20151224_wlbargs.htm
Trust: 1.7
url:http://jvndb.jvn.jp/jvndb/jvndb-2015-000201
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7792
Trust: 0.8
url:https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7792
Trust: 0.8
url:http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000195.html
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-08529 // 
            
            
            
            VULHUB: VHN-85753 // 
            
            
            
            JVNDB: JVNDB-2015-000201 // 
            
            
            
            CNNVD: CNNVD-201512-601 // 
            
            
            
            NVD: CVE-2015-7792

CREDITS
Kousuke Kawahira of DWANGO Co.,Ltd.
Trust: 0.9
sources:
            
            
            BID: 79683 // 
            
            
            
            CNNVD: CNNVD-201512-601

SOURCES
db:CNVDid:CNVD-2015-08529
db:VULHUBid:VHN-85753
db:BIDid:79683
db:JVNDBid:JVNDB-2015-000201
db:CNNVDid:CNNVD-201512-601
db:NVDid:CVE-2015-7792

LAST UPDATE DATE
2025-04-13T23:21:13.877000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08529date:2015-12-31T00:00:00
db:VULHUBid:VHN-85753date:2016-11-28T00:00:00
db:BIDid:79683date:2015-12-25T00:00:00
db:JVNDBid:JVNDB-2015-000201date:2016-01-07T00:00:00
db:CNNVDid:CNNVD-201512-601date:2015-12-31T00:00:00
db:NVDid:CVE-2015-7792date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08529date:2015-12-31T00:00:00
db:VULHUBid:VHN-85753date:2015-12-30T00:00:00
db:BIDid:79683date:2015-12-25T00:00:00
db:JVNDBid:JVNDB-2015-000201date:2015-12-25T00:00:00
db:CNNVDid:CNNVD-201512-601date:2015-12-28T00:00:00
db:NVDid:CVE-2015-7792date:2015-12-30T05:59:11.767