ID
VAR-201512-0516
CVE
CVE-2015-7793
TITLE
CG-WLBARAGM may behave as an open proxy
Trust: 0.8
sources:
JVNDB: JVNDB-2015-000202
DESCRIPTION
Corega CG-WLBARAGM devices provide an open proxy service, which allows remote attackers to trigger outbound network traffic via unspecified vectors. CG-WLBARAGM provided by Corega Inc is a wireless LAN router. CG-WLBARAGM contains an issue where it may behave as an open proxy. Akihiro Nakajima of NTT Communications reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.The device may be leveraged as a proxy server to conduct cyber attacks. CoregaCG-WLBARAGM has a denial of service vulnerability. A remote attacker may exploit this condition in order to launch attacks against local and public services in the context of the site that is hosting the vulnerable script
Trust: 2.52
sources:
NVD: CVE-2015-7793 //
JVNDB: JVNDB-2015-000202 //
CNVD: CNVD-2015-08530 //
BID: 79702 //
VULHUB: VHN-85754
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-08530
AFFECTED PRODUCTS
| vendor: | corega | model: | cg-wlbaragm | scope: | - | version: | - | Trust: 2.0 |
| vendor: | corega | model: | cg-wlbaragm | scope: | eq | version: | * | Trust: 1.0 |
| vendor: | corega | model: | inc cg-wlbaragm | scope: | eq | version: | 0 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-08530 //
BID: 79702 //
JVNDB: JVNDB-2015-000202 //
CNNVD: CNNVD-201512-703 //
NVD: CVE-2015-7793
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
CNVD: CNVD-2015-08530 //
VULHUB: VHN-85754 //
JVNDB: JVNDB-2015-000202 //
CNNVD: CNNVD-201512-703 //
NVD: CVE-2015-7793
PROBLEMTYPE DATA
| problemtype: | CWE-17 | Trust: 1.1 |
| problemtype: | CWE-264 | Trust: 0.8 |
sources:
VULHUB: VHN-85754 //
JVNDB: JVNDB-2015-000202 //
NVD: CVE-2015-7793
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201512-703
TYPE
code injection
Trust: 0.6
sources:
CNNVD: CNNVD-201512-703
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-000202
PATCH
| title: | About the issue that may behave as an open proxy | url: | http://corega.jp/support/security/20151224_wlbaragm.htm | Trust: 0.8 |
| title: | Corega CG-WLBARAGM devices denial of service vulnerability patch | url: | https://www.cnvd.org.cn/patchInfo/show/69285 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-08530 //
JVNDB: JVNDB-2015-000202
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-7793 | Trust: 3.4 |
| db: | JVN | id: | JVN50775659 | Trust: 2.8 |
| db: | JVNDB | id: | JVNDB-2015-000202 | Trust: 2.5 |
| db: | CNNVD | id: | CNNVD-201512-703 | Trust: 0.7 |
| db: | JVNDB | id: | JVNDB-2015-000201 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2015-08530 | Trust: 0.6 |
| db: | BID | id: | 79702 | Trust: 0.4 |
| db: | VULHUB | id: | VHN-85754 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-08530 //
VULHUB: VHN-85754 //
BID: 79702 //
JVNDB: JVNDB-2015-000202 //
CNNVD: CNNVD-201512-703 //
NVD: CVE-2015-7793
REFERENCES
| url: | http://jvn.jp/en/jp/jvn50775659/index.html | Trust: 2.8 |
| url: | http://corega.jp/support/security/20151224_wlbaragm.htm | Trust: 2.0 |
| url: | http://jvndb.jvn.jp/jvndb/jvndb-2015-000202 | Trust: 1.7 |
| url: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7793 | Trust: 0.8 |
| url: | https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7793 | Trust: 0.8 |
| url: | http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000201.html | Trust: 0.6 |
sources:
CNVD: CNVD-2015-08530 //
VULHUB: VHN-85754 //
BID: 79702 //
JVNDB: JVNDB-2015-000202 //
CNNVD: CNNVD-201512-703 //
NVD: CVE-2015-7793
CREDITS
Akihiro Nakajima of NTT Communications
Trust: 0.3
sources:
BID: 79702
SOURCES
| db: | CNVD | id: | CNVD-2015-08530 |
| db: | VULHUB | id: | VHN-85754 |
| db: | BID | id: | 79702 |
| db: | JVNDB | id: | JVNDB-2015-000202 |
| db: | CNNVD | id: | CNNVD-201512-703 |
| db: | NVD | id: | CVE-2015-7793 |
LAST UPDATE DATE
2025-04-13T23:21:13.842000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-08530 | date: | 2015-12-31T00:00:00 |
| db: | VULHUB | id: | VHN-85754 | date: | 2015-12-30T00:00:00 |
| db: | BID | id: | 79702 | date: | 2015-12-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-000202 | date: | 2016-01-07T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-703 | date: | 2015-12-31T00:00:00 |
| db: | NVD | id: | CVE-2015-7793 | date: | 2025-04-12T10:46:40.837 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-08530 | date: | 2015-12-31T00:00:00 |
| db: | VULHUB | id: | VHN-85754 | date: | 2015-12-30T00:00:00 |
| db: | BID | id: | 79702 | date: | 2015-12-12T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-000202 | date: | 2015-12-25T00:00:00 |
| db: | CNNVD | id: | CNNVD-201512-703 | date: | 2015-12-31T00:00:00 |
| db: | NVD | id: | CVE-2015-7793 | date: | 2015-12-30T05:59:12.690 |