Details of VAR-201603-0378

ID

VAR-201603-0378

TITLE

Thomson TWG850 has multiple vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2016-05260

DESCRIPTION

Thomson TWG850 is a router product from Thomson Reuters. Thomson TWG850 has 1. HTML injection vulnerability 2. Authentication bypass vulnerability 3. Cross-site request forgery vulnerability. Attackers can use these vulnerabilities to steal cookie-based authentication, execute arbitrary code in the context of the affected application, bypass security restrictions, perform unauthorized operations, and may cause denial of service

Trust: 1.08

sources: CNVD: CNVD-2016-05260 // CNNVD: CNNVD-201607-637

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-05260

AFFECTED PRODUCTS

vendor:

thomson

model:

reuters twg850

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-05260

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-05260
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-05260
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-05260

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-637

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201607-637

PATCH

title:

ThomsonTWG850 has multiple vulnerabilities

url:

https://www.cnvd.org.cn/patchinfo/show/79534

Trust: 0.6

sources: CNVD: CNVD-2016-05260

EXTERNAL IDS

db:	BID	id:	84282	Trust: 1.2
db:	CNVD	id:	CNVD-2016-05260	Trust: 0.6
db:	CNNVD	id:	CNNVD-201607-637	Trust: 0.6

sources: CNVD: CNVD-2016-05260 // CNNVD: CNNVD-201607-637

REFERENCES

url:

http://www.securityfocus.com/bid/84282

Trust: 1.2

sources: CNVD: CNVD-2016-05260 // CNNVD: CNNVD-201607-637

CREDITS

Sebastian Perez.

Trust: 0.6

sources: CNNVD: CNNVD-201607-637

SOURCES

db:	CNVD	id:	CNVD-2016-05260
db:	CNNVD	id:	CNNVD-201607-637

LAST UPDATE DATE

2022-05-17T01:45:18.955000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05260	date:	2016-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201607-637	date:	2016-07-21T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05260	date:	2016-07-25T00:00:00
db:	CNNVD	id:	CNNVD-201607-637	date:	2016-03-09T00:00:00