Details of VAR-201606-0515

ID

VAR-201606-0515

TITLE

ASUS DSL-N55U Router Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-05078

DESCRIPTION

ASUS DSL-N55U is a dual-band wireless router product from ASUS. Cross-site scripting vulnerabilities and information disclosure vulnerabilities exist in ASUS DSL-N55U Router 3.0.0.4.376_2736. These vulnerabilities originate from programs that do not properly filter input submitted by users. When a user browses an affected website, their browser executes arbitrary script code provided by the attacker. This could lead to attackers stealing cookie-based authentication and gaining sensitive information. ASUS DSL-N55U 3.0.0.4.376_2736 is vulnerable

Trust: 1.89

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077 // CNNVD: CNNVD-201607-521 // BID: 91417

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077

AFFECTED PRODUCTS

vendor:

asus

model:

dsl-n55u router 3.0.0.4.376 2736

scope:

version:

Trust: 1.2

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-05078
value:	MEDIUM
Trust: 0.6
CNVD:	CNVD-2016-05077
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2016-05078
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
CNVD:	CNVD-2016-05077
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-521

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 91417

PATCH

title:	ASUSDSL-N55URouter information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchinfo/show/79438	Trust: 0.6
title:	Patch for ASUSDSL-N55URouter Cross-Site Scripting Vulnerability	url:	https://www.cnvd.org.cn/patchinfo/show/79440	Trust: 0.6

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077

EXTERNAL IDS

db:	BID	id:	91417	Trust: 2.1
db:	CNVD	id:	CNVD-2016-05078	Trust: 0.6
db:	CNVD	id:	CNVD-2016-05077	Trust: 0.6
db:	CNNVD	id:	CNNVD-201607-521	Trust: 0.6

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077 // BID: 91417 // CNNVD: CNNVD-201607-521

REFERENCES

url:	http://www.securityfocus.com/bid/91417	Trust: 1.8
url:	http://www.asus.com/	Trust: 0.3

sources: CNVD: CNVD-2016-05078 // CNVD: CNVD-2016-05077 // BID: 91417 // CNNVD: CNNVD-201607-521

CREDITS

P. Morimoto (Office Bangkok) SEC Consult Vulnerability Lab

Trust: 0.9

sources: BID: 91417 // CNNVD: CNNVD-201607-521

SOURCES

db:	CNVD	id:	CNVD-2016-05078
db:	CNVD	id:	CNVD-2016-05077
db:	BID	id:	91417
db:	CNNVD	id:	CNNVD-201607-521

LAST UPDATE DATE

2022-05-17T01:47:55.927000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-05078	date:	2016-07-21T00:00:00
db:	CNVD	id:	CNVD-2016-05077	date:	2016-07-21T00:00:00
db:	BID	id:	91417	date:	2016-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201607-521	date:	2016-07-19T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-05078	date:	2016-07-21T00:00:00
db:	CNVD	id:	CNVD-2016-05077	date:	2016-07-21T00:00:00
db:	BID	id:	91417	date:	2016-06-24T00:00:00
db:	CNNVD	id:	CNNVD-201607-521	date:	2016-06-24T00:00:00