Sign-up

ID

VAR-201607-0724


TITLE

Hitron CGNV4 Router Multiple Security Vulnerabilities

Trust: 0.9

sources: BID: 92126 // CNNVD: CNNVD-201607-993

DESCRIPTION

Hitron CGNV4 is a router product of Hitron. Hitron CGNV4 Router 4.3.9.9-SIP-UPC version exists 1. Security bypass vulnerability 2. Cross-site request forgery vulnerability 3. Command injection vulnerability. Attackers can use these vulnerabilities to execute arbitrary commands, steal cookie-based authentication, obtain sensitive information, and perform unauthorized operations. Hitron CGNV4 Router is prone to multiple security vulnerabilities, including: 1. This may aid in further attacks. Hitron CGNV4, 4.3.9.9-SIP-UPC is vulnerable; other versions may also be affected

Trust: 2.43

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644 // CNNVD: CNNVD-201607-993 // BID: 92126

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 1.8

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644

AFFECTED PRODUCTS

vendor:hitronmodel:cgnv4 4.3.9.9-sip-upcscope: - version: -

Trust: 2.1

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644 // BID: 92126

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-05642
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-05643
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2016-05644
value: MEDIUM

Trust: 0.6

CNVD: CNVD-2016-05642
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-05643
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

CNVD: CNVD-2016-05644
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201607-993

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201607-993

EXTERNAL IDS

db:BIDid:92126

Trust: 2.7

db:CNVDid:CNVD-2016-05642

Trust: 0.6

db:CNVDid:CNVD-2016-05643

Trust: 0.6

db:CNVDid:CNVD-2016-05644

Trust: 0.6

db:CNNVDid:CNNVD-201607-993

Trust: 0.6

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644 // BID: 92126 // CNNVD: CNNVD-201607-993

REFERENCES

url:http://www.securityfocus.com/bid/92126

Trust: 2.4

url:http://seclists.org/bugtraq/2016/jul/89

Trust: 0.3

url:http://www.hitrontech.com

Trust: 0.3

sources: CNVD: CNVD-2016-05642 // CNVD: CNVD-2016-05643 // CNVD: CNVD-2016-05644 // BID: 92126 // CNNVD: CNNVD-201607-993

CREDITS

Gergely Eberhardt from SEARCH-LAB Ltd.

Trust: 0.9

sources: BID: 92126 // CNNVD: CNNVD-201607-993

SOURCES

db:CNVDid:CNVD-2016-05642
db:CNVDid:CNVD-2016-05643
db:CNVDid:CNVD-2016-05644
db:BIDid:92126
db:CNNVDid:CNNVD-201607-993

LAST UPDATE DATE

2022-05-17T02:04:32.499000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-05642date:2016-07-29T00:00:00
db:CNVDid:CNVD-2016-05643date:2018-03-06T00:00:00
db:CNVDid:CNVD-2016-05644date:2016-07-29T00:00:00
db:BIDid:92126date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201607-993date:2016-07-27T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-05642date:2016-07-29T00:00:00
db:CNVDid:CNVD-2016-05643date:2016-07-29T00:00:00
db:CNVDid:CNVD-2016-05644date:2016-07-29T00:00:00
db:BIDid:92126date:2016-07-20T00:00:00
db:CNNVDid:CNNVD-201607-993date:2016-07-27T00:00:00