Sign-up

ID

VAR-201608-0498


TITLE

NETRUN VPN Internet Behavior Management Router SQL Injection Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2016-05899

DESCRIPTION

NetRun is currently the domestic network terminal equipment and application provider. NetRun products cover Internet access, secure VPN (virtual private network), online behavior management, community broadband access, professional traffic control, and billing management system. There is a SQL injection vulnerability in the NETRUNVPN Internet Behavior Management Router. Due to the lack of filtering of the uname parameter, an attacker can exploit the vulnerability to obtain system database information.

Trust: 0.6

sources: CNVD: CNVD-2016-05899

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-05899

AFFECTED PRODUCTS

vendor:net runmodel:vpn internet behavior management routerscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2016-05899

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD: CNVD-2016-05899
value: HIGH

Trust: 0.6

CNVD: CNVD-2016-05899
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2016-05899

EXTERNAL IDS

db:WOOYUNid:WOOYUN-2016-0207135

Trust: 0.6

db:CNVDid:CNVD-2016-05899

Trust: 0.6

sources: CNVD: CNVD-2016-05899

REFERENCES

url:http://www.wooyun.org/bugs/wooyun-2016-0207135

Trust: 0.6

sources: CNVD: CNVD-2016-05899

SOURCES

db:CNVDid:CNVD-2016-05899

LAST UPDATE DATE

2022-05-17T01:50:58.618000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2016-05899date:2016-08-03T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2016-05899date:2016-08-03T00:00:00