Details of VAR-201704-0068

ID

VAR-201704-0068

CVE

CVE-2016-10313

TITLE

plural Jensen of Scandinavia AS Air:Link Device cross-site request forgery vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-008245

DESCRIPTION

Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to conduct CSRF attacks via certain /goform/* pages. Jensen of Scandinavia AS Air:Link 3G (AL3G) , Air:Link 5000AC (AL5000AC) and Air:Link 59300 (AL59300) The device contains a cross-site request forgery vulnerability.By a remote attacker /goform/* A cross-site request forgery attack may be performed via the page. Air: Link3G, Air: Link5000AC, Air: Link59300 is the router of the Norwegian Jensenof Scandinavia company. Allows remote attackers to build malicious URIs, entice users to resolve, and perform malicious actions in the context of the target user. are all routers of Jensen of Scandinavia AS in Norway. Several Jensen of Scandinavia AS Air:Link products have security vulnerabilities. 3); Air: Link 5000AC (AL5000AC) prior to 1.13; Air: Link 59300 (AL59300) 1.04 (Rev

Trust: 2.25

sources: NVD: CVE-2016-10313 // JVNDB: JVNDB-2016-008245 // CNVD: CNVD-2017-05303 // VULHUB: VHN-89077

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2017-05303

AFFECTED PRODUCTS

vendor:	jensenofscandinavia	model:	al59300	scope:	eq	version:	1.04	Trust: 1.6
vendor:	jensenofscandinavia	model:	al5000ac	scope:	eq	version:	1.13	Trust: 1.6
vendor:	jensenofscandinavia	model:	al3g	scope:	eq	version:	2.23m	Trust: 1.6
vendor:	jensen of scandinavia as	model:	air:link 3g	scope:	eq	version:	2.23m (rev.3)	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 5000ac	scope:	eq	version:	1.13	Trust: 0.8
vendor:	jensen of scandinavia as	model:	air:link 59300	scope:	eq	version:	1.04 (rev.4)	Trust: 0.8
vendor:	jensen	model:	of scandinavia air:link 3g 2.23m (rev.	scope:	eq	version:	3)	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link 5000ac	scope:	eq	version:	1.13	Trust: 0.6
vendor:	jensen	model:	of scandinavia air:link (rev.	scope:	eq	version:	593001.044)	Trust: 0.6

sources: CNVD: CNVD-2017-05303 // JVNDB: JVNDB-2016-008245 // NVD: CVE-2016-10313 // CNNVD: CNNVD-201704-175

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD:	CVE-2016-10313
value:	HIGH
Trust: 1.8
CNVD:	CNVD-2017-05303
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201704-175
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-89077
value:	MEDIUM
Trust: 0.1

NVD:
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	FALSE
obtainAllPrivilege:	FALSE
obtainUserPrivilege:	FALSE
obtainOtherPrivilege:	FALSE
userInteractionRequired:	TRUE
version:	2.0
Trust: 1.0
NVD:	CVE-2016-10313
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2017-05303
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-89077
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

NVD:
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.0
NVD:	CVE-2016-10313
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2017-05303 // VULHUB: VHN-89077 // JVNDB: JVNDB-2016-008245 // NVD: CVE-2016-10313 // CNNVD: CNNVD-201704-175

PROBLEMTYPE DATA

problemtype:

CWE-352

Trust: 1.9

sources: VULHUB: VHN-89077 // JVNDB: JVNDB-2016-008245 // NVD: CVE-2016-10313

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201704-175

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201704-175

CONFIGURATIONS

sources: NVD: CVE-2016-10313

PATCH

title:	Top Page	url:	http://www.jensenofscandinavia.com	Trust: 0.8
title:	Multiple JensenofScandinaviaAir: Link Cross-site Request Forgery Vulnerability Patch	url:	https://www.cnvd.org.cn/patchinfo/show/92428	Trust: 0.6

sources: CNVD: CNVD-2017-05303 // JVNDB: JVNDB-2016-008245

EXTERNAL IDS

db:	NVD	id:	CVE-2016-10313	Trust: 3.1
db:	JVNDB	id:	JVNDB-2016-008245	Trust: 0.8
db:	CNNVD	id:	CNNVD-201704-175	Trust: 0.7
db:	CNVD	id:	CNVD-2017-05303	Trust: 0.6
db:	VULHUB	id:	VHN-89077	Trust: 0.1

sources: CNVD: CNVD-2017-05303 // VULHUB: VHN-89077 // JVNDB: JVNDB-2016-008245 // NVD: CVE-2016-10313 // CNNVD: CNNVD-201704-175

REFERENCES

url:	https://www.riskbasedsecurity.com/research/rbs-2016-004.pdf	Trust: 3.1
url:	https://nvd.nist.gov/vuln/detail/cve-2016-10313	Trust: 1.4
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-10313	Trust: 0.8

sources: CNVD: CNVD-2017-05303 // VULHUB: VHN-89077 // JVNDB: JVNDB-2016-008245 // NVD: CVE-2016-10313 // CNNVD: CNNVD-201704-175

SOURCES

db:	CNVD	id:	CNVD-2017-05303
db:	VULHUB	id:	VHN-89077
db:	JVNDB	id:	JVNDB-2016-008245
db:	NVD	id:	CVE-2016-10313
db:	CNNVD	id:	CNNVD-201704-175

LAST UPDATE DATE

2023-12-18T12:04:21.880000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2017-05303	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-89077	date:	2017-04-10T00:00:00
db:	JVNDB	id:	JVNDB-2016-008245	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2016-10313	date:	2017-04-10T22:40:21.327
db:	CNNVD	id:	CNNVD-201704-175	date:	2017-04-07T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2017-05303	date:	2017-04-25T00:00:00
db:	VULHUB	id:	VHN-89077	date:	2017-04-03T00:00:00
db:	JVNDB	id:	JVNDB-2016-008245	date:	2017-05-08T00:00:00
db:	NVD	id:	CVE-2016-10313	date:	2017-04-03T05:59:00.580
db:	CNNVD	id:	CNNVD-201704-175	date:	2017-04-07T00:00:00