Sign-up

ID

VAR-201706-0085


CVE

CVE-2016-7808


TITLE

Multiple Corega wireless LAN routers vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2016-000216

DESCRIPTION

Cross-site scripting vulnerability in Corega CG-WLBARGMH and CG-WLBARGNL allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Multiple Corega wireless LAN routers contain a cross-site scripting vulnerability (CWE-79). Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. CoregaCG-WLBARGMH and CG-WLBARGNL are wireless router products from Japan's Corega. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks

Trust: 2.52

sources: NVD: CVE-2016-7808 // JVNDB: JVNDB-2016-000216 // CNVD: CNVD-2016-11293 // BID: 94249 // VULHUB: VHN-96628

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-11293

AFFECTED PRODUCTS

vendor:coregamodel:cg-wlbaragmscope:eqversion: -

Trust: 1.6

vendor:coregamodel:cg-wlbargnlscope:eqversion: -

Trust: 1.6

vendor:coregamodel:cg-wlbargnlscope: - version: -

Trust: 1.4

vendor:coregamodel:cg-wlbargmhscope: - version: -

Trust: 1.4

vendor:coregamodel:inc cg-wlbargnlscope:eqversion:0

Trust: 0.3

vendor:coregamodel:inc cg-wlbargmhscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2016-11293 // BID: 94249 // JVNDB: JVNDB-2016-000216 // CNNVD: CNNVD-201611-349 // NVD: CVE-2016-7808

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7808
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2016-000216
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2016-11293
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201611-349
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96628
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7808
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000216
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2016-11293
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-96628
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7808
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000216
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2016-11293 // VULHUB: VHN-96628 // JVNDB: JVNDB-2016-000216 // CNNVD: CNNVD-201611-349 // NVD: CVE-2016-7808

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-96628 // JVNDB: JVNDB-2016-000216 // NVD: CVE-2016-7808

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-349

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201611-349

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000216

PATCH
title:About Cross-site Scripting Vulnerabilityurl:http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2016-000216

EXTERNAL IDS
db:NVDid:CVE-2016-7808
Trust: 3.4
db:JVNid:JVN25060672
Trust: 2.8
db:BIDid:94249
Trust: 2.6
db:JVNDBid:JVNDB-2016-000216
Trust: 0.8
db:CNNVDid:CNNVD-201611-349
Trust: 0.7
db:CNVDid:CNVD-2016-11293
Trust: 0.6
db:VULHUBid:VHN-96628
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-11293 // 
            
            
            
            VULHUB: VHN-96628 // 
            
            
            
            BID: 94249 // 
            
            
            
            JVNDB: JVNDB-2016-000216 // 
            
            
            
            CNNVD: CNNVD-201611-349 // 
            
            
            
            NVD: CVE-2016-7808

REFERENCES
url:https://jvn.jp/en/jp/jvn25060672/index.html
Trust: 2.8
url:http://www.securityfocus.com/bid/94249
Trust: 2.3
url:http://corega.jp/support/security/20161111_wlbargmh_wlbargnl.htm
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7808
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7808
Trust: 0.8
url:http://corega.jp/support/security/20151224_wlbaragm.htm
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2016-11293 // 
            
            
            
            VULHUB: VHN-96628 // 
            
            
            
            BID: 94249 // 
            
            
            
            JVNDB: JVNDB-2016-000216 // 
            
            
            
            CNNVD: CNNVD-201611-349 // 
            
            
            
            NVD: CVE-2016-7808

CREDITS
Yutaka Kokubu and Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. and Shuya Ueki
Trust: 0.9
sources:
            
            
            BID: 94249 // 
            
            
            
            CNNVD: CNNVD-201611-349

SOURCES
db:CNVDid:CNVD-2016-11293
db:VULHUBid:VHN-96628
db:BIDid:94249
db:JVNDBid:JVNDB-2016-000216
db:CNNVDid:CNNVD-201611-349
db:NVDid:CVE-2016-7808

LAST UPDATE DATE
2025-04-20T23:43:04.100000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-11293date:2016-11-18T00:00:00
db:VULHUBid:VHN-96628date:2017-06-15T00:00:00
db:BIDid:94249date:2016-11-24T01:09:00
db:JVNDBid:JVNDB-2016-000216date:2017-11-27T00:00:00
db:CNNVDid:CNNVD-201611-349date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7808date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-11293date:2016-11-18T00:00:00
db:VULHUBid:VHN-96628date:2017-06-09T00:00:00
db:BIDid:94249date:2016-11-11T00:00:00
db:JVNDBid:JVNDB-2016-000216date:2016-11-11T00:00:00
db:CNNVDid:CNNVD-201611-349date:2016-11-17T00:00:00
db:NVDid:CVE-2016-7808date:2017-06-09T16:29:00.547