Sign-up

ID

VAR-201706-0086


CVE

CVE-2016-7809


TITLE

CG-WLR300NX vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2016-000217

DESCRIPTION

Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors. CG-WLR300NX provided by Corega Inc is a wireless LAN router. Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in, unintended operations may be performed. Corega CG-WLR300NX is prone to following security vulnerabilities: 1. A security bypass vulnerability 2. A cross-site request forgery vulnerability An attacker may exploit these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, steal cookie-based authentication credentials, bypass security restrictions or perform unauthorized actions. Other attacks may also be possible. Corega CG-WLR300NX 1.20 and prior are vulnerable. A remote attacker could exploit this vulnerability to perform unauthorized operations

Trust: 1.98

sources: NVD: CVE-2016-7809 // JVNDB: JVNDB-2016-000217 // BID: 94248 // VULHUB: VHN-96629

AFFECTED PRODUCTS

vendor:coregamodel:cg-wlr300nxscope:lteversion:1.20

Trust: 1.0

vendor:coregamodel:cg-wlr300nxscope:lteversion:ver. 1.20

Trust: 0.8

vendor:coregamodel:cg-wlr300nxscope:eqversion:1.20

Trust: 0.6

vendor:coregamodel:inc cg-wlr300nxscope:eqversion:1.20

Trust: 0.3

vendor:coregamodel:inc cg-wlr300nxscope:eqversion:1.10

Trust: 0.3

vendor:coregamodel:inc cg-wlr300nxscope:eqversion:1.00

Trust: 0.3

vendor:coregamodel:inc cg-wlr300nxscope:neversion:1.30

Trust: 0.3

sources: BID: 94248 // JVNDB: JVNDB-2016-000217 // CNNVD: CNNVD-201611-362 // NVD: CVE-2016-7809

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2016-7809
value: HIGH

Trust: 1.0

IPA: JVNDB-2016-000217
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201611-362
value: MEDIUM

Trust: 0.6

VULHUB: VHN-96629
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2016-7809
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2016-000217
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-96629
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2016-7809
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.0

IPA: JVNDB-2016-000217
baseSeverity: HIGH
baseScore: 7.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-96629 // JVNDB: JVNDB-2016-000217 // CNNVD: CNNVD-201611-362 // NVD: CVE-2016-7809

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-96629 // JVNDB: JVNDB-2016-000217 // NVD: CVE-2016-7809

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-362

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201611-362

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-000217

PATCH
title:About Multiple Vulnerabilities of CG-WLR300NXurl:http://corega.jp/support/security/20161111_wlr300nx.htm
Trust: 0.8
title:Corega CG-WLR300NX Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65721
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2016-000217 // 
            
            
            
            CNNVD: CNNVD-201611-362

EXTERNAL IDS
db:JVNid:JVN23823838
Trust: 2.8
db:NVDid:CVE-2016-7809
Trust: 2.8
db:BIDid:94248
Trust: 2.0
db:JVNDBid:JVNDB-2016-000217
Trust: 0.8
db:CNNVDid:CNNVD-201611-362
Trust: 0.7
db:JVNid:JVN23549283
Trust: 0.3
db:JVNid:JVN92237169
Trust: 0.3
db:VULHUBid:VHN-96629
Trust: 0.1
sources:
            
            
            VULHUB: VHN-96629 // 
            
            
            
            BID: 94248 // 
            
            
            
            JVNDB: JVNDB-2016-000217 // 
            
            
            
            CNNVD: CNNVD-201611-362 // 
            
            
            
            NVD: CVE-2016-7809

REFERENCES
url:https://jvn.jp/en/jp/jvn23823838/index.html
Trust: 2.5
url:http://www.securityfocus.com/bid/94248
Trust: 1.7
url:http://corega.jp/support/security/20161111_wlr300nx.htm
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-7809
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2016-7809
Trust: 0.8
url:http://corega.jp/support/security/20151224_wlbaragm.htm
Trust: 0.3
url:http://corega.jp/support/security/20161111_wlr300nx.htm 
Trust: 0.3
url:http://jvn.jp/en/jp/jvn23549283/index.htmls
Trust: 0.3
url:http://jvn.jp/en/jp/jvn23823838/index.html 
Trust: 0.3
url:http://jvn.jp/en/jp/jvn92237169/index.html 
Trust: 0.3
sources:
            
            
            VULHUB: VHN-96629 // 
            
            
            
            BID: 94248 // 
            
            
            
            JVNDB: JVNDB-2016-000217 // 
            
            
            
            CNNVD: CNNVD-201611-362 // 
            
            
            
            NVD: CVE-2016-7809

CREDITS
Satoshi Ogawa of Mitsui Bussan Secure Directions, Inc.
Trust: 0.9
sources:
            
            
            BID: 94248 // 
            
            
            
            CNNVD: CNNVD-201611-362

SOURCES
db:VULHUBid:VHN-96629
db:BIDid:94248
db:JVNDBid:JVNDB-2016-000217
db:CNNVDid:CNNVD-201611-362
db:NVDid:CVE-2016-7809

LAST UPDATE DATE
2025-04-20T23:25:01.741000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-96629date:2017-06-16T00:00:00
db:BIDid:94248date:2016-11-24T01:09:00
db:JVNDBid:JVNDB-2016-000217date:2018-01-17T00:00:00
db:CNNVDid:CNNVD-201611-362date:2017-06-12T00:00:00
db:NVDid:CVE-2016-7809date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-96629date:2017-06-09T00:00:00
db:BIDid:94248date:2016-11-10T00:00:00
db:JVNDBid:JVNDB-2016-000217date:2016-11-11T00:00:00
db:CNNVDid:CNNVD-201611-362date:2016-11-17T00:00:00
db:NVDid:CVE-2016-7809date:2017-06-09T16:29:00.580