Details of VAR-201810-1609

ID

VAR-201810-1609

TITLE

Viprinet VPN Hub Router Cross-Site Scripting Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2018-21468

DESCRIPTION

ViprinetVPNHubRouter is a multi-channel VPN router product from ViprinetEurope, Germany. ViprinetVPNHubRouter has a cross-site scripting vulnerability that stems from the lack of input validation and output escaping mechanisms on the CLI interface. By exploiting this vulnerability, an attacker can obtain sensitive information (for example, a private key) or modify the SSL certificate fingerprint of a remote router used in a VPN tunnel.

Trust: 0.6

sources: CNVD: CNVD-2018-21468

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-21468

AFFECTED PRODUCTS

vendor:

viprinet

model:

europe vpn hub router

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2018-21468

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2018-21468
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2018-21468
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2018-21468

EXTERNAL IDS

db:

CNVD

id:

CNVD-2018-21468

Trust: 0.6

sources: CNVD: CNVD-2018-21468

REFERENCES

url:

https://seclists.org/fulldisclosure/2018/oct/41

Trust: 0.6

sources: CNVD: CNVD-2018-21468

SOURCES

db:

CNVD

id:

CNVD-2018-21468

LAST UPDATE DATE

2022-05-04T10:22:13.542000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2018-21468

date:

2018-10-23T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2018-21468

date:

2018-10-23T00:00:00