Details of VAR-201911-1481

ID

VAR-201911-1481

CVE

CVE-2013-3097

TITLE

Verizon FIOS Actiontec MI424WR-GEN3I Router cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2013-006931

DESCRIPTION

Unspecified Cross-site scripting (XSS) vulnerability in the Verizon FIOS Actiontec MI424WR-GEN3I router. Verizon Fios Actiontec model MI424WR-GEN3I router has a cross-site scripting vulnerability that allows remote attackers to exploit vulnerabilities to build malicious URIs, entice users to parse, obtain sensitive information or hijack user sessions. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2013-3097 // JVNDB: JVNDB-2013-006931 // CNVD: CNVD-2013-04058 // BID: 59479

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2013-04058

AFFECTED PRODUCTS

vendor:	actiontec	model:	mi424wr-gen3i	scope:	eq	version:	-	Trust: 1.0
vendor:	verizon	model:	fios actiontec mi424wr-gen3i	scope:	-	version:	-	Trust: 0.8
vendor:	verizon	model:	fios actiontec model mi424wr-gen3i router	scope:	eq	version:	40.19.36	Trust: 0.6

sources: CNVD: CNVD-2013-04058 // JVNDB: JVNDB-2013-006931 // NVD: CVE-2013-3097

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-3097
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-3097
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2013-04058
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-201304-550
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2013-3097
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2013-04058
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2013-3097
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.1
Trust: 1.0
NVD:	CVE-2013-3097
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2013-04058 // JVNDB: JVNDB-2013-006931 // CNNVD: CNNVD-201304-550 // NVD: CVE-2013-3097

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-006931 // NVD: CVE-2013-3097

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-550

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-550

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-006931

PATCH

title:

Top Page

url:

https://www.verizonwireless.com/

Trust: 0.8

sources: JVNDB: JVNDB-2013-006931

EXTERNAL IDS

db:	NVD	id:	CVE-2013-3097	Trust: 3.3
db:	BID	id:	59479	Trust: 1.9
db:	JVNDB	id:	JVNDB-2013-006931	Trust: 0.8
db:	CNVD	id:	CNVD-2013-04058	Trust: 0.6
db:	CNNVD	id:	CNNVD-201304-550	Trust: 0.6

sources: CNVD: CNVD-2013-04058 // BID: 59479 // JVNDB: JVNDB-2013-006931 // CNNVD: CNNVD-201304-550 // NVD: CVE-2013-3097

REFERENCES

url:	https://www.ise.io/casestudies/exploiting-soho-routers/	Trust: 2.4
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/83785	Trust: 1.6
url:	https://www.ise.io/soho_service_hacks/	Trust: 1.6
url:	http://www.securityfocus.com/bid/59479	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2013-3097	Trust: 1.4
url:	http://securityevaluators.com/content/case-studies/routers/actiontec.jsp	Trust: 0.9
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3097	Trust: 0.8
url:	http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/	Trust: 0.6
url:	http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp	Trust: 0.6
url:	http://www.actiontec.com/products/product.php?pid=189#.uuee-dekxn8	Trust: 0.3

sources: CNVD: CNVD-2013-04058 // BID: 59479 // JVNDB: JVNDB-2013-006931 // CNNVD: CNNVD-201304-550 // NVD: CVE-2013-3097

CREDITS

Jacob Holcomb of Independent Security Evaluators

Trust: 0.9

sources: BID: 59479 // CNNVD: CNNVD-201304-550

SOURCES

db:	CNVD	id:	CNVD-2013-04058
db:	BID	id:	59479
db:	JVNDB	id:	JVNDB-2013-006931
db:	CNNVD	id:	CNNVD-201304-550
db:	NVD	id:	CVE-2013-3097

LAST UPDATE DATE

2024-08-14T14:38:41.709000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04058	date:	2013-04-24T00:00:00
db:	BID	id:	59479	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006931	date:	2019-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-550	date:	2019-11-19T00:00:00
db:	NVD	id:	CVE-2013-3097	date:	2019-11-18T14:41:51.550

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2013-04058	date:	2013-04-24T00:00:00
db:	BID	id:	59479	date:	2013-04-25T00:00:00
db:	JVNDB	id:	JVNDB-2013-006931	date:	2019-11-22T00:00:00
db:	CNNVD	id:	CNNVD-201304-550	date:	2013-04-27T00:00:00
db:	NVD	id:	CVE-2013-3097	date:	2019-11-13T22:15:11.240