Sign-up

ID

VAR-202002-0516


CVE

CVE-2013-2674


TITLE

Brother MFC-9970CDW firmware L Information leakage vulnerabilities in devices

Trust: 0.8

sources: JVNDB: JVNDB-2013-007165

DESCRIPTION

Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. A security vulnerability exists in the Brother MFC-9970CDW that allows remote attackers to exploit vulnerabilities to gain access to cross-domain referers. No detailed vulnerability details are currently available. Brother MFC-9970CDW Printer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ========================================= Brother MFC-9970CDW Firmware 0D Date: Jan. 13, 2013 URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html ========================================= Keywords ========================================= XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676 ========================================= Summary ========================================= A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions. ========================================= Overview ========================================= Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup. ========================================= The Bug ========================================= Reflected Cross Site Scripting, CWE-79 ========================================= Vulnerable Parameters = id , val, kind + Query String Signature = "><script>alert(1)</script> ========================================= Version Identification ========================================= Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10 Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94 ========================================= PoC ========================================= PoC URL http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script> alert(1)</script> ========================================= CVE Information ========================================= CVE-2013-2507 is specific to Firmware G. XSS at: admin/log_to_net.html id parameter fax/copy_settings.html kind parameter CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L. XSS at: admin/admin_main.html name of an arbitrarily assigned URL parameter CVE-2013-2671 is for the XSS issues that are only present in Firmware L. CVEs for Firmware L: Cleartext submission of password CVE-2013-2672 Password field with autocomplete enabled CVE-2013-2673 Cross-domain Referer leakage CVE-2013-2674 Frameable response (Clickjacking) CVE-2013-2675 Private IP addresses disclosed CVE-2013-2676 CVSS 2 Score = 4.5 Timeline Attempt contact via e-mail in January 2013. Call the Toll Free Support Line in March 2013. Callback from Vendor in April 2013. E-mail sent to Vendor in April 2013. VENDOR UNRESPONSIVE Published May 3, 2013 Hoyt LLC Research Public Domain Report http://xss.cx/ ========================================= END ========================================= -----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526 wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2013-2674 // JVNDB: JVNDB-2013-007165 // CNVD: CNVD-2013-05294 // BID: 59725 // PACKETSTORM: 121553

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-05294

AFFECTED PRODUCTS

vendor:brothermodel:mfc-9970cdwscope:eqversion:1.10

Trust: 1.0

vendor:brothermodel:mfc-9970cdw lscope:eqversion:1.10

Trust: 0.9

vendor:brother industriesmodel:mfc-9970cdwscope:eqversion:1.10

Trust: 0.8

sources: CNVD: CNVD-2013-05294 // BID: 59725 // JVNDB: JVNDB-2013-007165 // NVD: CVE-2013-2674

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-2674
value: HIGH

Trust: 1.0

NVD: JVNDB-2013-007165
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-05294
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201305-199
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2013-2674
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2013-007165
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-05294
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-2674
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2013-007165
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2013-05294 // JVNDB: JVNDB-2013-007165 // CNNVD: CNNVD-201305-199 // NVD: CVE-2013-2674

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2013-007165 // NVD: CVE-2013-2674

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-199

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201305-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-007165

PATCH
title:MFC-9970CDWurl:https://www.brother.co.jp/product/printer/laserprinter/mfc9970cdw/index.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-007165

EXTERNAL IDS
db:NVDid:CVE-2013-2674
Trust: 3.4
db:BIDid:59725
Trust: 2.5
db:PACKETSTORMid:121553
Trust: 2.5
db:JVNDBid:JVNDB-2013-007165
Trust: 0.8
db:CNVDid:CNVD-2013-05294
Trust: 0.6
db:CNNVDid:CNNVD-201305-199
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-05294 // 
            
            
            
            BID: 59725 // 
            
            
            
            JVNDB: JVNDB-2013-007165 // 
            
            
            
            PACKETSTORM: 121553 // 
            
            
            
            CNNVD: CNNVD-201305-199 // 
            
            
            
            NVD: CVE-2013-2674

REFERENCES
url:http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html
Trust: 2.4
url:https://www.securityfocus.com/bid/59725
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/84091
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2013-2674
Trust: 1.5
url:http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2674
Trust: 0.8
url:http://www.brother.com
Trust: 0.3
url:http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyoaxzdi1ch
Trust: 0.3
url:http://my.vulnerable.printer/admin/admin_main.html?id=websettings"><script>
Trust: 0.1
url:http://xss.cx/
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2507
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2671
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2670
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2676
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2672
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2675
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-2673
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2013-05294 // 
            
            
            
            BID: 59725 // 
            
            
            
            JVNDB: JVNDB-2013-007165 // 
            
            
            
            PACKETSTORM: 121553 // 
            
            
            
            CNNVD: CNNVD-201305-199 // 
            
            
            
            NVD: CVE-2013-2674

CREDITS
Hoyt LLC
Trust: 0.9
sources:
            
            
            BID: 59725 // 
            
            
            
            CNNVD: CNNVD-201305-199

SOURCES
db:CNVDid:CNVD-2013-05294
db:BIDid:59725
db:JVNDBid:JVNDB-2013-007165
db:PACKETSTORMid:121553
db:CNNVDid:CNNVD-201305-199
db:NVDid:CVE-2013-2674

LAST UPDATE DATE
2024-08-14T13:48:30.457000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-05294date:2013-05-14T00:00:00
db:BIDid:59725date:2013-05-06T00:00:00
db:JVNDBid:JVNDB-2013-007165date:2020-02-18T00:00:00
db:CNNVDid:CNNVD-201305-199date:2020-05-26T00:00:00
db:NVDid:CVE-2013-2674date:2020-02-05T20:32:11.250

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-05294date:2013-05-14T00:00:00
db:BIDid:59725date:2013-05-06T00:00:00
db:JVNDBid:JVNDB-2013-007165date:2020-02-18T00:00:00
db:PACKETSTORMid:121553date:2013-05-08T02:27:54
db:CNNVDid:CNNVD-201305-199date:2013-05-09T00:00:00
db:NVDid:CVE-2013-2674date:2020-02-03T18:15:11.023