Sign-up

ID

VAR-202002-0565


CVE

CVE-2013-3067


TITLE

Linksys WRT310N Cross-site scripting vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2013-007204

DESCRIPTION

Linksys WRT310Nv2 2.0.0.1 is vulnerable to XSS. Linksys WRT310N Exists in a cross-site scripting vulnerability.Information may be obtained and tampered with. The Linksys WRT310N is a wireless router device. A cross-site scripting vulnerability exists in the Linksys WRT310N router that allows remote attackers to exploit malicious HTML or script code to gain sensitive information or hijack user sessions. The Cisco Linksys WRT310N Router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks

Trust: 2.43

sources: NVD: CVE-2013-3067 // JVNDB: JVNDB-2013-007204 // CNVD: CNVD-2013-04039 // BID: 59447

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-04039

AFFECTED PRODUCTS

vendor:linksysmodel:wrt310nscope:eqversion:2.0.0.1

Trust: 1.6

vendor:cisco linksysmodel:wrt310nscope:eqversion:2.0.0.1

Trust: 0.8

vendor:ciscomodel:linksys wrt310nscope:eqversion:2.0.0.1

Trust: 0.3

sources: CNVD: CNVD-2013-04039 // BID: 59447 // JVNDB: JVNDB-2013-007204 // NVD: CVE-2013-3067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-3067
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2013-007204
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2013-04039
value: LOW

Trust: 0.6

CNNVD: CNNVD-201304-537
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2013-3067
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2013-007204
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-04039
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:P/I:N/A:N
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2013-3067
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.1

Trust: 1.0

NVD: JVNDB-2013-007204
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2013-04039 // JVNDB: JVNDB-2013-007204 // CNNVD: CNNVD-201304-537 // NVD: CVE-2013-3067

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2013-007204 // NVD: CVE-2013-3067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201304-537

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201304-537

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-007204

PATCH
title:Top Pageurl:https://www.linksys.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-007204

EXTERNAL IDS
db:NVDid:CVE-2013-3067
Trust: 3.3
db:JVNDBid:JVNDB-2013-007204
Trust: 0.8
db:CNVDid:CNVD-2013-04039
Trust: 0.6
db:CNNVDid:CNNVD-201304-537
Trust: 0.6
db:BIDid:59447
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04039 // 
            
            
            
            BID: 59447 // 
            
            
            
            JVNDB: JVNDB-2013-007204 // 
            
            
            
            CNNVD: CNNVD-201304-537 // 
            
            
            
            NVD: CVE-2013-3067

REFERENCES
url:https://www.ise.io/research/studies-and-papers/linksys_wrt310v2/
Trust: 2.4
url:http://securityevaluators.com/knowledge/case_studies/routers/vulnerability_catalog.pdf
Trust: 1.6
url:http://securityevaluators.com/knowledge/case_studies/routers/linksys_wrt310v2.php
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2013-3067
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3067
Trust: 0.8
url:http://news.cnet.com/8301-1009_3-57579981-83/top-wi-fi-routers-easy-to-hack-says-study/
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/soho_router_hacks.jsp
Trust: 0.6
url:http://securityevaluators.com/content/case-studies/routers/linksys_wrt310v2.jsp
Trust: 0.6
url:http://support.linksys.com/en-us/support/routers/wrt310n
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-04039 // 
            
            
            
            BID: 59447 // 
            
            
            
            JVNDB: JVNDB-2013-007204 // 
            
            
            
            CNNVD: CNNVD-201304-537 // 
            
            
            
            NVD: CVE-2013-3067

CREDITS
Independent Security Evaluators,Jacob Holcomb
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201304-537

SOURCES
db:CNVDid:CNVD-2013-04039
db:BIDid:59447
db:JVNDBid:JVNDB-2013-007204
db:CNNVDid:CNNVD-201304-537
db:NVDid:CVE-2013-3067

LAST UPDATE DATE
2024-08-14T15:17:44.004000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-04039date:2013-05-27T00:00:00
db:BIDid:59447date:2013-04-23T00:00:00
db:JVNDBid:JVNDB-2013-007204date:2020-02-26T00:00:00
db:CNNVDid:CNNVD-201304-537date:2020-02-12T00:00:00
db:NVDid:CVE-2013-3067date:2020-02-10T16:17:31.377

SOURCES RELEASE DATE
db:CNVDid:CNVD-2013-04039date:2013-04-24T00:00:00
db:BIDid:59447date:2013-04-23T00:00:00
db:JVNDBid:JVNDB-2013-007204date:2020-02-26T00:00:00
db:CNNVDid:CNNVD-201304-537date:2013-04-25T00:00:00
db:NVDid:CVE-2013-3067date:2020-02-07T19:15:09.910