Search criteria
17 vulnerabilities found for mfc-9970cdw by brother
VAR-201403-0046
Vulnerability from variot - Updated: 2023-12-18 12:38Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670. Brother MFC-9970CDW The printer firmware contains a cross-site scripting vulnerability. This vulnerability CVE-2013-2507 and CVE-2013-2670 Is a different vulnerability.By any third party, any Web Script or HTML May be inserted. (1) admin/admin_main.html of id Parameters (2) admin/admin_main.html of val Parameters (3) admin/profile_settings_net.html of id Parameters (4) admin/profile_settings_net.html of val Parameters (5) admin/profile_settings_net.html Any parameter name (QUERY_STRING) (6) fax/general_setup.html of kind Parameters (7) fax/general_setup.html Any parameter name (QUERY_STRING). The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. Because the program fails to properly handle user-supplied input, an attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected browser. This may allow an attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0046",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.6,
"vendor": "brother",
"version": "l\\(1.10\\)"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": null
},
{
"model": "mfc-9970cdw",
"scope": null,
"trust": 0.8,
"vendor": "brother industry",
"version": null
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industry",
"version": "l (1.10)"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.6,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw frimware l",
"scope": "eq",
"trust": 0.3,
"vendor": "brother",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "BID",
"id": "59723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2671"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC Research",
"sources": [
{
"db": "BID",
"id": "59723"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2671",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2671",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-01795",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-62673",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2671",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01795",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62673",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670. Brother MFC-9970CDW The printer firmware contains a cross-site scripting vulnerability. This vulnerability CVE-2013-2507 and CVE-2013-2670 Is a different vulnerability.By any third party, any Web Script or HTML May be inserted. (1) admin/admin_main.html of id Parameters (2) admin/admin_main.html of val Parameters (3) admin/profile_settings_net.html of id Parameters (4) admin/profile_settings_net.html of val Parameters (5) admin/profile_settings_net.html Any parameter name (QUERY_STRING) (6) fax/general_setup.html of kind Parameters (7) fax/general_setup.html Any parameter name (QUERY_STRING). The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. Because the program fails to properly handle user-supplied input, an attacker can exploit the vulnerability to execute arbitrary script code in the context of the affected browser. This may allow an attacker to steal cookie-based authentication credentials. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "BID",
"id": "59723"
},
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2671",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "93093",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "93092",
"trust": 2.5
},
{
"db": "BID",
"id": "59723",
"trust": 1.6
},
{
"db": "XF",
"id": "84093",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2014-01795",
"trust": 0.6
},
{
"db": "XF",
"id": "9970",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62673",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "BID",
"id": "59723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"id": "VAR-201403-0046",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "VULHUB",
"id": "VHN-62673"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
}
]
},
"last_update_date": "2023-12-18T12:38:34.010000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.brother.com"
},
{
"title": "MFC-9970CDW",
"trust": 0.8,
"url": "http://brother.jp/product/printer/mfc/mfc9970cdw/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 2.5,
"url": "http://osvdb.org/93092"
},
{
"trust": 2.5,
"url": "http://osvdb.org/93093"
},
{
"trust": 2.1,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/84093"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/59723"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2671"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2671"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyoaxzdi1ch"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "BID",
"id": "59723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"db": "VULHUB",
"id": "VHN-62673"
},
{
"db": "BID",
"id": "59723"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-62673"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59723"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2014-03-14T14:55:04.297000",
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-03-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01795"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-62673"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59723"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006194"
},
{
"date": "2017-08-29T01:33:16.510000",
"db": "NVD",
"id": "CVE-2013-2671"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW Cross-site scripting vulnerability in printer firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-201"
}
],
"trust": 0.7
}
}
VAR-202002-0514
Vulnerability from variot - Updated: 2023-12-18 12:38Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. Brother MFC-9970CDW Device firmware contains a vulnerability in the protection of inadequate credentials.Information may be obtained. Schneider Electric Magelis XBT HMI is a human interface controller. The Schneider Electric Magelis XBT HMI controller has a default password for configuration upload authentication that allows remote attackers to bypass access restrictions with specially crafted configuration data. Brother MFC-9970CDW Printer is prone to a remote information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information, such as passwords, that may aid in further attacks. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies.
The MFC-9970cdw Color Laser All-in-One combines print, copy, scan and fax in one powerful device. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0514",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": null,
"trust": 0.8,
"vendor": "brother industries",
"version": null
},
{
"model": "electric magelis xbt hmi controller",
"scope": null,
"trust": 0.6,
"vendor": "schneider",
"version": null
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.3,
"vendor": "brother",
"version": "1.10"
},
{
"model": "electric magelis xbt hmi controller",
"scope": "eq",
"trust": 0.2,
"vendor": "schneider",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "BID",
"id": "59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2672"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC Research",
"sources": [
{
"db": "BID",
"id": "59721"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2672",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007166",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-03176",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "0860eb70-2353-11e6-abef-000c29c66e3d",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.9 [IVD]"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007166",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2672",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2013-007166",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-03176",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-202",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW devices with firmware 0D allow cleartext submission of passwords. Brother MFC-9970CDW Device firmware contains a vulnerability in the protection of inadequate credentials.Information may be obtained. Schneider Electric Magelis XBT HMI is a human interface controller. The Schneider Electric Magelis XBT HMI controller has a default password for configuration upload authentication that allows remote attackers to bypass access restrictions with specially crafted configuration data. Brother MFC-9970CDW Printer is prone to a remote information-disclosure vulnerability. \nSuccessful exploits will allow attackers to obtain sensitive information, such as passwords, that may aid in further attacks. ** ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. \n\n\n\nThe MFC-9970cdw Color Laser All-in-One combines print, copy, scan and fax\nin one powerful device. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "BID",
"id": "59721"
},
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2672",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.5
},
{
"db": "CNVD",
"id": "CNVD-2013-03176",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166",
"trust": 0.8
},
{
"db": "BID",
"id": "58953",
"trust": 0.6
},
{
"db": "BID",
"id": "59721",
"trust": 0.3
},
{
"db": "IVD",
"id": "0860EB70-2353-11E6-ABEF-000C29C66E3D",
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "BID",
"id": "59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"id": "VAR-202002-0514",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
}
],
"trust": 1.60645162
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.8
}
],
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
}
]
},
"last_update_date": "2023-12-18T12:38:34.276000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://global.brother/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-522",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84094"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2672"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/58953"
},
{
"trust": 0.4,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "BID",
"id": "59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"db": "BID",
"id": "59721"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-04-16T00:00:00",
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"date": "2013-04-16T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59721"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2020-02-03T17:15:12.033000",
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-28T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-03176"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59721"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007166"
},
{
"date": "2020-02-05T20:49:11.063000",
"db": "NVD",
"id": "CVE-2013-2672"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Schneider Electric Magelis XBT HMI Controller Remote Security Bypass Vulnerability",
"sources": [
{
"db": "IVD",
"id": "0860eb70-2353-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2013-03176"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-202"
}
],
"trust": 0.6
}
}
VAR-201403-0045
Vulnerability from variot - Updated: 2023-12-18 12:38Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The /admin/admin_main.html script included with the Brother MFC-9970CDW incorrectly filters data submitted by users to the 'signedpdf' and 'websettings' parameters, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks, to obtain sensitive information or to hijack user sessions. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user's session. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Brother MFC-9970CDW version 1.10 firmware G and firmware L are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0045",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.6,
"vendor": "brother",
"version": "g\\(1.03\\)"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.6,
"vendor": "brother",
"version": "l\\(1.10\\)"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": null
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.9,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": null,
"trust": 0.8,
"vendor": "brother industry",
"version": null
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industry",
"version": "g (1.03)"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industry",
"version": "l (1.10)"
},
{
"model": "mfc-9970cdw g",
"scope": "eq",
"trust": 0.3,
"vendor": "brother",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "BID",
"id": "59720"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2670"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC",
"sources": [
{
"db": "BID",
"id": "59720"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2670",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2670",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-05291",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-62672",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2670",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-05291",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-203",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62672",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The /admin/admin_main.html script included with the Brother MFC-9970CDW incorrectly filters data submitted by users to the \u0027signedpdf\u0027 and \u0027websettings\u0027 parameters, allowing remote attackers to exploit vulnerabilities for cross-site scripting attacks, to obtain sensitive information or to hijack user sessions. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user\u0027s session. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nBrother MFC-9970CDW version 1.10 firmware G and firmware L are vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "BID",
"id": "59720"
},
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2670",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "93068",
"trust": 2.5
},
{
"db": "BID",
"id": "59720",
"trust": 1.6
},
{
"db": "XF",
"id": "84095",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-05291",
"trust": 0.6
},
{
"db": "XF",
"id": "9970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62672",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "BID",
"id": "59720"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"id": "VAR-201403-0045",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "VULHUB",
"id": "VHN-62672"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
}
]
},
"last_update_date": "2023-12-18T12:38:34.238000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.brother.com"
},
{
"title": "MFC-9970CDW",
"trust": 0.8,
"url": "http://brother.jp/product/printer/mfc/mfc9970cdw/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 2.5,
"url": "http://osvdb.org/93068"
},
{
"trust": 1.7,
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"trust": 1.7,
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/84095"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2670"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2670"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59720"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "BID",
"id": "59720"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"db": "VULHUB",
"id": "VHN-62672"
},
{
"db": "BID",
"id": "59720"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-62672"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59720"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2014-03-14T14:55:04.280000",
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05291"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-62672"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59720"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006193"
},
{
"date": "2017-08-29T01:33:16.463000",
"db": "NVD",
"id": "CVE-2013-2670"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW Cross-site scripting vulnerability in printer firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-203"
}
],
"trust": 0.7
}
}
VAR-201403-0065
Vulnerability from variot - Updated: 2023-12-18 12:38Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671. Brother MFC-9970CDW The printer firmware contains a cross-site scripting vulnerability. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user's session. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201403-0065",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.6,
"vendor": "brother",
"version": "g\\(1.03\\)"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": null
},
{
"model": "mfc-9970cdw",
"scope": null,
"trust": 0.8,
"vendor": "brother industry",
"version": null
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industry",
"version": "g (1.03)"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.6,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw frimware g",
"scope": null,
"trust": 0.3,
"vendor": "brother",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "BID",
"id": "59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2507"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC Research",
"sources": [
{
"db": "BID",
"id": "59719"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2507",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-2507",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-05290",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-62509",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2507",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-05290",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-204",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-62509",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671. Brother MFC-9970CDW The printer firmware contains a cross-site scripting vulnerability. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. A remote attacker can exploit a vulnerability to gain sensitive information or hijack a user\u0027s session. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "BID",
"id": "59719"
},
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.61
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-62509",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62509"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2507",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.6
},
{
"db": "OSVDB",
"id": "93066",
"trust": 2.5
},
{
"db": "OSVDB",
"id": "93067",
"trust": 2.5
},
{
"db": "BID",
"id": "59719",
"trust": 1.6
},
{
"db": "XF",
"id": "84096",
"trust": 1.4
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-05290",
"trust": 0.6
},
{
"db": "XF",
"id": "9970",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-62509",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "BID",
"id": "59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"id": "VAR-201403-0065",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "VULHUB",
"id": "VHN-62509"
}
],
"trust": 1.3129032399999998
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
}
]
},
"last_update_date": "2023-12-18T12:38:34.354000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 1.6,
"url": "http://brother.jp/product/printer/mfc/mfc9970cdw/index.htm"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.7,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 2.5,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 2.5,
"url": "http://osvdb.org/93066"
},
{
"trust": 2.5,
"url": "http://osvdb.org/93067"
},
{
"trust": 1.7,
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"trust": 1.4,
"url": "http://xforce.iss.net/xforce/xfdb/84096"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2507"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-2507"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/59719"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyoaxzdi1ch"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "BID",
"id": "59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"db": "VULHUB",
"id": "VHN-62509"
},
{
"db": "BID",
"id": "59719"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"date": "2014-03-14T00:00:00",
"db": "VULHUB",
"id": "VHN-62509"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59719"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2014-03-14T14:55:04.250000",
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05290"
},
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-62509"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59719"
},
{
"date": "2014-03-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-006192"
},
{
"date": "2017-08-29T01:33:15.607000",
"db": "NVD",
"id": "CVE-2013-2507"
},
{
"date": "2014-03-18T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW Cross-site scripting vulnerability in printer firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-006192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-204"
}
],
"trust": 0.7
}
}
VAR-202002-0518
Vulnerability from variot - Updated: 2023-12-18 12:38Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. Brother MFC-9970CDW Printer is prone to a remote information-disclosure vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0518",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.9,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industries",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "BID",
"id": "59726"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2676"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC Research",
"sources": [
{
"db": "BID",
"id": "59726"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2676",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007222",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-05296",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2013-2676",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007222",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2676",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2013-007222",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-05296",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-198",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2013-2676",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view private IP addresses and other sensitive information. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. Brother MFC-9970CDW Printer is prone to a remote information-disclosure vulnerability. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "BID",
"id": "59726"
},
{
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2676",
"trust": 3.5
},
{
"db": "BID",
"id": "59726",
"trust": 3.4
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-05296",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2013-2676",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"db": "BID",
"id": "59726"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"id": "VAR-202002-0518",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
}
],
"trust": 1.21290324
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
}
]
},
"last_update_date": "2023-12-18T12:38:34.317000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://global.brother/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://www.securityfocus.com/bid/59726"
},
{
"trust": 1.7,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84090"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 1.0,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2676"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"db": "BID",
"id": "59726"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"db": "BID",
"id": "59726"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"date": "2020-02-04T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59726"
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2020-02-04T15:15:11.287000",
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"date": "2020-02-12T00:00:00",
"db": "VULMON",
"id": "CVE-2013-2676"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59726"
},
{
"date": "2020-02-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007222"
},
{
"date": "2020-02-12T14:59:59.060000",
"db": "NVD",
"id": "CVE-2013-2676"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05296"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-198"
}
],
"trust": 0.6
}
}
VAR-202002-0517
Vulnerability from variot - Updated: 2023-12-18 12:38Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. Brother MFC-9970CDW A vulnerability exists in the device firmware regarding improper restrictions on rendered user interface layers or frames.Information may be obtained. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. No detailed vulnerability details are currently available. The Brother MFC-9970CDW printer is prone to an unspecified clickjacking vulnerability. Other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0517",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industries",
"version": "1.10"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.6,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw frimware l",
"scope": "eq",
"trust": 0.3,
"vendor": "brother",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "BID",
"id": "59724"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC Research",
"sources": [
{
"db": "BID",
"id": "59724"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007201",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2013-05295",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007201",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2675",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2013-007201",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-05295",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-200",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW 1.10 devices with Firmware L contain a Frameable response (Clickjacking) vulnerability which could allow remote attackers to obtain sensitive information. Brother MFC-9970CDW A vulnerability exists in the device firmware regarding improper restrictions on rendered user interface layers or frames.Information may be obtained. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. No detailed vulnerability details are currently available. The Brother MFC-9970CDW printer is prone to an unspecified clickjacking vulnerability. Other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "BID",
"id": "59724"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2675",
"trust": 3.4
},
{
"db": "BID",
"id": "59724",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-05295",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "BID",
"id": "59724"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"id": "VAR-202002-0517",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
}
],
"trust": 1.21290324
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
}
]
},
"last_update_date": "2023-12-18T12:38:34.047000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://global.brother/en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-1021",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84092"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/59724"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 1.0,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2675"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyoaxzdi1ch"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "BID",
"id": "59724"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"db": "BID",
"id": "59724"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59724"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2020-02-05T18:15:10.250000",
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05295"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59724"
},
{
"date": "2020-02-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007201"
},
{
"date": "2020-02-11T18:34:27.597000",
"db": "NVD",
"id": "CVE-2013-2675"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW Vulnerability in improperly limiting rendered user interface layers or frames in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-200"
}
],
"trust": 0.6
}
}
VAR-202002-0516
Vulnerability from variot - Updated: 2023-12-18 12:38Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. A security vulnerability exists in the Brother MFC-9970CDW that allows remote attackers to exploit vulnerabilities to gain access to cross-domain referers. No detailed vulnerability details are currently available. Brother MFC-9970CDW Printer is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0516",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.9,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industries",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "BID",
"id": "59725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2674"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC",
"sources": [
{
"db": "BID",
"id": "59725"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2674",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007165",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-05294",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007165",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2674",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2013-007165",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2013-05294",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-199",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW 1.10 firmware L devices contain an information disclosure vulnerability which allows remote attackers to view sensitive information from referrer logs due to inadequate handling of HTTP referrer headers. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. A security vulnerability exists in the Brother MFC-9970CDW that allows remote attackers to exploit vulnerabilities to gain access to cross-domain referers. No detailed vulnerability details are currently available. Brother MFC-9970CDW Printer is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information. This may aid in further attacks. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "BID",
"id": "59725"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2674",
"trust": 3.4
},
{
"db": "BID",
"id": "59725",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-05294",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "BID",
"id": "59725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"id": "VAR-202002-0516",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
}
],
"trust": 1.21290324
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
}
]
},
"last_update_date": "2023-12-18T12:38:34.390000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MFC-9970CDW",
"trust": 0.8,
"url": "https://www.brother.co.jp/product/printer/laserprinter/mfc9970cdw/index.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84091"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/59725"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 1.0,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2674"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyoaxzdi1ch"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "BID",
"id": "59725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"db": "BID",
"id": "59725"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59725"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2020-02-03T18:15:11.023000",
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05294"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59725"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007165"
},
{
"date": "2020-02-05T20:32:11.250000",
"db": "NVD",
"id": "CVE-2013-2674"
},
{
"date": "2020-05-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW firmware L Information leakage vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007165"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-199"
}
],
"trust": 0.6
}
}
VAR-202002-0515
Vulnerability from variot - Updated: 2023-12-18 12:38Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. (DoS) It may be put into a state. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The Brother MFC-9970 CDW login page uses the auto-complete feature in the password field by default, allowing an attacker with physical access to more easily access user accounts. A remote attacker could exploit this vulnerability to obtain password information. Brother MFC-9970CDW Printer is prone to a security-bypass weakness. An attacker with physical access can exploit this issue to gain unauthorized access to other user's account. Brother MFC-9970CDW 1.10 firmware L is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
=========================================
Brother MFC-9970CDW Firmware 0D
Date: Jan. 13, 2013
URL: http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html
=========================================
Keywords
=========================================
XSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit, Zero Day, Brother MFC-9970 CDW
CVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673, CVE-2013-2674, CVE-2013-2675, CVE-2013-2676
=========================================
Summary
=========================================
A Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in January 2013. This document will introduce and discuss the vulnerability and provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware L Version 1.10 Released on July 9, 2012, and prior versions.
=========================================
Overview
=========================================
Brother Industries, Ltd. is a multinational electronics and electrical equipment company headquartered in Nagoya, Japan. Its products include printers, multifunction printers, sewing machines, large machine tools, label printers, typewriters, fax machines, and other computer-related electronics. Brother distributes its products both under its own name and under OEM agreements with other companies. It produces high-impact color output at impressive print and copy speeds of up to 30ppm and offers flexible connectivity with wireless, Ethernet and USB interfaces. It features a 5" Color Touch Screen display for easy navigation and menu selection. Also, this flagship model offers automatic duplex print/copy/scan/fax and optional high yield toner cartridges to help lower your operating costs \x96 making this all-in-one a smart choice for a business or workgroup.
=========================================
The Bug
=========================================
Reflected Cross Site Scripting, CWE-79
=========================================
Vulnerable Parameters = id , val, kind + Query String
Signature = ">alert(1)
=========================================
Version Identification
=========================================
Brother MFC-9970CDW - Version Identification - Firmware \x93L\x94 Version 1.10
Brother MFC-9970CDW - Version Identification - Firmware \x93G\x94
=========================================
PoC
=========================================
PoC URL
http://my.vulnerable.printer/admin/admin_main.html?id=websettings"> alert(1)
=========================================
CVE Information
=========================================
CVE-2013-2507 is specific to Firmware G.
XSS at:
admin/log_to_net.html id parameter
fax/copy_settings.html kind parameter
CVE-2013-2670 is for the issue that is present in both the Firmware G report and Firmware L.
XSS at:
admin/admin_main.html name of an arbitrarily assigned URL parameter
CVE-2013-2671 is for the XSS issues that are only present in Firmware L.
CVEs for Firmware L:
Cleartext submission of password CVE-2013-2672
Password field with autocomplete enabled CVE-2013-2673
Cross-domain Referer leakage CVE-2013-2674
Frameable response (Clickjacking) CVE-2013-2675
Private IP addresses disclosed CVE-2013-2676
CVSS 2 Score = 4.5
Timeline
Attempt contact via e-mail in January 2013.
Call the Toll Free Support Line in March 2013.
Callback from Vendor in April 2013.
E-mail sent to Vendor in April 2013.
VENDOR UNRESPONSIVE
Published May 3, 2013
Hoyt LLC Research Public Domain Report
http://xss.cx/
=========================================
END
=========================================
-----BEGIN PGP SIGNATURE----- Version: 10.2.0.2526
wsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx 1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv AIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb 4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8 nSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG VQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg== =Ua1o -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202002-0515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 1.0,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw l",
"scope": "eq",
"trust": 0.9,
"vendor": "brother",
"version": "1.10"
},
{
"model": "mfc-9970cdw",
"scope": "eq",
"trust": 0.8,
"vendor": "brother industries",
"version": "1.10"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "BID",
"id": "59727"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:brother:mfc-9970cdw_firmware:1.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2673"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoyt LLC",
"sources": [
{
"db": "BID",
"id": "59727"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
],
"trust": 0.9
},
"cve": "CVE-2013-2673",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Local",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 4.6,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-007164",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-05293",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Physical",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 6.8,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2013-007164",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-2673",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "JVNDB-2013-007164",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-05293",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201305-197",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW 1.10 firmware L devices contain a security bypass vulnerability which allows physically proximate attackers to gain unauthorized access. (DoS) It may be put into a state. The Brother MFC-9970CDW is a color laser printer device that supports wireless network printing. The Brother MFC-9970 CDW login page uses the auto-complete feature in the password field by default, allowing an attacker with physical access to more easily access user accounts. A remote attacker could exploit this vulnerability to obtain password information. Brother MFC-9970CDW Printer is prone to a security-bypass weakness. \nAn attacker with physical access can exploit this issue to gain unauthorized access to other user\u0027s account. \nBrother MFC-9970CDW 1.10 firmware L is vulnerable; other versions may also be affected. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=========================================\n\nBrother MFC-9970CDW Firmware 0D\n\nDate: Jan. 13, 2013\n\nURL:\nhttp://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html\n\n=========================================\n\nKeywords\n\n=========================================\n\nXSS, Cross Site Scripting, CWE-79, CAPEC-86, Javascript Injection, Exploit,\nZero Day, Brother MFC-9970 CDW\n\nCVE-2013-2507, CVE-2013-2670, CVE-2013-2671, CVE-2013-2672, CVE-2013-2673,\nCVE-2013-2674, CVE-2013-2675, CVE-2013-2676\n\n=========================================\n\nSummary\n\n=========================================\n\nA Reflected XSS Bug in the Brother MFC-9970CDW Printer was discovered in\nJanuary 2013. This document will introduce and discuss the vulnerability\nand provide Proof-of-Concept (PoC) Zero Day (0D) code examples for Firmware\nL Version 1.10 Released on July 9, 2012, and prior versions. \n\n=========================================\n\nOverview\n\n=========================================\n\nBrother Industries, Ltd. is a multinational electronics and electrical\nequipment company headquartered in Nagoya, Japan. Its products include\nprinters, multifunction printers, sewing machines, large machine tools,\nlabel printers, typewriters, fax machines, and other computer-related\nelectronics. Brother distributes its products both under its own name and\nunder OEM agreements with other companies. It produces high-impact color output at impressive\nprint and copy speeds of up to 30ppm and offers flexible connectivity with\nwireless, Ethernet and USB interfaces. It features a 5\" Color Touch Screen\ndisplay for easy navigation and menu selection. Also, this flagship model\noffers automatic duplex print/copy/scan/fax and optional high yield toner\ncartridges to help lower your operating costs \\x96 making this all-in-one a\nsmart choice for a business or workgroup. \n\n=========================================\n\nThe Bug\n\n=========================================\n\nReflected Cross Site Scripting, CWE-79\n\n=========================================\n\nVulnerable Parameters = id , val, kind + Query String\n\nSignature = \"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e\n\n=========================================\n\nVersion Identification\n\n=========================================\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93L\\x94 Version\n1.10\n\nBrother MFC-9970CDW - Version Identification - Firmware \\x93G\\x94\n\n=========================================\n\nPoC\n\n=========================================\n\nPoC URL\n\nhttp://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e\nalert(1)\u003c/script\u003e\n\n=========================================\n\nCVE Information\n\n=========================================\n\nCVE-2013-2507 is specific to Firmware G. \n\nXSS at:\n\n admin/log_to_net.html id parameter\n\n fax/copy_settings.html kind parameter\n\nCVE-2013-2670 is for the issue that is present in both the Firmware G\nreport and Firmware L. \n\nXSS at:\n\n admin/admin_main.html name of an arbitrarily assigned URL parameter\n\nCVE-2013-2671 is for the XSS issues that are only present in Firmware L. \n\nCVEs for Firmware L:\n\nCleartext submission of password CVE-2013-2672\n\nPassword field with autocomplete enabled CVE-2013-2673\n\nCross-domain Referer leakage CVE-2013-2674\n\nFrameable response (Clickjacking) CVE-2013-2675\n\nPrivate IP addresses disclosed CVE-2013-2676\n\nCVSS 2 Score = 4.5\n\nTimeline\n\nAttempt contact via e-mail in January 2013. \n\nCall the Toll Free Support Line in March 2013. \n\nCallback from Vendor in April 2013. \n\nE-mail sent to Vendor in April 2013. \n\nVENDOR UNRESPONSIVE\n\nPublished May 3, 2013\n\nHoyt LLC Research Public Domain\nReport\n\nhttp://xss.cx/\n\n=========================================\n\nEND\n\n=========================================\n\n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: 10.2.0.2526\n\nwsBVAwUBUYkKz3z+WcLIygj0AQiVegf/VFskxkdQkqUcqzKXHbTvnHLkkTA8fSgx\n1orNQQwxahmpX2f5Jce4zuUz2g+35McwWCKR4kMnOio/9FnWl/w+zqiwmzFqfuHv\nAIQAD0XXP+vKY/vSF0Bjtg9bUVlkNC4ilmyYVwWS9ycM0HOff3nwXxaZmpkr1Ibb\n4Bn4ZeILFYaZYYfj3kM4JSsIuI+gisGmTDg6jMYfZhFDIps5nXeq2vDm34E7Sgx8\nnSEOiS9FIq7YSh+ZIWCJE3Olcsx0DUiZuZXVIR4pT8mubB0f6Fx6wOVNQyiT5qNG\nVQNG1QARkNQFxxuSZD11NtO8mszE+sC8ZBP4VfRjkvJ3c8DecyB5Mg==\n=Ua1o\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "BID",
"id": "59727"
},
{
"db": "PACKETSTORM",
"id": "121553"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-2673",
"trust": 3.4
},
{
"db": "BID",
"id": "59727",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "121553",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2013-05293",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "BID",
"id": "59727"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"id": "VAR-202002-0515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
}
],
"trust": 1.21290324
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
}
]
},
"last_update_date": "2023-12-18T12:38:33.939000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MFC-9970CDW",
"trust": 0.8,
"url": "https://www.brother.co.jp/product/printer/laserprinter/mfc9970cdw/index.aspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "http://packetstormsecurity.com/files/121553/brother-mfc-9970cdw-firmware-0d-cross-site-scripting.html"
},
{
"trust": 1.6,
"url": "https://www.securityfocus.com/bid/59727"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2673"
},
{
"trust": 1.0,
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-2673"
},
{
"trust": 0.3,
"url": "http://www.brother.com"
},
{
"trust": 0.3,
"url": "http://www.brother-usa.com/mfc/modeldetail/4/mfc9970cdw/overview#.uyobsuqdyit"
},
{
"trust": 0.1,
"url": "http://my.vulnerable.printer/admin/admin_main.html?id=websettings\"\u003e\u003cscript\u003e"
},
{
"trust": 0.1,
"url": "http://xss.cx/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2671"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2674"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2670"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2676"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2672"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2675"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "BID",
"id": "59727"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"db": "BID",
"id": "59727"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"db": "PACKETSTORM",
"id": "121553"
},
{
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59727"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"date": "2013-05-08T02:27:54",
"db": "PACKETSTORM",
"id": "121553"
},
{
"date": "2020-02-03T18:15:10.960000",
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"date": "2013-05-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-05-14T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-05293"
},
{
"date": "2013-05-06T00:00:00",
"db": "BID",
"id": "59727"
},
{
"date": "2020-02-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007164"
},
{
"date": "2020-02-05T21:13:28.697000",
"db": "NVD",
"id": "CVE-2013-2673"
},
{
"date": "2020-05-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "59727"
},
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brother MFC-9970CDW firmware L Unauthorized authentication vulnerabilities in devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007164"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201305-197"
}
],
"trust": 0.6
}
}
FKIE_CVE-2013-2670
Vulnerability from fkie_nvd - Published: 2014-03-14 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brother | mfc-9970cdw_firmware | g\(1.03\) | |
| brother | mfc-9970cdw_firmware | l\(1.10\) | |
| brother | mfc-9970cdw | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
"matchCriteriaId": "280824FC-40F6-42CE-A4FC-B8903E87ED18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
"matchCriteriaId": "886F6FB8-AB3B-4737-8329-D282E1820D97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B644877-9329-447A-9DB0-4F369F23194A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la impresora Brother MFC-9970CDW con firmware G (1.03) y L (1.10) permite a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de un par\u00e1metro name (QUERY_STRING) arbitrario hacia admin/admin_main.html, una vulnerabilidad diferente a CVE-2013-2507 y CVE-2013-2671."
}
],
"id": "CVE-2013-2670",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T14:55:04.280",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93068"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2671
Vulnerability from fkie_nvd - Published: 2014-03-14 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brother | mfc-9970cdw_firmware | l\(1.10\) | |
| brother | mfc-9970cdw | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:l\\(1.10\\):*:*:*:*:*:*:*",
"matchCriteriaId": "886F6FB8-AB3B-4737-8329-D282E1820D97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B644877-9329-447A-9DB0-4F369F23194A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la impresora Brother MFC-9970CDW con firmware L (1.10) permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro id o (2) val hacia admin/admin_main.html; (3) el par\u00e1metro id, (4) val o (5) name (QUERY_STRING) arbitrario hacia admin/profile_settings_net.html; o (6) el par\u00e1metro kind o (7) name (QUERY_STRING) arbitrario hacia fax/general_setup.html, una vulnerabilidad diferente a CVE-2013-2507 y CVE-2013-2670."
}
],
"id": "CVE-2013-2671",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T14:55:04.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93092"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93093"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93092"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-2507
Vulnerability from fkie_nvd - Published: 2014-03-14 14:55 - Updated: 2025-04-12 10:46
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| brother | mfc-9970cdw_firmware | g\(1.03\) | |
| brother | mfc-9970cdw | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:brother:mfc-9970cdw_firmware:g\\(1.03\\):*:*:*:*:*:*:*",
"matchCriteriaId": "280824FC-40F6-42CE-A4FC-B8903E87ED18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:brother:mfc-9970cdw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B644877-9329-447A-9DB0-4F369F23194A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de XSS en la impresora Brother MFC-9970CDW con firmware G (1.03) permiten a atacantes remotos inyectar script Web o HTML arbitrarios a trav\u00e9s del par\u00e1metro (1) id hacia admin/log_to_net.html o (2) kind hacia fax/copy_settings.html, una vulnerabilidad diferente a CVE-2013-2670 y CVE-2013-2671."
}
],
"id": "CVE-2013-2507",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-03-14T14:55:04.250",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93066"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/93067"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93066"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/93067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-2507 (GCVE-0-2013-2507)
Vulnerability from cvelistv5 – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"refsource": "OSVDB",
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"refsource": "OSVDB",
"url": "http://osvdb.org/93066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2507",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2671 (GCVE-0-2013-2671)
Vulnerability from cvelistv5 – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93092"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93092"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"refsource": "OSVDB",
"url": "http://osvdb.org/93092"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"refsource": "OSVDB",
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2671",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2670 (GCVE-0-2013-2670)
Vulnerability from cvelistv5 – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"refsource": "OSVDB",
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2670",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2507 (GCVE-0-2013-2507)
Vulnerability from nvd – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.092Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93066"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93066"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2507",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/log_to_net.html or (2) kind parameter to fax/copy_settings.html, a different vulnerability than CVE-2013-2670 and CVE-2013-2671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "brothermfc9970cdw-cve20132507-xss(84096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84096"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93067",
"refsource": "OSVDB",
"url": "http://osvdb.org/93067"
},
{
"name": "93066",
"refsource": "OSVDB",
"url": "http://osvdb.org/93066"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2507",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-08T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2671 (GCVE-0-2013-2671)
Vulnerability from nvd – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.291Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93092"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93092"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2671",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware L (1.10) allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) val parameter to admin/admin_main.html; (3) id, (4) val, or (5) arbitrary parameter name (QUERY_STRING) to admin/profile_settings_net.html; or (6) kind or (7) arbitrary parameter name (QUERY_STRING) to fax/general_setup.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2670."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "93092",
"refsource": "OSVDB",
"url": "http://osvdb.org/93092"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "93093",
"refsource": "OSVDB",
"url": "http://osvdb.org/93093"
},
{
"name": "brothermfc9970cdw-cve20132671-xss(84093)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84093"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2671",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.291Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2670 (GCVE-0-2013-2670)
Vulnerability from nvd – Published: 2014-03-14 14:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:33.124Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2670",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW printer with firmware G (1.03) and L (1.10) allows remote attackers to inject arbitrary web script or HTML via an arbitrary parameter name (QUERY_STRING) to admin/admin_main.html, a different vulnerability than CVE-2013-2507 and CVE-2013-2671."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html",
"refsource": "MISC",
"url": "http://www.cloudscan.me/2013/05/xss-javascript-injection-brother-mfc.html"
},
{
"name": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/121553/Brother-MFC-9970CDW-Firmware-0D-Cross-Site-Scripting.html"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc-9970cdw-firmware-g-v103-by-hoyt-03072013.html"
},
{
"name": "93068",
"refsource": "OSVDB",
"url": "http://osvdb.org/93068"
},
{
"name": "brothermfc9970cdw-cve20132670-xss(84095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84095"
},
{
"name": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html",
"refsource": "MISC",
"url": "http://osvdb.org/ref/93/brother-mfc9970cdw-firmware-l-110-hoytllc-report.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2670",
"datePublished": "2014-03-14T14:00:00",
"dateReserved": "2013-03-22T00:00:00",
"dateUpdated": "2024-08-06T15:44:33.124Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}