Search criteria
13 vulnerabilities found for wl-330nul by asus
VAR-201809-0644
Vulnerability from variot - Updated: 2023-12-18 14:05Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352). Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. A remote attacker can use this vulnerability to hijack the administrator's identity through a malicious page and perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201809-0644",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "lt",
"trust": 1.6,
"vendor": "asus",
"version": "3.0.0.46"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to version 3.0.0.46"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.41"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wl-330nul_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.0.0.46",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0647"
}
]
},
"cve": "CVE-2018-0647",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "High",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 2.6,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000082",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"exploitabilityScore": 4.9,
"id": "CNVD-2018-13650",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-118849",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2018-000082",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-0647",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2018-000082",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-13650",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201809-414",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-118849",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability in WL-330NUL Firmware version prior to 3.0.0.46 allows remote attackers to hijack the authentication of administrators via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a cross-site request forgery vulnerability (CWE-352). Masashi Sakai reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.If a user views a malicious page while logged in the management screen, unintended operations may be performed on the device. A remote attacker can use this vulnerability to hijack the administrator\u0027s identity through a malicious page and perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN71329812",
"trust": 3.1
},
{
"db": "NVD",
"id": "CVE-2018-0647",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-13650",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-118849",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"id": "VAR-201809-0644",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
}
]
},
"last_update_date": "2023-12-18T14:05:19.874000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "BIOS \u0026 FIRMWARE",
"trust": 0.8,
"url": "https://www.asus.com/us/networking/wl330nul/helpdesk_bios/"
},
{
"title": "Patch for ASUSWL-330NUL Cross-Site Request Forgery Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/134931"
},
{
"title": "ASUS WL-330NUL Fixes for cross-site request forgery vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=84708"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-118849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn71329812/index.html"
},
{
"trust": 1.7,
"url": "https://www.asus.com/us/networking/wl330nul/helpdesk_bios/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0647"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-0647"
},
{
"trust": 0.6,
"url": "https://jvn.jp/en/jp/jvn71329812/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "VULHUB",
"id": "VHN-118849"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"date": "2018-09-07T00:00:00",
"db": "VULHUB",
"id": "VHN-118849"
},
{
"date": "2018-07-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"date": "2018-09-07T14:29:01.367000",
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-118849"
},
{
"date": "2019-07-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-000082"
},
{
"date": "2018-10-30T13:31:04.447000",
"db": "NVD",
"id": "CVE-2018-0647"
},
{
"date": "2018-09-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS WL-330NUL Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-13650"
},
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201809-414"
}
],
"trust": 0.6
}
}
VAR-201512-0510
Vulnerability from variot - Updated: 2023-12-18 14:01ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the product may obtain the WPA2-PSK passphrase. WL-330NUL has an information disclosure vulnerability. Allows an attacker to discover WPA2-PSK passwords using unidentified vectors. Asus WL-330NUL is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may lead to further attacks. WL-330NUL Firmware versions prior to 3.0.0.42 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "ne",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "BID",
"id": "79746"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wl-330nul_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7787"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc.",
"sources": [
{
"db": "BID",
"id": "79746"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7787",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000192",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-08526",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-85748",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CVE-2015-7787",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "LOW",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2015-000192",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7787",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000192",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08526",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-699",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85748",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2015-7787",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to discover the WPA2-PSK passphrase via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains an issue in information management. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the product may obtain the WPA2-PSK passphrase. WL-330NUL has an information disclosure vulnerability. Allows an attacker to discover WPA2-PSK passwords using unidentified vectors. Asus WL-330NUL is prone to an information-disclosure vulnerability. \nAttackers can exploit this issue to obtain sensitive information that may lead to further attacks. \nWL-330NUL Firmware versions prior to 3.0.0.42 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "BID",
"id": "79746"
},
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "VULMON",
"id": "CVE-2015-7787"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7787",
"trust": 3.5
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192",
"trust": 3.2
},
{
"db": "JVN",
"id": "JVN69462495",
"trust": 2.9
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08526",
"trust": 0.6
},
{
"db": "BID",
"id": "79746",
"trust": 0.5
},
{
"db": "VULHUB",
"id": "VHN-85748",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7787",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"db": "BID",
"id": "79746"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"id": "VAR-201512-0510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "VULHUB",
"id": "VHN-85748"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
}
]
},
"last_update_date": "2023-12-18T14:01:47.973000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Released firmware updates for vulnerabilities on ASUS WL-330NUL Wireless-N Pocket Router",
"trust": 0.8,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"title": "WL-330NUL Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69296"
},
{
"title": "ASUS Japan WL-330NUL Repair measures for device information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59390"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "http://jvn.jp/en/jp/jvn69462495/index.html"
},
{
"trust": 2.1,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"trust": 1.8,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000192"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7787"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7787"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000192.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.securityfocus.com/bid/79746"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"db": "BID",
"id": "79746"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"db": "VULHUB",
"id": "VHN-85748"
},
{
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"db": "BID",
"id": "79746"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85748"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79746"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"date": "2015-12-30T05:59:07.910000",
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08526"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85748"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7787"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79746"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000192"
},
{
"date": "2015-12-30T18:21:31.427000",
"db": "NVD",
"id": "CVE-2015-7787"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WL-330NUL information management vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000192"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-699"
}
],
"trust": 0.6
}
}
VAR-201512-0512
Vulnerability from variot - Updated: 2023-12-18 13:44ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service (DoS) vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may be able to cause a denial-of-service (DoS). There is a denial of service vulnerability in WL-330NUL. WL-330NUL Firmware versions prior to 3.0.0.42 are vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0512",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": "*"
},
{
"model": "wl-33nul",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
},
{
"model": "wl-33nul",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "ne",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "BID",
"id": "79737"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wl-33nul_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7789"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc.",
"sources": [
{
"db": "BID",
"id": "79737"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7789",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 3.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000194",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-08528",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-85750",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000194",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7789",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000194",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08528",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-701",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-85750",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "VULHUB",
"id": "VHN-85750"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a denial-of-service (DoS) vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may be able to cause a denial-of-service (DoS). There is a denial of service vulnerability in WL-330NUL. \nWL-330NUL Firmware versions prior to 3.0.0.42 are vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "BID",
"id": "79737"
},
{
"db": "VULHUB",
"id": "VHN-85750"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7789",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN85359294",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08528",
"trust": 0.6
},
{
"db": "BID",
"id": "79737",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85750",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "VULHUB",
"id": "VHN-85750"
},
{
"db": "BID",
"id": "79737"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"id": "VAR-201512-0512",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "VULHUB",
"id": "VHN-85750"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
}
]
},
"last_update_date": "2023-12-18T13:44:18.298000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Released firmware updates for vulnerabilities on ASUS WL-330NUL Wireless-N Pocket Router",
"trust": 0.8,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"title": "WL-330NUL denial of service vulnerability patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69292"
},
{
"title": "ASUS Japan WL-330NUL Fixes for device input validation vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59392"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85750"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn85359294/index.html"
},
{
"trust": 2.0,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000194"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7789"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7789"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000194.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
},
{
"trust": 0.3,
"url": "http://jvn.jp/en/jp/jvn85359294/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "VULHUB",
"id": "VHN-85750"
},
{
"db": "BID",
"id": "79737"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"db": "VULHUB",
"id": "VHN-85750"
},
{
"db": "BID",
"id": "79737"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85750"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79737"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"date": "2015-12-30T05:59:10.003000",
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08528"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85750"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79737"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000194"
},
{
"date": "2015-12-30T18:22:28.067000",
"db": "NVD",
"id": "CVE-2015-7789"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WL-330NUL vulnerable to denial-of-service (DoS)",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000194"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-701"
}
],
"trust": 0.6
}
}
VAR-201401-0526
Vulnerability from variot - Updated: 2023-12-18 13:24The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "wl-330nul",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asus wl-330nul pocket wifi",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "64799"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7293",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00424",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-67295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7293",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. \nAn attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "VULHUB",
"id": "VHN-67295"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#191750",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2013-7293",
"trust": 3.4
},
{
"db": "BID",
"id": "64799",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90604200",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67295",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"id": "VAR-201401-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
}
],
"trust": 1.50555555
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
}
]
},
"last_update_date": "2023-12-18T13:24:57.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Drivers and Download",
"trust": 0.8,
"url": "http://support.asus.com/download/options.aspx"
},
{
"title": "ASUS WL-330NUL Pocket Wifi Router Static DNS Entry Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/191750"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64799"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://support.asus.com/download/options.aspx?slanguage=en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7293"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90604200/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7293"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#191750"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-67295"
},
{
"date": "2013-11-25T00:00:00",
"db": "BID",
"id": "64799"
},
{
"date": "2014-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"date": "2014-01-15T16:13:03.757000",
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "CERT/CC",
"id": "VU#191750"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-67295"
},
{
"date": "2014-01-16T14:33:00",
"db": "BID",
"id": "64799"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"date": "2016-12-31T02:59:09.983000",
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Wireless Router products contain a static DNS entry",
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "64799"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
],
"trust": 0.9
}
}
VAR-201512-0511
Vulnerability from variot - Updated: 2023-12-18 12:20ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the product may execute an arbitrary command with administrative privileges. Asus WL-330NUL is prone to an unspecified remote command-execution vulnerability because it fails to sufficiently validate user-input supplied
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0511",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "ne",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "BID",
"id": "79742"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wl-330nul_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7788"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc.",
"sources": [
{
"db": "BID",
"id": "79742"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7788",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Adjacent Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 5.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-000193",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "CNVD-2015-08527",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.5,
"id": "VHN-85749",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 3.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "IPA",
"availabilityImpact": "Low",
"baseScore": 6.3,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2015-000193",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7788",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-000193",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08527",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-700",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85749",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "VULHUB",
"id": "VHN-85749"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to execute arbitrary commands via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a remote command execution vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker that can access the product may execute an arbitrary command with administrative privileges. Asus WL-330NUL is prone to an unspecified remote command-execution vulnerability because it fails to sufficiently validate user-input supplied",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "BID",
"id": "79742"
},
{
"db": "VULHUB",
"id": "VHN-85749"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7788",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193",
"trust": 3.1
},
{
"db": "JVN",
"id": "JVN34489380",
"trust": 2.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08527",
"trust": 0.6
},
{
"db": "BID",
"id": "79742",
"trust": 0.4
},
{
"db": "SEEBUG",
"id": "SSVID-90217",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-85749",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "VULHUB",
"id": "VHN-85749"
},
{
"db": "BID",
"id": "79742"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"id": "VAR-201512-0511",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "VULHUB",
"id": "VHN-85749"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
}
]
},
"last_update_date": "2023-12-18T12:20:40.297000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Released firmware updates for vulnerabilities on ASUS WL-330NUL Wireless-N Pocket Router",
"trust": 0.8,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"title": "Patch for WL-330NUL Remote Command Execution Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69293"
},
{
"title": "ASUS Japan WL-330NUL Fixes for device permissions and access control vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59391"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
},
{
"problemtype": "CWE-78",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85749"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.8,
"url": "http://jvn.jp/en/jp/jvn34489380/index.html"
},
{
"trust": 2.0,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000193"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7788"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7788"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000193.html"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "VULHUB",
"id": "VHN-85749"
},
{
"db": "BID",
"id": "79742"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"db": "VULHUB",
"id": "VHN-85749"
},
{
"db": "BID",
"id": "79742"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85749"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79742"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"date": "2015-12-30T05:59:09.097000",
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08527"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85749"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79742"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000193"
},
{
"date": "2015-12-30T18:23:29.770000",
"db": "NVD",
"id": "CVE-2015-7788"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WL-330NUL vulnerable to remote command execution",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000193"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-700"
}
],
"trust": 0.6
}
}
VAR-201512-0513
Vulnerability from variot - Updated: 2023-12-18 12:20Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user's web browser. ASUS WL-330NUL router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0513",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.9,
"vendor": "asus",
"version": "3.0.0.41"
},
{
"model": "wl-330nul",
"scope": "eq",
"trust": 0.8,
"vendor": "asus",
"version": "firmware prior to 3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
},
{
"model": "wl-330nul",
"scope": "ne",
"trust": 0.3,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "BID",
"id": "79730"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:asus:wl-330nul_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.0.0.41",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7790"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc.",
"sources": [
{
"db": "BID",
"id": "79730"
}
],
"trust": 0.3
},
"cve": "CVE-2015-7790",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2015-000195",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00018",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-85751",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 6.1,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2015-000195",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7790",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-000195",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00018",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-702",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85751",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "VULHUB",
"id": "VHN-85751"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. WL-330NUL provided by ASUS Japan Inc. is a portable wireless LAN router. WL-330NUL contains a stored cross-site scripting vulnerability. TAIZO TSUKAMOTO of GLOBAL SECURITY EXPERTS Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An arbitrary script may be executed on the user\u0027s web browser. ASUS WL-330NUL router is prone to an unspecified cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "BID",
"id": "79730"
},
{
"db": "VULHUB",
"id": "VHN-85751"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "JVN",
"id": "JVN89965717",
"trust": 3.4
},
{
"db": "NVD",
"id": "CVE-2015-7790",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195",
"trust": 2.5
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00018",
"trust": 0.6
},
{
"db": "BID",
"id": "79730",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-85751",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "VULHUB",
"id": "VHN-85751"
},
{
"db": "BID",
"id": "79730"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"id": "VAR-201512-0513",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "VULHUB",
"id": "VHN-85751"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
}
]
},
"last_update_date": "2023-12-18T12:20:40.230000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Released firmware updates for vulnerabilities on ASUS WL-330NUL Wireless-N Pocket Router",
"trust": 0.8,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"title": "Patch for ASUSJapan WL-330NUL device cross-site scripting vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69418"
},
{
"title": "ASUS Japan WL-330NUL Fixes for device cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59393"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85751"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://jvn.jp/en/jp/jvn89965717/index.html"
},
{
"trust": 2.0,
"url": "http://www.asus.com/jp/news/fx04le8hn0qboqfi"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000195"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7790"
},
{
"trust": 0.8,
"url": "https://jvn.jp/jp/jvn89965717/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7790"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "VULHUB",
"id": "VHN-85751"
},
{
"db": "BID",
"id": "79730"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "VULHUB",
"id": "VHN-85751"
},
{
"db": "BID",
"id": "79730"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85751"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79730"
},
{
"date": "2015-12-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"date": "2015-12-30T05:59:10.893000",
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-01-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85751"
},
{
"date": "2015-12-09T00:00:00",
"db": "BID",
"id": "79730"
},
{
"date": "2016-01-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000195"
},
{
"date": "2015-12-30T18:19:03.303000",
"db": "NVD",
"id": "CVE-2015-7790"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Japan WL-330NUL Device Cross-Site Scripting Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00018"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-702"
}
],
"trust": 0.6
}
}
VAR-201512-0515
Vulnerability from variot - Updated: 2023-12-18 12:20Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. A cross-site scripting vulnerability exists in WL-330NUL. Allows an attacker to exploit this vulnerability to inject arbitrary web scripts or HTML code. An attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0515",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cg-wlbargs",
"scope": null,
"trust": 1.4,
"vendor": "corega",
"version": null
},
{
"model": "cg-wlbargs",
"scope": "eq",
"trust": 1.0,
"vendor": "corega",
"version": "*"
},
{
"model": "wl-330nul",
"scope": "lt",
"trust": 0.6,
"vendor": "asus",
"version": "3.0.0.42"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:corega:cg-wlbargs_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7792"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Kousuke Kawahira of DWANGO Co.,Ltd.",
"sources": [
{
"db": "BID",
"id": "79683"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7792",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "JVNDB-2015-000201",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-08529",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-85753",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "IPA",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "JVNDB-2015-000201",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7792",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-000201",
"trust": 0.8,
"value": "Critical"
},
{
"author": "CNVD",
"id": "CNVD-2015-08529",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-601",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-85753",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Corega CG-WLBARGS devices allow remote attackers to perform administrative operations via unspecified vectors. CG-WLBARGS provided by Corega Inc is a wireless LAN router. CG-WLBARGS does not properly perform authentication. Kousuke Kawahira of DWANGO Co.,Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.An attacker who can access the product may log in with administrative privileges. As a result, an arbitrary administrative operations may be executed. A cross-site scripting vulnerability exists in WL-330NUL. Allows an attacker to exploit this vulnerability to inject arbitrary web scripts or HTML code. \nAn attacker can exploit this issue to bypass the authentication mechanism and perform unauthorized actions. This may aid in further attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "VULHUB",
"id": "VHN-85753"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7792",
"trust": 3.4
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201",
"trust": 2.5
},
{
"db": "JVN",
"id": "JVN51349622",
"trust": 2.5
},
{
"db": "BID",
"id": "79683",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601",
"trust": 0.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000195",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2015-08529",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85753",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"id": "VAR-201512-0515",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
}
],
"trust": 1.3111111
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
}
]
},
"last_update_date": "2023-12-18T12:20:40.197000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "About the authentication flaw",
"trust": 0.8,
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"title": "Patch for WL-330NUL Cross-Site Scripting Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/69289"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.1
},
{
"problemtype": "CWE-DesignError",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://jvn.jp/en/jp/jvn51349622/index.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/79683"
},
{
"trust": 1.7,
"url": "http://corega.jp/support/security/20151224_wlbargs.htm"
},
{
"trust": 1.7,
"url": "http://jvndb.jvn.jp/jvndb/jvndb-2015-000201"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7792"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7792"
},
{
"trust": 0.6,
"url": "http://jvndb.jvn.jp/en/contents/2015/jvndb-2015-000195.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"db": "VULHUB",
"id": "VHN-85753"
},
{
"db": "BID",
"id": "79683"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"date": "2015-12-30T00:00:00",
"db": "VULHUB",
"id": "VHN-85753"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79683"
},
{
"date": "2015-12-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"date": "2015-12-30T05:59:11.767000",
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"date": "2015-12-28T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08529"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85753"
},
{
"date": "2015-12-25T00:00:00",
"db": "BID",
"id": "79683"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-000201"
},
{
"date": "2016-11-28T19:44:33.660000",
"db": "NVD",
"id": "CVE-2015-7792"
},
{
"date": "2015-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "CG-WLBARGS does not properly perform authentication",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-000201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-601"
}
],
"trust": 0.6
}
}
FKIE_CVE-2015-7789
Vulnerability from fkie_nvd - Published: 2015-12-30 05:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| asus | wl-33nul_firmware | * | |
| asus | wl-330nul | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:asus:wl-33nul_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4F1AA8A-C3E7-40F4-BCB3-D050106ED43A",
"versionEndIncluding": "3.0.0.41",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:wl-330nul:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BE0B137A-6A2A-4CB2-8EEB-8C31FF31C715",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors."
},
{
"lang": "es",
"value": "Dispositivos ASUS Japan WL-330NUL con firmware anterior a 3.0.0.42 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2015-7789",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-30T05:59:10.003",
"references": [
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
}
],
"sourceIdentifier": "vultures@jpcert.or.jp",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2013-7293
Vulnerability from fkie_nvd - Published: 2014-01-15 16:13 - Updated: 2025-04-11 00:51
Severity ?
Summary
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.kb.cert.org/vuls/id/191750 | Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/64799 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/191750 | Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/64799 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*",
"matchCriteriaId": "005D168F-AD18-4881-936B-B5CAFC24F357",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."
},
{
"lang": "es",
"value": "El router ASUS WL-330NUL tiene un proceso de configuraci\u00f3n que se basa en el acceso a la direcci\u00f3n IP 192.168.1.1, pero la documentaci\u00f3n recomienda a los usuarios acceder en su lugar por un nombre de host DNS que no siempre se resuelve a 192.168.1.1, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos secuestrar el tr\u00e1fico mediante el control de la configuraci\u00f3n del servidor asociado con ese nombre de host."
}
],
"id": "CVE-2013-7293",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-15T16:13:03.757",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/64799"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/64799"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
},
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-7789 (GCVE-0-2015-7789)
Vulnerability from cvelistv5 – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI",
"refsource": "CONFIRM",
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7789",
"datePublished": "2015-12-30T02:00:00",
"dateReserved": "2015-10-09T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7293 (GCVE-0-2013-7293)
Vulnerability from cvelistv5 – Published: 2014-01-15 02:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/191750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7293",
"datePublished": "2014-01-15T02:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-7789 (GCVE-0-2015-7789)
Vulnerability from nvd – Published: 2015-12-30 02:00 – Updated: 2024-08-06 07:58
VLAI?
Summary
ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:58:59.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB",
"x_transferred"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-12-30T04:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"tags": [
"third-party-advisory",
"x_refsource_JVNDB"
],
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2015-7789",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow remote attackers to cause a denial of service via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI",
"refsource": "CONFIRM",
"url": "http://www.asus.com/jp/News/FX04LE8HN0qBoqFI"
},
{
"name": "JVNDB-2015-000194",
"refsource": "JVNDB",
"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000194"
},
{
"name": "JVN#85359294",
"refsource": "JVN",
"url": "http://jvn.jp/en/jp/JVN85359294/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2015-7789",
"datePublished": "2015-12-30T02:00:00",
"dateReserved": "2015-10-09T00:00:00",
"dateUpdated": "2024-08-06T07:58:59.927Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7293 (GCVE-0-2013-7293)
Vulnerability from nvd – Published: 2014-01-15 02:00 – Updated: 2024-08-06 18:01
VLAI?
Summary
The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:01:20.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "64799",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-29T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "64799",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/191750"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "64799",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64799"
},
{
"name": "VU#191750",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/191750"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7293",
"datePublished": "2014-01-15T02:00:00",
"dateReserved": "2014-01-14T00:00:00",
"dateUpdated": "2024-08-06T18:01:20.313Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}