Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
5 vulnerabilities by mediabridge
VAR-201512-0079
Vulnerability from variot - Updated: 2023-12-18 13:14Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is "Cookie: language-en; admin:language-en" If the authentication information is not known, it may be accessed with administrator privileges. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. Mediabridge Medialink Wireless-N Broadband Router is prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "medialink mwn-wapr300n",
"scope": "lte",
"trust": 1.0,
"vendor": "mediabridge",
"version": "5.07.50"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.8,
"vendor": "mediabridge",
"version": "version 5.07.50"
},
{
"model": "products medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.6,
"vendor": "mediabridge",
"version": null
},
{
"model": "medialink mwn-wapr300n",
"scope": "eq",
"trust": 0.6,
"vendor": "mediabridge",
"version": "5.07.50"
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.3,
"vendor": "mediabridge",
"version": "5.07.50"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediabridge:medialink_mwn-wapr300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.07.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediabridge:medialink_mwn-wapr300n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5996"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC.",
"sources": [
{
"db": "BID",
"id": "76609"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5996",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-004731",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06114",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-83957",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5996",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "IPA",
"id": "JVNDB-2015-004731",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06114",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-206",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-83957",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "VULHUB",
"id": "VHN-83957"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 allows remote attackers to hijack the authentication of arbitrary users. Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is \"Cookie: language-en; admin:language-en\" If the authentication information is not known, it may be accessed with administrator privileges. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. Mediabridge Medialink Wireless-N Broadband Router is prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A security-bypass vulnerability\n3. A cross-site request-forgery vulnerability\nExploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "VULHUB",
"id": "VHN-83957"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-83957",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83957"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-5996",
"trust": 3.4
},
{
"db": "EXPLOIT-DB",
"id": "45078",
"trust": 1.1
},
{
"db": "JVN",
"id": "JVNVU94201169",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06114",
"trust": 0.6
},
{
"db": "BID",
"id": "76609",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "148667",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-83957",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "VULHUB",
"id": "VHN-83957"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"id": "VAR-201512-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "VULHUB",
"id": "VHN-83957"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06114"
}
]
},
"last_update_date": "2023-12-18T13:14:34.702000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Medialink Wireless-N Broadband Router with Internal Antennas (300 Mbps)",
"trust": 0.8,
"url": "http://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83957"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.kb.cert.org/vuls/id/630872"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/45078/"
},
{
"trust": 0.8,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374\u0026idcategory=198"
},
{
"trust": 0.8,
"url": "http://www.tekrevue.com/one-mistake-fall-mediabridge/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/784.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "http://seclists.org/fulldisclosure/2016/may/60"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5995"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5996"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94201169/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5994"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5995"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5996"
},
{
"trust": 0.6,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
},
{
"trust": 0.3,
"url": "http://www.mediabridgeproducts.com/store/pc/home.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "VULHUB",
"id": "VHN-83957"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "VULHUB",
"id": "VHN-83957"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83957"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2015-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2015-12-31T05:59:13.863000",
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-31T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"date": "2018-07-28T00:00:00",
"db": "VULHUB",
"id": "VHN-83957"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2018-07-28T01:29:00.757000",
"db": "NVD",
"id": "CVE-2015-5996"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N Cross-Site Request Forgery Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06114"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-206"
}
],
"trust": 0.6
}
}
VAR-201512-0077
Vulnerability from variot - Updated: 2023-12-18 13:14The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. There are also authentication bypass vulnerabilities and cross-site request forgery vulnerabilities. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is "Cookie: language-en; admin:language-en" If the authentication information is not known, it may be accessed with administrator privileges. CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision https://cwe.mitre.org/data/definitions/784.html In addition, National Vulnerability Database (NVD) Then CWE-264 It is published as Cross-site request forgery (CWE-352) - CVE-2015-5996 The product contains a cross-site request forgery vulnerability. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlA remote attacker may be able to cause unintended operations by users who are logged into the product. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. Mediabridge Medialink Wireless-N Broadband Router is prone to the following multiple security vulnerabilities. 1. An authentication-bypass vulnerability 2. A security-bypass vulnerability 3. Other attacks are also possible. A remote attacker could exploit this vulnerability via a Wi-Fi session to gain administrator privileges
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0077",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "medialink mwn-wapr300n",
"scope": "lte",
"trust": 1.0,
"vendor": "mediabridge",
"version": "5.07.50"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.8,
"vendor": "mediabridge",
"version": "version 5.07.50"
},
{
"model": "products medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.6,
"vendor": "mediabridge",
"version": null
},
{
"model": "medialink mwn-wapr300n",
"scope": "eq",
"trust": 0.6,
"vendor": "mediabridge",
"version": "5.07.50"
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.3,
"vendor": "mediabridge",
"version": "5.07.50"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediabridge:medialink_mwn-wapr300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.07.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediabridge:medialink_mwn-wapr300n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5994"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC.",
"sources": [
{
"db": "BID",
"id": "76609"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5994",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-004731",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-06116",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 5.5,
"id": "VHN-83955",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:A/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 0.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5994",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2015-004731",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06116",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-204",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-83955",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "VULHUB",
"id": "VHN-83955"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web management interface on Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 has a default password of admin for the admin account and a default password of password for the medialink account, which allows remote attackers to obtain administrative privileges by leveraging a Wi-Fi session. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. There are also authentication bypass vulnerabilities and cross-site request forgery vulnerabilities. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is \"Cookie: language-en; admin:language-en\" If the authentication information is not known, it may be accessed with administrator privileges. CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision https://cwe.mitre.org/data/definitions/784.html In addition, National Vulnerability Database (NVD) Then CWE-264 It is published as Cross-site request forgery (CWE-352) - CVE-2015-5996 The product contains a cross-site request forgery vulnerability. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlA remote attacker may be able to cause unintended operations by users who are logged into the product. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. Mediabridge Medialink Wireless-N Broadband Router is prone to the following multiple security vulnerabilities. \n1. An authentication-bypass vulnerability\n2. A security-bypass vulnerability\n3. Other attacks are also possible. A remote attacker could exploit this vulnerability via a Wi-Fi session to gain administrator privileges",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "VULHUB",
"id": "VHN-83955"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2015-5994",
"trust": 3.4
},
{
"db": "JVN",
"id": "JVNVU94201169",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06116",
"trust": 0.6
},
{
"db": "BID",
"id": "76609",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-83955",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "VULHUB",
"id": "VHN-83955"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"id": "VAR-201512-0077",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "VULHUB",
"id": "VHN-83955"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06116"
}
]
},
"last_update_date": "2023-12-18T13:14:34.666000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Medialink Wireless-N Broadband Router with Internal Antennas (300 Mbps)",
"trust": 0.8,
"url": "http://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-264",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83955"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "https://www.kb.cert.org/vuls/id/630872"
},
{
"trust": 0.8,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374\u0026idcategory=198"
},
{
"trust": 0.8,
"url": "http://www.tekrevue.com/one-mistake-fall-mediabridge/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/784.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "http://seclists.org/fulldisclosure/2016/may/60"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5995"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5996"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94201169/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5994"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5995"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5996"
},
{
"trust": 0.6,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
},
{
"trust": 0.3,
"url": "http://www.mediabridgeproducts.com/store/pc/home.asp"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "VULHUB",
"id": "VHN-83955"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"db": "VULHUB",
"id": "VHN-83955"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83955"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2015-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2015-12-31T05:59:11.487000",
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-31T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06116"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83955"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2015-12-31T21:11:09.527000",
"db": "NVD",
"id": "CVE-2015-5994"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-204"
}
],
"trust": 0.6
}
}
VAR-201512-0078
Vulnerability from variot - Updated: 2023-12-18 13:14Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. There are also authentication bypass vulnerabilities and cross-site request forgery vulnerabilities. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is "Cookie: language-en; admin:language-en" If the authentication information is not known, it may be accessed with administrator privileges. CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision https://cwe.mitre.org/data/definitions/784.html In addition, National Vulnerability Database (NVD) Then CWE-264 It is published as Cross-site request forgery (CWE-352) - CVE-2015-5996 The product contains a cross-site request forgery vulnerability. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlA remote attacker may be able to cause unintended operations by users who are logged into the product. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. A security vulnerability exists in the Authorization feature of Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N. Local attackers can modify the requested cookie header to \342\200\230Cookie: language-en; admin:language-en\342\200\231 to bypass access restrictions. 1. An authentication-bypass vulnerability 2. A security-bypass vulnerability 3. A cross-site request-forgery vulnerability Exploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible. Mediabridge Medialink MWN-WAPR300N is a product of American Mediabridge Company. Tenda N3 Wireless N150 is a product of the Chinese company Tenda
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0078",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "n3 wireless n150",
"scope": "eq",
"trust": 1.0,
"vendor": "tenda",
"version": "*"
},
{
"model": "medialink mwn-wapr300n",
"scope": "lte",
"trust": 1.0,
"vendor": "mediabridge",
"version": "5.07.50"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "tenda",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.8,
"vendor": "mediabridge",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.8,
"vendor": "mediabridge",
"version": "version 5.07.50"
},
{
"model": "products medialink wireless-n broadband router mwn-wapr300n",
"scope": null,
"trust": 0.6,
"vendor": "mediabridge",
"version": null
},
{
"model": "n3 wireless n150",
"scope": null,
"trust": 0.6,
"vendor": "tenda",
"version": null
},
{
"model": "medialink wireless-n broadband router mwn-wapr300n",
"scope": "eq",
"trust": 0.3,
"vendor": "mediabridge",
"version": "5.07.50"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:tenda:n3_wireless_n150:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:mediabridge:medialink_mwn-wapr300n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.07.50",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:mediabridge:medialink_mwn-wapr300n:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5995"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC.",
"sources": [
{
"db": "BID",
"id": "76609"
}
],
"trust": 0.3
},
"cve": "CVE-2015-5995",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2015-004731",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.4,
"id": "CNVD-2015-06115",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-83956",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "CVE-2015-5995",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "HIGH",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-5995",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "IPA",
"id": "JVNDB-2015-004731",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-06115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201509-205",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-83956",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-5995",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF). Mediabridge Provided by Medialink Wireless-N Broadband Router The default settings use the same authentication information for all devices. There are also authentication bypass vulnerabilities and cross-site request forgery vulnerabilities. Certificate and password management (CWE-255) - CVE-2015-5994 The product has default settings for accessing the web interface. admin:admin The authentication information is used. Also for wireless networks medialink:password Common authentication information is used. These authentication information is common to all devices. If the product is used with default settings, an attacker within range of the wireless network may directly manipulate the web interface or be used for attacks such as cross-site request forgery. CWE-255: Credentials Management https://cwe.mitre.org/data/definitions/255.html Without security and verification of security decisions Cookie Trust (CWE-784) - CVE-2015-5995 The product is sent from the client HTTP Cookie Authentication is performed by checking the header value. LAN By attackers who can connect to HTTP Cookie Header is \"Cookie: language-en; admin:language-en\" If the authentication information is not known, it may be accessed with administrator privileges. CWE-784: Reliance on Cookies without Validation and Integrity Checking in a Security Decision https://cwe.mitre.org/data/definitions/784.html In addition, National Vulnerability Database (NVD) Then CWE-264 It is published as Cross-site request forgery (CWE-352) - CVE-2015-5996 The product contains a cross-site request forgery vulnerability. A user who has logged in to the product has been prepared by a remote attacker URL By accessing, you may be able to operate the product. The default setting of the product allows attacks even when the user is not logged in. CWE-352: Cross-Site Request Forgery (CSRF) https://cwe.mitre.org/data/definitions/352.htmlA remote attacker may be able to cause unintended operations by users who are logged into the product. Also, LAN An attacker with access to your device could bypass the authentication and manipulate your device directly. Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N is a wireless broadband router product. A security vulnerability exists in the Authorization feature of Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N. Local attackers can modify the requested cookie header to \\342\\200\\230Cookie: language-en; admin:language-en\\342\\200\\231 to bypass access restrictions. \n1. An authentication-bypass vulnerability\n2. A security-bypass vulnerability\n3. A cross-site request-forgery vulnerability\nExploiting these issues may allow a remote attacker to perform certain administrative actions, bypass certain security restrictions, gain unauthorized access to the affected device. Other attacks are also possible. Mediabridge Medialink MWN-WAPR300N is a product of American Mediabridge Company. Tenda N3 Wireless N150 is a product of the Chinese company Tenda",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
}
],
"trust": 3.33
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-83956",
"trust": 0.1,
"type": "unknown"
},
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41402",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872",
"trust": 4.3
},
{
"db": "NVD",
"id": "CVE-2015-5995",
"trust": 3.5
},
{
"db": "JVN",
"id": "JVNVU94201169",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-06115",
"trust": 0.6
},
{
"db": "BID",
"id": "76609",
"trust": 0.3
},
{
"db": "EXPLOIT-DB",
"id": "41402",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-83956",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-5995",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"id": "VAR-201512-0078",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "VULHUB",
"id": "VHN-83956"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-06115"
}
]
},
"last_update_date": "2023-12-18T13:14:34.627000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Medialink Wireless-N Broadband Router with Internal Antennas (300 Mbps)",
"trust": 0.8,
"url": "http://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
},
{
"title": "TendaSpill",
"trust": 0.1,
"url": "https://github.com/shaheemirza/tendaspill "
},
{
"title": "TendaSpill",
"trust": 0.1,
"url": "https://github.com/beetles-cyber-security/tendaspill "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
},
{
"problemtype": "CWE-Other",
"trust": 0.8
},
{
"problemtype": "CWE-352",
"trust": 0.8
},
{
"problemtype": "CWE-255",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.6,
"url": "https://www.kb.cert.org/vuls/id/630872"
},
{
"trust": 0.8,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374\u0026idcategory=198"
},
{
"trust": 0.8,
"url": "http://www.tekrevue.com/one-mistake-fall-mediabridge/"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/255.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/784.html"
},
{
"trust": 0.8,
"url": "https://cwe.mitre.org/data/definitions/352.html"
},
{
"trust": 0.8,
"url": "http://seclists.org/fulldisclosure/2016/may/60"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5994"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5995"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-5996"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94201169/index.html"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5994"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5995"
},
{
"trust": 0.8,
"url": "https://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-5996"
},
{
"trust": 0.6,
"url": "https://www.mediabridgeproducts.com/store/pc/viewprd.asp?idproduct=374"
},
{
"trust": 0.3,
"url": "http://www.mediabridgeproducts.com/store/pc/home.asp"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/264.html"
},
{
"trust": 0.1,
"url": "https://github.com/shaheemirza/tendaspill"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/41402/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#630872"
},
{
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"db": "VULHUB",
"id": "VHN-83956"
},
{
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"db": "BID",
"id": "76609"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-09-03T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83956"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2015-09-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2015-12-31T05:59:12.800000",
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"date": "2015-09-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-31T00:00:00",
"db": "CERT/CC",
"id": "VU#630872"
},
{
"date": "2015-09-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-06115"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-83956"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2015-5995"
},
{
"date": "2015-09-03T00:00:00",
"db": "BID",
"id": "76609"
},
{
"date": "2016-01-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004731"
},
{
"date": "2015-12-31T21:11:48.377000",
"db": "NVD",
"id": "CVE-2015-5995"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#630872"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201509-205"
}
],
"trust": 0.6
}
}
CVE-2022-3465 (GCVE-0-2022-3465)
Vulnerability from nvd – Published: 2022-10-12 00:00 – Updated: 2025-04-14 15:58
VLAI
Title
Mediabridge Medialink index.asp improper authentication
Summary
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mediabridge | Medialink |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Peanut886/Vulnerability/blob/main/MediaLink%20Unauthorized%20access.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.210700"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3465",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:54:12.972047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:58:43.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Medialink",
"vendor": "Mediabridge",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/Peanut886/Vulnerability/blob/main/MediaLink%20Unauthorized%20access.md"
},
{
"url": "https://vuldb.com/?id.210700"
}
],
"title": "Mediabridge Medialink index.asp improper authentication",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3465",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-10-12T00:00:00.000Z",
"dateUpdated": "2025-04-14T15:58:43.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-3465 (GCVE-0-2022-3465)
Vulnerability from cvelistv5 – Published: 2022-10-12 00:00 – Updated: 2025-04-14 15:58
VLAI
Title
Mediabridge Medialink index.asp improper authentication
Summary
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700.
Severity
7.3 (High)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-287 - Improper Authentication
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Mediabridge | Medialink |
Affected:
n/a
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T01:07:06.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Peanut886/Vulnerability/blob/main/MediaLink%20Unauthorized%20access.md"
},
{
"tags": [
"x_transferred"
],
"url": "https://vuldb.com/?id.210700"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-3465",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T15:54:12.972047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-14T15:58:43.861Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Medialink",
"vendor": "Mediabridge",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability affects unknown code of the file /index.asp. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-210700."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"url": "https://github.com/Peanut886/Vulnerability/blob/main/MediaLink%20Unauthorized%20access.md"
},
{
"url": "https://vuldb.com/?id.210700"
}
],
"title": "Mediabridge Medialink index.asp improper authentication",
"x_generator": "vuldb.com"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2022-3465",
"datePublished": "2022-10-12T00:00:00.000Z",
"dateReserved": "2022-10-12T00:00:00.000Z",
"dateUpdated": "2025-04-14T15:58:43.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}