VAR-200205-0035
Vulnerability from variot - Updated: 2023-12-18 12:59Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. The Netgear RT314/RT311 Gateway Router models allow Cable/DSL users to share a connection. These products provide a web-based administrative interface. The affected products run a ZyXel-RomPager web server to provide easy web-based configuration. The web interface for the router is prone to cross-site scripting attacks. This may be exploited by an attacker who knows the internal IP address of the router. Arbitrary script code may be included in a malicious link, which is executed in the browser of the victim, in the context of the router. It is possible that an attacker may capitalize on this opportunity to gain unauthorized administrative access to the router. This may occur if the attacker can successfully steal cookie-based authentication credentials from a user who has access to the administrative interface. It should be noted that there is a distinct possibility that any other router products running the ZyXel-RomPager web server (versions 3.02 or earlier) may also be prone to this issue. This issue reportedly does not affect the Netgear RP114 Cable/DSL Web Safe Router. Netgear\'\'s RT314 is a four-port router, suitable for home or small office network. But this WEB Server has a cross-site execution script vulnerability, see CERT CA-2000-02 two years ago
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0035",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt314",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.24"
},
{
"model": "rt314",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.25"
},
{
"model": "rt314",
"scope": "eq",
"trust": 1.6,
"vendor": "netgear",
"version": "3.22"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.25"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.24"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.22"
}
],
"sources": [
{
"db": "BID",
"id": "4024"
},
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netgear:rt314:3.24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:rt314:3.25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:netgear:rt314:3.22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0238"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "sq sq@cirt.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0238",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4631",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0238",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-070",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4631",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4631"
},
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script. The Netgear RT314/RT311 Gateway Router models allow Cable/DSL users to share a connection. These products provide a web-based administrative interface. \nThe affected products run a ZyXel-RomPager web server to provide easy web-based configuration. \nThe web interface for the router is prone to cross-site scripting attacks. This may be exploited by an attacker who knows the internal IP address of the router. Arbitrary script code may be included in a malicious link, which is executed in the browser of the victim, in the context of the router. \nIt is possible that an attacker may capitalize on this opportunity to gain unauthorized administrative access to the router. This may occur if the attacker can successfully steal cookie-based authentication credentials from a user who has access to the administrative interface. \nIt should be noted that there is a distinct possibility that any other router products running the ZyXel-RomPager web server (versions 3.02 or earlier) may also be prone to this issue. \nThis issue reportedly does not affect the Netgear RP114 Cable/DSL Web Safe Router. Netgear\\\u0027\\\u0027s RT314 is a four-port router, suitable for home or small office network. But this WEB Server has a cross-site execution script vulnerability, see CERT CA-2000-02 two years ago",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "BID",
"id": "4024"
},
{
"db": "VULHUB",
"id": "VHN-4631"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0238",
"trust": 2.0
},
{
"db": "BID",
"id": "4024",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020203 NETGEAR RT311/RT314",
"trust": 0.6
},
{
"db": "XF",
"id": "8082",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4631",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4631"
},
{
"db": "BID",
"id": "4024"
},
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"id": "VAR-200205-0035",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4631"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:59:45.611000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0238"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4024"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8082.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=101286360203461\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101286360203461\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/support_main.asp"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=101286360203461\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4631"
},
{
"db": "BID",
"id": "4024"
},
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4631"
},
{
"db": "BID",
"id": "4024"
},
{
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-4631"
},
{
"date": "2002-02-03T00:00:00",
"db": "BID",
"id": "4024"
},
{
"date": "2002-05-29T04:00:00",
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"date": "2002-02-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4631"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "4024"
},
{
"date": "2016-10-18T02:17:26.307000",
"db": "NVD",
"id": "CVE-2002-0238"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netgear RT314/RT311 Gateway Router Cross-site execution script vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-070"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…