VAR-201307-0443
Vulnerability from variot - Updated: 2023-12-18 14:06main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code. Western Digital My Net is a series of router products from Western Digital, USA. An information disclosure vulnerability exists in a number of Western Digital My Net devices that can expose administrator credentials. This vulnerability could be used by unauthorized attackers to gain sensitive information that can help launch further attacks. There is a security hole in the main_internet.php file
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201307-0443",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "my net n900c",
"scope": "eq",
"trust": 1.0,
"vendor": "westerndigital",
"version": null
},
{
"model": "my net n750",
"scope": "eq",
"trust": 1.0,
"vendor": "westerndigital",
"version": null
},
{
"model": "my net n900",
"scope": "eq",
"trust": 1.0,
"vendor": "westerndigital",
"version": null
},
{
"model": "my net",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "1.03.12 (n600 and n750)"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "1.04.16 (n600 and n750)"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "1.05.12 (n900 and n900 central)"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "1.06.18 (n900 and n900 central)"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.8,
"vendor": "western digital",
"version": "1.06.28 (n900 and n900 central)"
},
{
"model": "my net n600",
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "my net n750",
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "my net n900",
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "my net n900 central",
"scope": null,
"trust": 0.8,
"vendor": "western digital",
"version": null
},
{
"model": "digital my net devices",
"scope": null,
"trust": 0.6,
"vendor": "western",
"version": null
},
{
"model": "my net",
"scope": "eq",
"trust": 0.6,
"vendor": "wdc",
"version": "1.06.18"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.6,
"vendor": "wdc",
"version": "1.03.12"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.6,
"vendor": "wdc",
"version": "1.06.28"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.6,
"vendor": "wdc",
"version": "1.04.16"
},
{
"model": "my net",
"scope": "eq",
"trust": 0.6,
"vendor": "wdc",
"version": "1.05.12"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westerndigital:my_net_n900:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:westerndigital:my_net_n900c:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:westerndigital:my_net_n750:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5006"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kyle Lovett",
"sources": [
{
"db": "BID",
"id": "61361"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
}
],
"trust": 0.9
},
"cve": "CVE-2013-5006",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-5006",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-10461",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-65008",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5006",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-10461",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-666",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65008",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "VULHUB",
"id": "VHN-65008"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the \"var pass=\" line within the HTML source code. Western Digital My Net is a series of router products from Western Digital, USA. \nAn information disclosure vulnerability exists in a number of Western Digital My Net devices that can expose administrator credentials. This vulnerability could be used by unauthorized attackers to gain sensitive information that can help launch further attacks. There is a security hole in the main_internet.php file",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"db": "BID",
"id": "61361"
},
{
"db": "VULHUB",
"id": "VHN-65008"
}
],
"trust": 3.06
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-65008",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65008"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5006",
"trust": 3.4
},
{
"db": "OSVDB",
"id": "95519",
"trust": 1.7
},
{
"db": "BID",
"id": "61361",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-10461",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "122640",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-80902",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "27288",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-65008",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "VULHUB",
"id": "VHN-65008"
},
{
"db": "BID",
"id": "61361"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"id": "VAR-201307-0443",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "VULHUB",
"id": "VHN-65008"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
}
]
},
"last_update_date": "2023-12-18T14:06:15.667000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Downloads My Net N750",
"trust": 0.8,
"url": "http://support.wdc.com/product/download.asp?groupid=1702\u0026lang=en"
},
{
"title": "Downloads My Net N900",
"trust": 0.8,
"url": "http://support.wdc.com/product/download.asp?wdc_lang=en\u0026fid=wdsfmynetn900"
},
{
"title": "Downloads My Net N900 Central",
"trust": 0.8,
"url": "http://support.wdc.com/product/download.asp?groupid=1704\u0026lang=en"
},
{
"title": "Downloads My Net N600",
"trust": 0.8,
"url": "http://support.wdc.com/product/download.asp?groupid=1701\u0026lang=en"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-65008"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0133.html"
},
{
"trust": 2.5,
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-07/0146.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/95519"
},
{
"trust": 1.7,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/85903"
},
{
"trust": 1.2,
"url": "http://www.securityfocus.com/bid/61361"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5006"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5006"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "VULHUB",
"id": "VHN-65008"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"db": "VULHUB",
"id": "VHN-65008"
},
{
"db": "BID",
"id": "61361"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"date": "2013-07-31T00:00:00",
"db": "VULHUB",
"id": "VHN-65008"
},
{
"date": "2013-07-19T00:00:00",
"db": "BID",
"id": "61361"
},
{
"date": "2013-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"date": "2013-07-31T13:20:19.287000",
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"date": "2013-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"date": "2013-07-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-08-22T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-10461"
},
{
"date": "2020-02-24T00:00:00",
"db": "VULHUB",
"id": "VHN-65008"
},
{
"date": "2013-08-01T10:25:00",
"db": "BID",
"id": "61361"
},
{
"date": "2013-08-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-003598"
},
{
"date": "2020-02-24T15:02:27.437000",
"db": "NVD",
"id": "CVE-2013-5006"
},
{
"date": "2013-07-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"date": "2020-02-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-666"
}
],
"trust": 1.2
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plural Western Digital My Net Vulnerability to break plaintext management password in router product firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-003598"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-449"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…