VAR-201310-0333
Vulnerability from variot - Updated: 2023-12-18 13:49The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77). DrayTek Provided by Vigor2700 Contains a command injection vulnerability. DrayTek Provided by Vigor2700 Of the adjacent access point SSID The variables.js Hold on. Vigor2700 The web management screen for variables.js There is a problem with handling, command injection (CWE-77) Vulnerabilities exist. CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') http://cwe.mitre.org/data/definitions/77.htmlCrafted SSID By receiving, there is a possibility that arbitrary operations will be executed on the product. The DrayTek Vigor 2700 ADSL Router is an ADSL router. The DrayTek Vigor 2700 ADSL router stores the discovered AP SSIDs in the sWlessSurvey variable in variables.js and is handled by the WEB management interface. The attacker can construct a specially crafted SSID value containing the JavaScritp code when added to variables.js. The script is executed by the router. Successfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. The vulnerability comes from the fact that the sWlessSurvey variable in the variables.js list does not add the SSID value correctly
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0333",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "vigor 2700 router",
"scope": "eq",
"trust": 1.6,
"vendor": "draytek",
"version": "2.8.3"
},
{
"model": "vigor 2700 router",
"scope": "eq",
"trust": 1.0,
"vendor": "draytek",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "draytek",
"version": null
},
{
"model": "vigor2700",
"scope": "lte",
"trust": 0.8,
"vendor": "draytek",
"version": "version 2.8.3"
},
{
"model": "corp vigor adsl router",
"scope": "eq",
"trust": 0.6,
"vendor": "draytek",
"version": "27002.3"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:draytek:vigor_2700_router_firmware:2.8.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:draytek:vigor_2700_router:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5703"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Juraj Kosik",
"sources": [
{
"db": "BID",
"id": "63271"
}
],
"trust": 0.3
},
"cve": "CVE-2013-5703",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "HIGH",
"accessVector": "ADJACENT NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 4.3,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 0.9,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 3.2,
"id": "CVE-2013-5703",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "UNCORROBORATED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2013-004831",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "HIGH",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.2,
"id": "CNVD-2013-14082",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-65705",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5703",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2013-004831",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2013-14082",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-513",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-65705",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "VULHUB",
"id": "VHN-65705"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during insertion into the sWlessSurvey value in variables.js. DrayTek Vigor 2700 ADSL router version 2.8.3 and possibly earlier versions contain a command injection vulnerability via malicious SSID (CWE-77). DrayTek Provided by Vigor2700 Contains a command injection vulnerability. DrayTek Provided by Vigor2700 Of the adjacent access point SSID The variables.js Hold on. Vigor2700 The web management screen for variables.js There is a problem with handling, command injection (CWE-77) Vulnerabilities exist. CWE-77: Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027) http://cwe.mitre.org/data/definitions/77.htmlCrafted SSID By receiving, there is a possibility that arbitrary operations will be executed on the product. The DrayTek Vigor 2700 ADSL Router is an ADSL router. The DrayTek Vigor 2700 ADSL router stores the discovered AP SSIDs in the sWlessSurvey variable in variables.js and is handled by the WEB management interface. The attacker can construct a specially crafted SSID value containing the JavaScritp code when added to variables.js. The script is executed by the router. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary commands in the context of the affected device. The vulnerability comes from the fact that the sWlessSurvey variable in the variables.js list does not add the SSID value correctly",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "BID",
"id": "63271"
},
{
"db": "VULHUB",
"id": "VHN-65705"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-5703",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#101462",
"trust": 3.9
},
{
"db": "BID",
"id": "63271",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU93851007",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-14082",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-65705",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "VULHUB",
"id": "VHN-65705"
},
{
"db": "BID",
"id": "63271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"id": "VAR-201310-0333",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "VULHUB",
"id": "VHN-65705"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14082"
}
]
},
"last_update_date": "2023-12-18T13:49:05.178000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Vigor2700 Series",
"trust": 0.8,
"url": "http://www.draytek.com.tw/index.php?option=com_k2\u0026view=item\u0026layout=item\u0026id=2553\u0026itemid=452"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.9
},
{
"problemtype": "CWE-77",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "VULHUB",
"id": "VHN-65705"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/101462"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/77.html"
},
{
"trust": 0.8,
"url": "http://www.draytek.com/index.php?option=com_k2\u0026view=item\u0026layout=item\u0026id=2553\u0026itemid=452\u0026lang=en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5703"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu93851007"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5703"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "VULHUB",
"id": "VHN-65705"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#101462"
},
{
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"db": "VULHUB",
"id": "VHN-65705"
},
{
"db": "BID",
"id": "63271"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-22T00:00:00",
"db": "CERT/CC",
"id": "VU#101462"
},
{
"date": "2013-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"date": "2013-10-22T00:00:00",
"db": "VULHUB",
"id": "VHN-65705"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63271"
},
{
"date": "2013-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"date": "2013-10-22T22:55:07.347000",
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"date": "2013-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-22T00:00:00",
"db": "CERT/CC",
"id": "VU#101462"
},
{
"date": "2013-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14082"
},
{
"date": "2013-10-23T00:00:00",
"db": "VULHUB",
"id": "VHN-65705"
},
{
"date": "2013-10-22T00:00:00",
"db": "BID",
"id": "63271"
},
{
"date": "2013-10-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004831"
},
{
"date": "2013-10-23T03:22:20.713000",
"db": "NVD",
"id": "CVE-2013-5703"
},
{
"date": "2013-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DrayTek Vigor 2700 ADSL router contains a command injection vulnerability",
"sources": [
{
"db": "CERT/CC",
"id": "VU#101462"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-513"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…