VAR-201401-0526
Vulnerability from variot - Updated: 2023-12-18 13:24The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. An attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0526",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wl-330nul",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "wl-330nul",
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "asus wl-330nul pocket wifi",
"scope": null,
"trust": 0.6,
"vendor": "asustek computer",
"version": null
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7293"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "64799"
}
],
"trust": 0.3
},
"cve": "CVE-2013-7293",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2013-7293",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-00424",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-67295",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7293",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-00424",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-327",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-67295",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname. ASUS Wireless provided by LAN The router has a static DNS There is a problem with the record being registered. ASUS Wireless provided by LAN Static on the router DNS Record is registered (192.168.1.1 / www.asusnetwork .net) . When the user is not connected to the device network www.asusnetwork .net If you access the URL with a web browser, you may connect to an unintended website.It may lead to malicious websites containing malware. The documentation recommends that users use www.asusnetwork.net to configure the device. Mutiple ASUS Wireless Router is prone to a remote URL-redirection vulnerability. \nAn attacker can leverage this issue by constructing a URI that includes a malicious site redirection. When an unsuspecting victim follows the URI, they may be redirected to an attacker-controlled site; this may aid in phishing attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "VULHUB",
"id": "VHN-67295"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#191750",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2013-7293",
"trust": 3.4
},
{
"db": "BID",
"id": "64799",
"trust": 1.4
},
{
"db": "JVN",
"id": "JVNVU90604200",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-00424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-67295",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"id": "VAR-201401-0526",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
}
],
"trust": 1.50555555
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
}
]
},
"last_update_date": "2023-12-18T13:24:57.621000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Drivers and Download",
"trust": 0.8,
"url": "http://support.asus.com/download/options.aspx"
},
{
"title": "ASUS WL-330NUL Pocket Wifi Router Static DNS Entry Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/42546"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
},
{
"problemtype": "CWE-284",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/191750"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/64799"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://support.asus.com/download/options.aspx?slanguage=en"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7293"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu90604200/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7293"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#191750"
},
{
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"db": "VULHUB",
"id": "VHN-67295"
},
{
"db": "BID",
"id": "64799"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-13T00:00:00",
"db": "CERT/CC",
"id": "VU#191750"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"date": "2014-01-15T00:00:00",
"db": "VULHUB",
"id": "VHN-67295"
},
{
"date": "2013-11-25T00:00:00",
"db": "BID",
"id": "64799"
},
{
"date": "2014-01-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"date": "2014-01-15T16:13:03.757000",
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-05-11T00:00:00",
"db": "CERT/CC",
"id": "VU#191750"
},
{
"date": "2014-01-17T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-00424"
},
{
"date": "2016-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-67295"
},
{
"date": "2014-01-16T14:33:00",
"db": "BID",
"id": "64799"
},
{
"date": "2014-01-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001127"
},
{
"date": "2016-12-31T02:59:09.983000",
"db": "NVD",
"id": "CVE-2013-7293"
},
{
"date": "2014-01-22T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS Wireless Router products contain a static DNS entry",
"sources": [
{
"db": "CERT/CC",
"id": "VU#191750"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "64799"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-327"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…