VAR-201410-0378
Vulnerability from variot - Updated: 2023-12-18 14:06Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -> Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. NetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-0378",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nb604n",
"scope": "eq",
"trust": 1.0,
"vendor": "netcommwireless",
"version": null
},
{
"model": "nb604n",
"scope": "lte",
"trust": 1.0,
"vendor": "netcommwireless",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": null,
"trust": 0.8,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": "eq",
"trust": 0.8,
"vendor": "netcomm",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
},
{
"model": "wireless limited. netcommwireless nb604n gan5.cz56t-b-nc.au-r4b010.en",
"scope": null,
"trust": 0.6,
"vendor": "netcomm",
"version": null
},
{
"model": "nb604n",
"scope": "eq",
"trust": 0.6,
"vendor": "netcommwireless",
"version": "gan5.cz56t-b-nc.au-r4b010.en"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netcommwireless:nb604n_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "gan5.cz56t-b-nc.au-r4b010.en",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netcommwireless:nb604n:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Katie Duczmal",
"sources": [
{
"db": "BID",
"id": "70253"
}
],
"trust": 0.3
},
"cve": "CVE-2014-4871",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 3.5,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "PARTIAL",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 2.3,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 6.8,
"id": "CVE-2014-4871",
"impactScore": 2.9,
"integrityImpact": "NONE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "UNAVAILABLE",
"reportConfidence": "NOT DEFINED",
"severity": "LOW",
"targetDistribution": "MEDIUM",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2014-004570",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2014-06598",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-72812",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-4871",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-4871",
"trust": 0.8,
"value": "LOW"
},
{
"author": "IPA",
"id": "JVNDB-2014-004570",
"trust": 0.8,
"value": "Low"
},
{
"author": "CNVD",
"id": "CNVD-2014-06598",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-133",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-72812",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site scripting (XSS) vulnerability in wlsecurity.html on NetCommWireless NB604N routers with firmware before GAN5.CZ56T-B-NC.AU-R4B030.EN allows remote attackers to inject arbitrary web script or HTML via the wlWpaPsk parameter. NetComm Wireless Provided by NB604N Is Wireless -\u003e Security page (wlsecurity.html) Variables that are not sanitized wlWpaPsk Value of Javascript variable wpaPskKey Stored cross-site scripting vulnerability (CWE-79) Exists. The NetCommWireless NB604N is a router device. Sensitive information or hijacking user sessions. NetCommWireless NB604N is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input. \nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks. \nNetCommWireless NB604N GAN5.CZ56T-B-NC.AU-R4B010.EN is vulnerable; other versions may also be affected. NetComm Wireless NB604N Routers is a wireless router product of Australia NetComm Wireless company",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "VULHUB",
"id": "VHN-72812"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-4871",
"trust": 4.2
},
{
"db": "CERT/CC",
"id": "VU#941108",
"trust": 3.9
},
{
"db": "BID",
"id": "70253",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU93498805",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-06598",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-72812",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"id": "VAR-201410-0378",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
}
]
},
"last_update_date": "2023-12-18T14:06:07.351000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Support - ADSL2+ Wireless N300 Modem Router - NB604N",
"trust": 0.8,
"url": "http://support.netcommwireless.com/product/adsl/nb604n"
},
{
"title": "\\302\\240\\302\\240\\302\\240\\302\\240\\302\\240NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 patch for HTML injection vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/50765"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "http://www.kb.cert.org/vuls/id/941108"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/70253"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.8,
"url": "http://support.netcommwireless.com/product/adsl/nb604n"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4871"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu93498805/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4871"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#941108"
},
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "VULHUB",
"id": "VHN-72812"
},
{
"db": "BID",
"id": "70253"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#941108"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"date": "2014-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-72812"
},
{
"date": "2014-10-06T00:00:00",
"db": "BID",
"id": "70253"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"date": "2014-10-07T10:55:04.433000",
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-06T00:00:00",
"db": "CERT/CC",
"id": "VU#941108"
},
{
"date": "2014-10-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"date": "2015-10-06T00:00:00",
"db": "VULHUB",
"id": "VHN-72812"
},
{
"date": "2014-10-06T00:00:00",
"db": "BID",
"id": "70253"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004570"
},
{
"date": "2015-10-06T02:38:29.580000",
"db": "NVD",
"id": "CVE-2014-4871"
},
{
"date": "2014-10-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetCommWireless NB604N ADSL2+ Router \u0027wlsecurity.html\u0027 HTML Injection Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-06598"
},
{
"db": "BID",
"id": "70253"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-133"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…