VAR-201512-0017
Vulnerability from variot - Updated: 2023-12-18 12:30eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-613: Insufficient Session Expiration ( Incorrect session deadline ) Has been identified. https://cwe.mitre.org/data/definitions/613.htmlA third party may gain access by using an unattended workstation. eWON is an industrial router product of the Belgian eWON company. An attacker could exploit the vulnerability to interact with the device using the same session. eWON are prone to the following security vulnerabilities: 1. A cross-site request forgery vulnerability 3. Unauthorized Access Vulnerability 4. HTML-injection vulnerability 5. Plain text password information disclosure vulnerability 6. A security weakness An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. There is a security vulnerability in eWON using firmware 10.0s0 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewon",
"scope": "lte",
"trust": 1.0,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "lt",
"trust": 0.8,
"vendor": "ewon",
"version": "10.1s0"
},
{
"model": "\u003c10.1s0",
"scope": null,
"trust": 0.6,
"vendor": "ewon",
"version": null
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.6,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.3,
"vendor": "ewon",
"version": "0"
},
{
"model": "10.1s0",
"scope": "ne",
"trust": 0.3,
"vendor": "ewon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ewon:ewon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0s0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "79625"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2015-7924",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85885",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-7924",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2015-08450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-546",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85885",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7924",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-613: Insufficient Session Expiration ( Incorrect session deadline ) Has been identified. https://cwe.mitre.org/data/definitions/613.htmlA third party may gain access by using an unattended workstation. eWON is an industrial router product of the Belgian eWON company. An attacker could exploit the vulnerability to interact with the device using the same session. eWON are prone to the following security vulnerabilities:\n1. A cross-site request forgery vulnerability\n3. Unauthorized Access Vulnerability\n4. HTML-injection vulnerability\n5. Plain text password information disclosure vulnerability\n6. A security weakness\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. There is a security vulnerability in eWON using firmware 10.0s0 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7924",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-351-03",
"trust": 2.9
},
{
"db": "BID",
"id": "79625",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08450",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85885",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7924",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"id": "VAR-201512-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
}
]
},
"last_update_date": "2023-12-18T12:30:10.586000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eWON Security Enhancement (FW 10.1s0)",
"trust": 0.8,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"title": "Patch for eWON weak session management vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/68894"
},
{
"title": "eWON Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=59313"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-351-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/79625"
},
{
"trust": 1.8,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2015/dec/118"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7924"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7924"
},
{
"trust": 0.3,
"url": "http://ewon.biz"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-85885"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"date": "2015-12-23T11:59:00.127000",
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85885"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"date": "2016-12-07T18:25:33.147000",
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON Vulnerability to gain access rights in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…