VAR-202001-1158
Vulnerability from variot - Updated: 2023-12-18 11:58Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access. Cisco Linksys The router contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The affected versions are as follows: Cisco Linksys EA2700 running firmware 1.0.14 Cisco Linksys EA3500 running firmware 1.0.30 Cisco Linksys EA4200 running firmware 2.0.36 Cisco Linksys EA4500 running firmware 2.0.36. Linksys E-series routers are popular router devices. Multiple Linksys E-series routers have multiple security vulnerabilities that allow malicious users to bypass some of the security restrictions: 1. The device fails to properly restrict access to tmUnblock.cgi and hndUnblock.cgi, allowing an attacker to exploit the vulnerability to inject and execute arbitrary shell commands. 2. The device fails to properly restrict access to the console, allowing an attacker to access restricted functionality through the TCP port 8083. ----------------------------------------------------------------------------- Vulnerabilities: An unspecified bug can cause an unsafe/undocumented TCP port to open allowing for:
-
Unauthenticated remote access to all pages of the router administration GUI, bypassing any credential prompts under certain common configurations
-
Direct access to several critical system files
CVE-ID 2013-5122 CWE-288: Authentication Bypass Using an Alternate Path or Channel CVSS Base Score 10 CVSS Temporal Score 8.1 Exploitability Subscore: 10.0
Affected models and firmware: Linksys SMART Wi-Fi Router N600 - EA2700 Firmware Version: 1.0.14 Linksys SMART Wi-Fi Router N750 Smooth Stream EA3500 Firmware Version: 1.0.30 Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.36 Linksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.37 Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.36 Linksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.37 -Web Server Lighttpd 1.4.28 -Running - Linux 2.6.22
Vulnerability Conditions seen in all variations, though not limited too: - Classic GUI has been enabled/installed - Remote Management - Disabled - UPnP - Enabled - IPv4 SPI Firewall Protection - Disabled
Fixes and workarounds:
*** It is strongly advised to those that have the classic GUI firmware installed to do a full WAN side scan for unusual ports that are open that weren't specifically opened by the end user.
It is recommend to upgrade to firmware 2.1.39 on the E4200v2 and EA4500, though it is uncertain if this resolves the problem in all cases. It is recommend to upgrade to firmware 1.1.39 on the EA2700 and EA3500.though it is uncertain if this resolves the problem in all cases.
Vendor: We have been working with Linksys/Belkin Engineers on this problem, and they are still investigating the root cause. We hope to have additional information on this bug soon.
External Links Misc: http://www.osvdb.org/show/osvdb/94768 http://www.securityfocus.com/archive/1/527027 http://securityvulns.com/news/Linksys/EA/1307.html http://www.scip.ch/en/?vuldb.9326 http://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/
Vendor product links: http://support.linksys.com/en-us/support/routers/EA2700 http://support.linksys.com/en-us/support/routers/EA3500 http://support.linksys.com/en-us/support/routers/E4200 http://support.linksys.com/en-us/support/routers/EA4500
Discovered - 07-01-2013 Updated - 08-15-2013 Research Contact - K Lovett, M Claunch Affiliation - SUSnet . Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500
Vulnerability: Due to an unknown bug, which occurs by every indication during the installation and/or upgrade process, port 8083 will often open, allowing for direct bypass of authentication to the "classic Linksys GUI" administrative console for remote unauthenticated users.
If vulnerable, an attacker would have complete control of the routers administrative features and functions.
On affected models by simply browsing to:
http://:8083/
a user will be placed into the admin console, with no prompt for authentication. Moreover, by browsing to:
http://:8083/cgi-bin/
the following four cgi scripts (often there are more depending on the firmware and model) can also be found.
fw_sys_up.cgi override.cgi share_editor.cgi switch_boot.cgi
It has been observed that Port 443 will show as open to external scans when the vulnerability exists, though not all routers with this open port are affected. On the http header for port 8083, for those affected, "Basic Setup" is the only item of note observed.
An end user should not rely on the router's GUI interface for the status of remote access, as this bug is present when the console shows remote access as disabled.
CVE ID: 2013-5122 CWE-288: Authentication Bypass Using an Alternate Path or Channel CVSS Base Score 10 CVSS Temporal Score 8.1 Exploitability Subscore: 10.0
Timeline: The vendor was first notified of this bug in July 2013, and several follow-up conversations have occurred since that time.
Patches/Workaround: No known patches or official fixes exist, though some workaround fixes, including reinstallation of the firmware have been often shown to solve the issue. This is not an official workaround and it is strongly advised to contact Linksys support for additional information.
Recommendations:
- Scan for an open port 8083 from the WAN side of the router to check for this particular vulnerability.
- Since an attacker has access to enable FTP service, USB drives mounted on those routers which have them, should be removed until an official fix is out or vulnerability of the router has been ruled out.
Research Contacts: Kyle Lovett and Matt Claunch Discovered - July 2013 Updated - February 2014
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202001-1158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys e4200",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea4500",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea3500",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea2700",
"scope": null,
"trust": 1.2,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea2700",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.14"
},
{
"model": "linksys ea4500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.36"
},
{
"model": "linksys e4200",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "2.0.36"
},
{
"model": "linksys ea3500",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "1.0.30"
},
{
"model": "linksys e 4200",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea 2700",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea 3500",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys ea 4500",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e1000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e2100l",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e1500",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e2500",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e2500 build",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.0.034"
},
{
"model": "linksys e1550",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e1200",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e3200",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e3000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e2000",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "linksys e900",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:linksys_ea2700_firmware:1.0.14:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:linksys_ea2700:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:linksys_ea3500_firmware:1.0.30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:linksys_ea3500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:linksys_e4200_firmware:2.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:linksys_e4200:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:cisco:linksys_ea4500_firmware:2.0.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:linksys_ea4500:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5122"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "kyle Lovett",
"sources": [
{
"db": "BID",
"id": "60897"
},
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
],
"trust": 1.0
},
"cve": "CVE-2013-5122",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2013-5122",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2013-08724",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2014-01260",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2013-5122",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-5122",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNVD",
"id": "CNVD-2013-08724",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-01260",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201307-283",
"trust": 0.6,
"value": "CRITICAL"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys Routers EA2700, EA3500, E4200, EA4500: A bug can cause an unsafe TCP port to open which leads to unauthenticated access. Cisco Linksys The router contains an authentication vulnerability.Information is acquired, information is falsified, and denial of service (DoS) May be in a state. The affected versions are as follows: Cisco Linksys EA2700 running firmware 1.0.14 Cisco Linksys EA3500 running firmware 1.0.30 Cisco Linksys EA4200 running firmware 2.0.36 Cisco Linksys EA4500 running firmware 2.0.36. Linksys E-series routers are popular router devices. Multiple Linksys E-series routers have multiple security vulnerabilities that allow malicious users to bypass some of the security restrictions: 1. The device fails to properly restrict access to tmUnblock.cgi and hndUnblock.cgi, allowing an attacker to exploit the vulnerability to inject and execute arbitrary shell commands. 2. The device fails to properly restrict access to the console, allowing an attacker to access restricted functionality through the TCP port 8083. -----------------------------------------------------------------------------\nVulnerabilities:\nAn unspecified bug can cause an unsafe/undocumented TCP port to open\nallowing for:\n\n- Unauthenticated remote access to all pages of the router\nadministration GUI, bypassing any credential prompts under certain\ncommon configurations\n\n- Direct access to several critical system files\n\nCVE-ID 2013-5122\nCWE-288: Authentication Bypass Using an Alternate Path or Channel\nCVSS Base Score 10\nCVSS Temporal Score 8.1\nExploitability Subscore: 10.0\n\nAffected models and firmware:\nLinksys SMART Wi-Fi Router N600 - EA2700 Firmware Version: 1.0.14\nLinksys SMART Wi-Fi Router N750 Smooth Stream EA3500 Firmware Version: 1.0.30\nLinksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.36\nLinksys Maximun Performance N Router E4200v2 Firmware Version: 2.0.37\nLinksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.36\nLinksys SMART Wi-Fi N900 Media Stream EA4500 Firmware Version: 2.0.37\n-Web Server Lighttpd 1.4.28\n-Running - Linux 2.6.22\n\n-----------------------------------------------------------------------------\n\nVulnerability Conditions seen in all variations, though not limited too:\n- Classic GUI has been enabled/installed\n- Remote Management - Disabled\n- UPnP - Enabled\n- IPv4 SPI Firewall Protection - Disabled\n\nFixes and workarounds:\n\n*** It is strongly advised to those that have the classic GUI firmware\ninstalled to do a full WAN side scan for unusual ports that are open\nthat weren\u0027t specifically opened by the end user. \n\nIt is recommend to upgrade to firmware 2.1.39 on the E4200v2 and\nEA4500, though it is uncertain if this resolves the problem in all\ncases. \nIt is recommend to upgrade to firmware 1.1.39 on the EA2700 and\nEA3500.though it is uncertain if this resolves the problem in all\ncases. \n\nVendor: We have been working with Linksys/Belkin Engineers on this\nproblem, and they are still investigating the root cause. We hope to\nhave additional information on this bug soon. \n\n-----------------------------------------------------------------------------\n\nExternal Links Misc:\nhttp://www.osvdb.org/show/osvdb/94768\nhttp://www.securityfocus.com/archive/1/527027\nhttp://securityvulns.com/news/Linksys/EA/1307.html\nhttp://www.scip.ch/en/?vuldb.9326\nhttp://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/\n\nVendor product links:\nhttp://support.linksys.com/en-us/support/routers/EA2700\nhttp://support.linksys.com/en-us/support/routers/EA3500\nhttp://support.linksys.com/en-us/support/routers/E4200\nhttp://support.linksys.com/en-us/support/routers/EA4500\n\nDiscovered - 07-01-2013\nUpdated - 08-15-2013\nResearch Contact - K Lovett, M Claunch\nAffiliation - SUSnet\n. Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500\n\nVulnerability:\nDue to an unknown bug, which occurs by every indication during the\ninstallation and/or upgrade process, port 8083 will often open,\nallowing for direct bypass of authentication to the \"classic Linksys\nGUI\" administrative console for remote unauthenticated users. \n\nIf vulnerable, an attacker would have complete control of the routers\nadministrative features and functions. \n\nOn affected models by simply browsing to:\n\nhttp://\u003cIP\u003e:8083/\n\na user will be placed into the admin console, with no prompt for\nauthentication. Moreover, by browsing to:\n\nhttp://\u003cIP\u003e:8083/cgi-bin/\n\nthe following four cgi scripts (often there are more depending on the\nfirmware and model) can also be found. \n\nfw_sys_up.cgi\noverride.cgi\nshare_editor.cgi\nswitch_boot.cgi\n\nIt has been observed that Port 443 will show as open to external scans\nwhen the vulnerability exists, though not all routers with this open\nport are affected. On the http header for port 8083, for those\naffected, \"Basic Setup\" is the only item of note observed. \n\nAn end user should not rely on the router\u0027s GUI interface for the\nstatus of remote access, as this bug is present when the console shows\nremote access as disabled. \n\nCVE ID: 2013-5122\nCWE-288: Authentication Bypass Using an Alternate Path or Channel\nCVSS Base Score 10\nCVSS Temporal Score 8.1\nExploitability Subscore: 10.0\n\nTimeline:\nThe vendor was first notified of this bug in July 2013, and several\nfollow-up conversations have occurred since that time. \n\nPatches/Workaround:\nNo known patches or official fixes exist, though some workaround\nfixes, including reinstallation of the firmware have been often shown\nto solve the issue. This is not an official workaround and it is\nstrongly advised to contact Linksys support for additional\ninformation. \n\nRecommendations:\n\n- Scan for an open port 8083 from the WAN side of the router to check\nfor this particular vulnerability. \n- Since an attacker has access to enable FTP service, USB drives\nmounted on those routers which have them, should be removed until an\nofficial fix is out or vulnerability of the router has been ruled out. \n\nResearch Contacts: Kyle Lovett and Matt Claunch\nDiscovered - July 2013\nUpdated - February 2014\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "BID",
"id": "60897"
},
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "PACKETSTORM",
"id": "125242"
}
],
"trust": 3.15
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "60897",
"trust": 3.3
},
{
"db": "NVD",
"id": "CVE-2013-5122",
"trust": 2.9
},
{
"db": "SECTRACK",
"id": "1029769",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "125242",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-08724",
"trust": 0.6
},
{
"db": "EXPLOITDB",
"id": "31683",
"trust": 0.6
},
{
"db": "OSVDB",
"id": "103321",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "31683",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2014-01260",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283",
"trust": 0.6
},
{
"db": "VULDB",
"id": "9326",
"trust": 0.1
},
{
"db": "OSVDB",
"id": "94768",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "122841",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "BID",
"id": "60897"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "PACKETSTORM",
"id": "125242"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"id": "VAR-202001-1158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
}
],
"trust": 2.1422619
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 1.2
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
}
]
},
"last_update_date": "2023-12-18T11:58:57.331000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.cisco.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "http://www.securityfocus.com/bid/60897"
},
{
"trust": 1.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-5122"
},
{
"trust": 1.6,
"url": "http://www.securitytracker.com/id/1029769"
},
{
"trust": 1.6,
"url": "https://packetstormsecurity.com/files/cve/cve-2013-5122"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5122"
},
{
"trust": 0.6,
"url": "http://osvdb.org/show/osvdb/103321"
},
{
"trust": 0.6,
"url": "http://www.exploit-db.com/exploits/31683/"
},
{
"trust": 0.6,
"url": "http://www.reddit.com/r/netsec/comments/1xy9k6/that_new_linksys_worm/"
},
{
"trust": 0.6,
"url": "http://packetstormsecurity.com/files/125242/linksys-ea2700-ea3500-e4200-ea4500-authentication-bypass.html"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.1,
"url": "http://support.linksys.com/en-us/support/routers/ea2700"
},
{
"trust": 0.1,
"url": "http://support.linksys.com/en-us/support/routers/e4200"
},
{
"trust": 0.1,
"url": "http://securityvulns.com/news/linksys/ea/1307.html"
},
{
"trust": 0.1,
"url": "http://www.scip.ch/en/?vuldb.9326"
},
{
"trust": 0.1,
"url": "http://www.osvdb.org/show/osvdb/94768"
},
{
"trust": 0.1,
"url": "http://support.linksys.com/en-us/support/routers/ea4500"
},
{
"trust": 0.1,
"url": "http://support.linksys.com/en-us/support/routers/ea3500"
},
{
"trust": 0.1,
"url": "http://www.securityfocus.com/archive/1/527027"
},
{
"trust": 0.1,
"url": "http://www.mobzine.ro/ionut-balan/2013/07/vulnerabilitate-majora-in-linksys-ea2700-ea3500-e4200-ea4500/"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e:8083/cgi-bin/"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e:8083/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "BID",
"id": "60897"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "PACKETSTORM",
"id": "125242"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"db": "BID",
"id": "60897"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "PACKETSTORM",
"id": "125242"
},
{
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"date": "2014-02-26T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"date": "2013-07-02T00:00:00",
"db": "BID",
"id": "60897"
},
{
"date": "2020-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"date": "2013-08-15T12:12:12",
"db": "PACKETSTORM",
"id": "122841"
},
{
"date": "2014-02-17T10:44:44",
"db": "PACKETSTORM",
"id": "125242"
},
{
"date": "2020-01-07T14:15:10.077000",
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"date": "2013-07-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-07-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-08724"
},
{
"date": "2015-08-04T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-01260"
},
{
"date": "2013-08-19T10:17:00",
"db": "BID",
"id": "60897"
},
{
"date": "2020-01-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-007035"
},
{
"date": "2020-01-09T19:21:43.050000",
"db": "NVD",
"id": "CVE-2013-5122"
},
{
"date": "2020-01-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "122841"
},
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Linksys Authentication vulnerability in router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-007035"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201307-283"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…