CVE-2009-2323

{"id": "CVE-2009-2323", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2009-07-05T16:30:00.640", "references": [{"url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/35563", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script."}, {"lang": "es", "value": "El interfaz web del Axesstel MV 410R, redrecciona a los usuarios a la p\u00e1gina visitada previamente tras la ejecuci\u00f3n de algunas secuencias de comandos CGI, lo que facilita a atacantes remotos evitar la detecci\u00f3n de ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR), como se ha demostrado mediante una redirecci\u00f3n en la secuencia de comandos cgi-bin/wireless.cgi."}], "lastModified": "2018-10-10T19:39:37.117", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:axesstel:mv_410r:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19511BCC-9DAD-4342-99B5-163DABC3A432"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}