CVE-2013-3086

Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:belkin:n900_firmware:1.00.23:*:*:*:*:*:*:*

cpe:2.3:h:belkin:n900:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type	Values Removed	Values Added
References	~~() http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf - Exploit~~	() http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf - Exploit
References	~~() http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php - Exploit~~	() http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php - Exploit

Information

Published : 2014-09-29 22:55

Updated : 2024-11-21 01:52

NVD link : CVE-2013-3086

Mitre link : CVE-2013-3086

CVE.ORG link : CVE-2013-3086

JSON object : View

Products Affected

belkin

n900_firmware
n900

CWE

CWE-352

Cross-Site Request Forgery (CSRF)

{"id": "CVE-2013-3086", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-09-29T22:55:08.377", "references": [{"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "Cross-site request forgery (CSRF) vulnerability in util_system.html in Belkin N900 router allows remote attackers to hijack the authentication of administrators for requests that change configuration settings including passwords and remote management ports."}, {"lang": "es", "value": "Vulnerabilidad de CSRF en util_system.html en el router Belkin N900 permite a atacantes remotos secuestrar la autenticaci\u00f3n de administradores para solicitudes que cambian configuraciones incluyendo contrase\u00f1as y puertos de la gesti\u00f3n remota."}], "lastModified": "2024-11-21T01:52:58.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:belkin:n900_firmware:1.00.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4517CE7D-FF1A-4C0F-A5CA-9C46A00A89DC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:belkin:n900:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DAA39C1D-B29C-4098-AE0B-20EB4250912E"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}