Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for CG-WLR300NX by Corega Inc

    CVE-2016-7811 (GCVE-0-2016-7811)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN23549283/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23549283",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23549283",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23549283",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7811",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7810 (GCVE-0-2016-7810)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN92237169/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#92237169",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#92237169",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7810",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#92237169",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7810",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7809 (GCVE-0-2016-7809)

    Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN23823838/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:55.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23823838",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23823838",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23823838",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7809",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:55.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7809 (GCVE-0-2016-7809)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site request forgery
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN23823838/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:55.992Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23823838",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site request forgery",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23823838",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7809",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site request forgery"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23823838",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN23823838/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7809",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:55.992Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7811 (GCVE-0-2016-7811)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Fails to restrict access
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN23549283/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.094Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#23549283",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Fails to restrict access",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#23549283",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7811",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Fails to restrict access"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#23549283",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN23549283/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7811",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.094Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2016-7810 (GCVE-0-2016-7810)

    Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
    VLAI
    Summary
    Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
    Severity
    No CVSS data available.
    CWE
    • Cross-site scripting
    Assigner
    References
    URL Tags
    https://jvn.jp/en/jp/JVN92237169/index.html third-party-advisoryx_refsource_JVN
    http://corega.jp/support/security/20161111_wlr300nx.htm x_refsource_CONFIRM
    http://www.securityfocus.com/bid/94248 vdb-entryx_refsource_BID
    Impacted products
    Vendor Product Version
    Corega Inc CG-WLR300NX Affected: firmware Ver. 1.20 and earlier
    Create a notification for this product.
    Date Public
    2016-11-11 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T02:04:56.081Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "JVN#92237169",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_JVN",
                  "x_transferred"
                ],
                "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
              },
              {
                "name": "94248",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/94248"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "CG-WLR300NX",
              "vendor": "Corega Inc",
              "versions": [
                {
                  "status": "affected",
                  "version": "firmware Ver. 1.20 and earlier"
                }
              ]
            }
          ],
          "datePublic": "2016-11-11T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-06-12T09:57:01.000Z",
            "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
            "shortName": "jpcert"
          },
          "references": [
            {
              "name": "JVN#92237169",
              "tags": [
                "third-party-advisory",
                "x_refsource_JVN"
              ],
              "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
            },
            {
              "name": "94248",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/94248"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "vultures@jpcert.or.jp",
              "ID": "CVE-2016-7810",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "CG-WLR300NX",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "firmware Ver. 1.20 and earlier"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Corega Inc"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site scripting"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "JVN#92237169",
                  "refsource": "JVN",
                  "url": "https://jvn.jp/en/jp/JVN92237169/index.html"
                },
                {
                  "name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
                  "refsource": "CONFIRM",
                  "url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
                },
                {
                  "name": "94248",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/94248"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
        "assignerShortName": "jpcert",
        "cveId": "CVE-2016-7810",
        "datePublished": "2017-06-09T16:00:00.000Z",
        "dateReserved": "2016-09-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T02:04:56.081Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }