Search
Find a vulnerability
Search criteria
6 vulnerabilities found for CG-WLR300NX by Corega Inc
CVE-2016-7811 (GCVE-0-2016-7811)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23549283/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23549283",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7811",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7810 (GCVE-0-2016-7810)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN92237169/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92237169",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7810",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7809 (GCVE-0-2016-7809)
Vulnerability from nvd – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23823838/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23823838",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7809",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7809 (GCVE-0-2016-7809)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site request forgery
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23823838/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:55.992Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site request forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23823838",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7809",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site request forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23823838",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23823838/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7809",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:55.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7811 (GCVE-0-2016-7811)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors.
Severity
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN23549283/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.094Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#23549283",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7811",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#23549283",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN23549283/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7811",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.094Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-7810 (GCVE-0-2016-7810)
Vulnerability from cvelistv5 – Published: 2017-06-09 16:00 – Updated: 2024-08-06 02:04
VLAI
Summary
Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- Cross-site scripting
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://jvn.jp/en/jp/JVN92237169/index.html | third-party-advisoryx_refsource_JVN |
| http://corega.jp/support/security/20161111_wlr300nx.htm | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/94248 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Corega Inc | CG-WLR300NX |
Affected:
firmware Ver. 1.20 and earlier
|
Date Public
2016-11-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:04:56.081Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "CG-WLR300NX",
"vendor": "Corega Inc",
"versions": [
{
"status": "affected",
"version": "firmware Ver. 1.20 and earlier"
}
]
}
],
"datePublic": "2016-11-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-site scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-12T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "JVN#92237169",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/94248"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2016-7810",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "CG-WLR300NX",
"version": {
"version_data": [
{
"version_value": "firmware Ver. 1.20 and earlier"
}
]
}
}
]
},
"vendor_name": "Corega Inc"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-site scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "JVN#92237169",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN92237169/index.html"
},
{
"name": "http://corega.jp/support/security/20161111_wlr300nx.htm",
"refsource": "CONFIRM",
"url": "http://corega.jp/support/security/20161111_wlr300nx.htm"
},
{
"name": "94248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/94248"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2016-7810",
"datePublished": "2017-06-09T16:00:00.000Z",
"dateReserved": "2016-09-09T00:00:00.000Z",
"dateUpdated": "2024-08-06T02:04:56.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}