Search criteria
3 vulnerabilities found for avr-3313ci by denon
VAR-201411-0455
Vulnerability from variot - Updated: 2025-04-13 23:37Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists within parameters used by s_network.asp which does not properly sanitize user-supplied data. Some parameter values are used on multiple pages and the injected JavaScript will therefore run when any user views any of those pages, including the portal's landing page. The Denon AVR-3313CI is a home theater amplifier. Denon AVR-3313CI 's_network.asp' has multiple HTML injection vulnerabilities because it does not properly filter user-supplied input. Other attacks are also possible
Show details on source website{
"affected_products": {
"_id": null,
"data": [
{
"_id": null,
"model": "avr-3313ci",
"scope": "eq",
"trust": 1.6,
"vendor": "denon",
"version": null
},
{
"_id": null,
"model": "avr-3313ci",
"scope": null,
"trust": 1.3,
"vendor": "denon",
"version": null
},
{
"_id": null,
"model": "avr-3313ci",
"scope": null,
"trust": 0.8,
"vendor": "d m holdings",
"version": null
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-371"
},
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
},
{
"db": "NVD",
"id": "CVE-2014-8508"
}
]
},
"configurations": {
"_id": null,
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:denon:avr-3313ci",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
}
]
},
"credits": {
"_id": null,
"data": "Ricky \"HeadlessZeke\" Lawshae of HP DVLabs",
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-371"
},
{
"db": "BID",
"id": "70892"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
}
],
"trust": 1.6
},
"cve": "CVE-2014-8508",
"cvss": {
"_id": null,
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2014-8508",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "ZDI",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2014-8508",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.7,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2014-08115",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-8508",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-8508",
"trust": 0.8,
"value": "Medium"
},
{
"author": "ZDI",
"id": "CVE-2014-8508",
"trust": 0.7,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2014-08115",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201411-071",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-371"
},
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
},
{
"db": "NVD",
"id": "CVE-2014-8508"
}
]
},
"description": {
"_id": null,
"data": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname. Authentication is not required to persist the attack. However, user interaction is required to exploit this vulnerability in that the target must visit a malicious page.The specific flaw exists within parameters used by s_network.asp which does not properly sanitize user-supplied data. Some parameter values are used on multiple pages and the injected JavaScript will therefore run when any user views any of those pages, including the portal\u0027s landing page. The Denon AVR-3313CI is a home theater amplifier. Denon AVR-3313CI \u0027s_network.asp\u0027 has multiple HTML injection vulnerabilities because it does not properly filter user-supplied input. Other attacks are also possible",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-8508"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "ZDI",
"id": "ZDI-14-371"
},
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "BID",
"id": "70892"
}
],
"trust": 3.06
},
"external_ids": {
"_id": null,
"data": [
{
"db": "NVD",
"id": "CVE-2014-8508",
"trust": 4.0
},
{
"db": "ZDI",
"id": "ZDI-14-371",
"trust": 3.1
},
{
"db": "BID",
"id": "70892",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261",
"trust": 0.8
},
{
"db": "ZDI_CAN",
"id": "ZDI-CAN-2333",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2014-08115",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071",
"trust": 0.6
}
],
"sources": [
{
"db": "ZDI",
"id": "ZDI-14-371"
},
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "BID",
"id": "70892"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
},
{
"db": "NVD",
"id": "CVE-2014-8508"
}
]
},
"id": "VAR-201411-0455",
"iot": {
"_id": null,
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08115"
}
],
"trust": 1.225
},
"iot_taxonomy": {
"_id": null,
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08115"
}
]
},
"last_update_date": "2025-04-13T23:37:37.761000Z",
"patch": {
"_id": null,
"data": [
{
"title": "AVR-3313CI",
"trust": 0.8,
"url": "http://www.denon.jp/jp/Product/Pages/Product-Detail.aspx?Catid=9435625a-cc70-40e3-9319-d8e2db09de1f%20\u0026SubId=181cee58-952a-4135-969a-e2d2df6a4622\u0026ProductId=AVR-3313#.VFwzmWf5Qcs"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
}
]
},
"problemtype_data": {
"_id": null,
"data": [
{
"problemtype": "CWE-79",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "NVD",
"id": "CVE-2014-8508"
}
]
},
"references": {
"_id": null,
"data": [
{
"trust": 2.4,
"url": "http://www.zerodayinitiative.com/advisories/zdi-14-371/"
},
{
"trust": 2.2,
"url": "http://www.securityfocus.com/bid/70892"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8508"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8508"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261"
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
},
{
"db": "NVD",
"id": "CVE-2014-8508"
}
]
},
"sources": {
"_id": null,
"data": [
{
"db": "ZDI",
"id": "ZDI-14-371",
"ident": null
},
{
"db": "CNVD",
"id": "CNVD-2014-08115",
"ident": null
},
{
"db": "BID",
"id": "70892",
"ident": null
},
{
"db": "JVNDB",
"id": "JVNDB-2014-005261",
"ident": null
},
{
"db": "CNNVD",
"id": "CNNVD-201411-071",
"ident": null
},
{
"db": "NVD",
"id": "CVE-2014-8508",
"ident": null
}
]
},
"sources_release_date": {
"_id": null,
"data": [
{
"date": "2014-11-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-371",
"ident": null
},
{
"date": "2014-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08115",
"ident": null
},
{
"date": "2014-11-04T00:00:00",
"db": "BID",
"id": "70892",
"ident": null
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005261",
"ident": null
},
{
"date": "2014-11-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-071",
"ident": null
},
{
"date": "2014-11-06T15:55:10.100000",
"db": "NVD",
"id": "CVE-2014-8508",
"ident": null
}
]
},
"sources_update_date": {
"_id": null,
"data": [
{
"date": "2014-11-03T00:00:00",
"db": "ZDI",
"id": "ZDI-14-371",
"ident": null
},
{
"date": "2014-11-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2014-08115",
"ident": null
},
{
"date": "2014-11-04T00:00:00",
"db": "BID",
"id": "70892",
"ident": null
},
{
"date": "2014-11-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-005261",
"ident": null
},
{
"date": "2014-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201411-071",
"ident": null
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-8508",
"ident": null
}
]
},
"threat_type": {
"_id": null,
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
}
],
"trust": 0.6
},
"title": {
"_id": null,
"data": "Denon AVR-3313CI \u0027s_network.asp\u0027 Multiple HTML Injection Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2014-08115"
},
{
"db": "BID",
"id": "70892"
}
],
"trust": 0.9
},
"type": {
"_id": null,
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201411-071"
}
],
"trust": 0.6
}
}
CVE-2014-8508 (GCVE-0-2014-8508)
Vulnerability from nvd – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-28T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70892"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8508",
"datePublished": "2014-11-06T15:00:00.000Z",
"dateReserved": "2014-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8508 (GCVE-0-2014-8508)
Vulnerability from cvelistv5 – Published: 2014-11-06 15:00 – Updated: 2024-08-06 13:18
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.516Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "70892",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70892"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2015-04-28T13:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "70892",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70892"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8508",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon AVR-3313CI audio/video receiver allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to Friendlyname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "70892",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70892"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-14-371/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8508",
"datePublished": "2014-11-06T15:00:00.000Z",
"dateReserved": "2014-10-28T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.516Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}