Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-7929 (GCVE-0-2015-7929)
Vulnerability from cvelistv5 – Published: 2015-12-23 11:00 – Updated: 2024-08-06 08:06
VLAI?
EPSS
Summary
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Date Public ?
2015-12-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:06:31.189Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/79625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-05T14:57:01.000Z",
"orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"shortName": "icscert"
},
"references": [
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/79625"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"name": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"name": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01",
"refsource": "CONFIRM",
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79625"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
"assignerShortName": "icscert",
"cveId": "CVE-2015-7929",
"datePublished": "2015-12-23T11:00:00.000Z",
"dateReserved": "2015-10-22T00:00:00.000Z",
"dateUpdated": "2024-08-06T08:06:31.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2015-7929",
"date": "2026-04-19",
"epss": "0.01149",
"percentile": "0.78494"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2015-7929\",\"sourceIdentifier\":\"ics-cert@hq.dhs.gov\",\"published\":\"2015-12-23T11:59:05.220\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.\"},{\"lang\":\"es\",\"value\":\"Dispositivos eWON con firmware hasta la versi\u00f3n 10.1s0 soportan peticiones GET no especificadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de (1) registros de acceso de servidor web, (2) registros Referer de servidor web o (3) el historial del navegador.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N\",\"baseScore\":4.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":1.4}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:ewon:ewon_firmware:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.0s0\",\"matchCriteriaId\":\"5B6FE7FC-1FA5-4300-B026-053085FF0420\"}]}]}],\"references\":[{\"url\":\"http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/118\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"http://www.securityfocus.com/bid/79625\",\"source\":\"ics-cert@hq.dhs.gov\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03\",\"source\":\"ics-cert@hq.dhs.gov\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2015/Dec/118\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/79625\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}"
}
}
FKIE_CVE-2015-7929
Vulnerability from fkie_nvd - Published: 2015-12-23 11:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ewon | ewon_firmware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:ewon:ewon_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5B6FE7FC-1FA5-4300-B026-053085FF0420",
"versionEndIncluding": "10.0s0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
},
{
"lang": "es",
"value": "Dispositivos eWON con firmware hasta la versi\u00f3n 10.1s0 soportan peticiones GET no especificadas, lo que podr\u00eda permitir a atacantes remotos obtener informaci\u00f3n sensible mediante la lectura de (1) registros de acceso de servidor web, (2) registros Referer de servidor web o (3) el historial del navegador."
}
],
"id": "CVE-2015-7929",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2015-12-23T11:59:05.220",
"references": [
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Vendor Advisory"
],
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"source": "ics-cert@hq.dhs.gov",
"url": "http://www.securityfocus.com/bid/79625"
},
{
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/79625"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
}
],
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-WH8X-J4XW-3724
Vulnerability from github – Published: 2022-05-17 03:25 – Updated: 2022-05-17 03:25
VLAI?
Details
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Severity ?
4.3 (Medium)
{
"affected": [],
"aliases": [
"CVE-2015-7929"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-12-23T11:59:00Z",
"severity": "MODERATE"
},
"details": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.",
"id": "GHSA-wh8x-j4xw-3724",
"modified": "2022-05-17T03:25:29Z",
"published": "2022-05-17T03:25:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-7929"
},
{
"type": "WEB",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"type": "WEB",
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"type": "WEB",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/79625"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
ICSA-15-351-03
Vulnerability from csaf_cisa - Published: 2015-09-19 06:00 - Updated: 2025-06-09 16:30Summary
eWON Vulnerabilities
Notes
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Recommended Practices: CISA recommends users take defensive measures to minimize the risk of exploitation.
Recommended Practices: Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.
Recommended Practices: Locate control system networks and remote devices behind firewalls and isolating them from business networks.
Recommended Practices: When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.
Recommended Practices: CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.
Recommended Practices: CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.
Recommended Practices: Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.
Recommended Practices: CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
CWE-613
- Insufficient Session Expiration
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
CWE-352
- Cross-Site Request Forgery (CSRF)
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
9.9 (Critical)
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
CWE-79
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
9.3 (Critical)
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
CWE-598
- Use of GET Request Method With Sensitive Query Strings
Mitigation
Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)
http://ewon.biz/support/product/download-firmware…
Mitigation
In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.
References
{
"document": {
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "general",
"text": "CISA recommends users take defensive measures to minimize the risk of exploitation.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Minimize network exposure for all control system devices and/or systems, ensuring they are not accessible from the internet.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Locate control system networks and remote devices behind firewalls and isolating them from business networks.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "When remote access is required, use more secure methods, such as Virtual Private Networks (VPNs). Recognize VPNs may have vulnerabilities, should be updated to the most recent version available, and are only as secure as the connected devices.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also provides a section for control systems security recommended practices on the ICS webpage on cisa.gov. Several CISA products detailing cyber defense best practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA encourages organizations to implement recommended cybersecurity strategies for proactive defense of ICS assets.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage at cisa.gov in the technical information paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Organizations observing suspected malicious activity should follow established internal procedures and report findings to CISA for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks: Do not click web links or open attachments in unsolicited email messages. Refer to Recognizing and Avoiding Email Scams for more information on avoiding email scams. Refer to Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.",
"title": "Recommended Practices"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "central@cisa.dhs.gov",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-15-351-03 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2015/icsa-15-351-03.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-15-351-03 - Web Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-15-351-03"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/alerts/ICS-ALERT-10-301-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/resources-tools/resources/ics-recommended-practices"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/topics/industrial-control-systems"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/sites/default/files/publications/Cybersecurity_Best_Practices_for_Industrial_Control_Systems.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/publications/emailscams0905.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ncas/tips/ST04-014"
}
],
"title": "eWON Vulnerabilities",
"tracking": {
"current_release_date": "2025-06-09T16:30:08.163522Z",
"generator": {
"date": "2025-06-09T16:30:08.163310Z",
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-15-351-03",
"initial_release_date": "2015-09-19T06:00:00.000000Z",
"revision_history": [
{
"date": "2015-09-19T06:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "Initial Publication"
},
{
"date": "2025-06-09T16:30:08.163522Z",
"legacy_version": "CSAF Conversion",
"number": "2",
"summary": "Advisory converted into a CSAF"
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c10.1s0",
"product": {
"name": "eWON eWON sa industrial router firmware: \u003c10.1s0",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "eWON sa industrial router firmware"
}
],
"category": "vendor",
"name": "eWON"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-7924",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"notes": [
{
"category": "summary",
"text": "eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2015-7925",
"cwe": {
"id": "CWE-352",
"name": "Cross-Site Request Forgery (CSRF)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to hijack the authentication of administrators for requests that trigger firmware upload, removal of configuration data, or a reboot.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.0,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:P/RL:U/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2015-7926",
"cwe": {
"id": "CWE-274",
"name": "Improper Handling of Insufficient Privileges"
},
"notes": [
{
"category": "summary",
"text": "eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status requests, which allows remote attackers to obtain sensitive information via an unspecified URL.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2015-7927",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2015-7928",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "eWON devices with firmware before 10.1s0 do not have an off autocomplete attribute for a password field, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N/E:P/RL:U/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
},
{
"cve": "CVE-2015-7929",
"cwe": {
"id": "CWE-598",
"name": "Use of GET Request Method With Sensitive Query Strings"
},
"notes": [
{
"category": "summary",
"text": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001"
]
},
"remediations": [
{
"category": "mitigation",
"details": "Most of these vulnerabilities are fixed by updating to the newest version. (http://ewon.biz/support/product/download-firmware/firmware-2)",
"product_ids": [
"CSAFPID-0001"
],
"url": "http://ewon.biz/support/product/download-firmware/firmware-2"
},
{
"category": "mitigation",
"details": "In the case of vulnerabilities not mitigated by firmware updates, eWON sa recommends using the router in a secure environment.",
"product_ids": [
"CSAFPID-0001"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:U/RC:C",
"version": "3.0"
},
"products": [
"CSAFPID-0001"
]
}
]
}
]
}
VAR-201512-0022
Vulnerability from variot - Updated: 2025-04-13 23:14eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. eWON is an industrial router product of the Belgian eWON company. A security vulnerability exists in eWON using firmware prior to 10.1s0, which was caused by the program using an unsafe GET HTML command instead of a POST command. An attacker could exploit the vulnerability to perform unauthorized actions. eWON are prone to the following security vulnerabilities: 1. Weak session management vulnerability 2. A cross-site request forgery vulnerability 3. HTML-injection vulnerability 5. Plain text password information disclosure vulnerability 6. A security weakness An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. eWON sa Industrial router - Multiple Vulnerabilities
eWON connects the machine across the Internet
Breaking the barrier between industrial applications and IT standards, the mission of eWON is to connect industrial machines securely to the Internet, enabling easy remote access and gathering all types of technical data originating from industrial machines.
Typical applications within the scope of our mission include remote maintenance, predictive maintenance, remote services, asset management, remote metering, multi-site building management, M2M, and more.
AFFECTED PRODUCTS
The following eWON router firmware versions are affected: All eWON firmware versions prior to 10.1s0
Reference https://ics-cert.us-cert.gov/advisories/ICSA-15-342-01
Vulnerabilities
WEAK SESSION MANAGEMENT - FIXED by eWON
CVE-2015-7924
Session remains active even after user performs log off. Session is destroyed only after browser is exited.
CROSS-SITE REQUEST FORGERY ATTACKS - NOT FIXED by eWON
CVE-2015-7925
There is no CSRF token set by the application in any of the forms / pages. Any & all functions can be executed silently without getting validated from authorized user, if / when this issue is exploited.
…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..
eWON saysVerified but won't fix. The current implementation is done by design (the user must be able to submit forms using GET only).
As CSRF attack suggests, the user must be already logged on the eWON using its internet browser and the session must thus be valid on user's browser. However eWON IP must also be known by the attacker knowing that the VPN will set another IP each time the victim connects to eWON.
The connection to an eWON device is only possible by a secured VPN, a point- to-point LAN or a secured LAN.
On their website, eWON describes this issue as following: http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01
Mitigating factors:
Many requirements have to be met for a successful attack:
The attacker needs a valid login to the eWON.
The attacker needs HTTP access to the eWON (e.g. eWON web server exposed to the public Internet).
Also connections to eWON devices should in standard use cases only occur through:
-
a point-to-point LAN, a secured LAN (sniffing the victim IP is not really achievable in these two cases)
-
or a secured VPN (VPN allocated IP address is then defined by the VPN server). —> eWON team just doesn't understand how CSRF works. And continue to assume the device mgmt portal is accessible ONLY over the VPN, P2P LAN or secured LAN. They clearly have not looked at Shodan and / or publicly accessible portals. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..
WEAK RBAC CONTROLS - FIXED by eWON
CVE-2015-7926
The software allows an unauthenticated user to gather information and status of I/O servers through the use of a forged URL.
NOTE: It should be - An unauthorized / low-privileged user can perform several unauthorized actions such as reading, updating, & deleting I/O servers, configurations, enabling/disabling I/O servers, & accessing, deleting valid users. Scenario
Two users
- adm - Default privileged user - can perform all administrative functions
- full rights - [ v o a c f e h j ]
- test - newly created user - no rights - no [ v o a c f e h j ]
Issue 1
It is possible to enumerate valid I/O servers I/O Server list is a set defined list: MEM cbIOSrvList=0 EWON cbIOSrvList=1 MODBUS cbIOSrvList=2 NETMPI ... SNMP cbIOSrvList=4 DF1 ... FINS ... so on ... & others
An unauthorized / unprivileged user can gather information and status of these IO servers in the following manner:
Logged in as ‘test'
Access - http:///rcgi.bin/Edit1IOSrvForm?cbIOSrvList=0&Ac2on=edit
If Response says -> Not Configurable. -> Implies Not a valid I/O
If Response says -> Access Denied -> Implies a valid I/O -> Window Title reveals the I/O server type - example, Modbus IO Server Config, DF1 1O Server Config, n so on
Issue 2
It is possible to modify parameter values of I/O servers directlyUpdating the values when logged in as 'test'
Change POST request to GET Modify param values
http:///rcgi.bin/EditUsrIOSrvForm?edCfgData=MinInterval%3A10%0D %0AMaxInterval%3A268435459%0D%0AReverseCount %3A0&B1=Update&AST_IOSrvNdx=1
Response -> IO Server config updated.
Similarly, other I/O server configuration can be updated. In case an I/O server is not Enabled, it can be enabled and configured with custom values.
Following poc for SNMP I/O Server settings (This IO server communicates with any SNMP device) Enabling and configuring SNMP I/O server (logged in as test)
http:///rcgi.bin/EditAdvUsrIOSrvForm? edEnabledA=1&edGlobAddrA=&edPeriodA=&edGlobAddrB=&edPeriodB=&edGlo bAddrC=&edPeriodC=&B1=Update+Config&IOServer=SNMP
-> IO Server config updated.
Issue 3
Deleting All Users It is possible for a user with no rights to:
- Enumerate configured users
- Delete any & all users.
HTTP GET request to delete a user (when logged in as 'test') (unauthorized request)
http:///rcgi.bin/EditForm?CB2=3&NbCB=4&Opera2onType=DeleteUser
This brings up a confirmation prompt validating if we really want to delete the user.
It presents the username and offers two options - Option 1 - Cancel and Confirm/Delete Option 2 - Select Confirm/Delete ..... Users List test Please confirm you want to delete these items Select Confirm/Delete .....
Next, the url redirects to DeleteForm which then shows Access denied twice ..... -> But the user gets deleted anyway. :) Verify by Refreshing User List
Enumerating Users In order to enumerate valid users, we only need to submit the first DeleteUser request
http:///rcgi.bin/EditForm?CB2=4&NbCB=3&Opera2onType=DeleteUser
It will show the username.
This process can of course be automated to view all valid application usernames. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..
eWON considered WEAK RBAC issue a minor one. Apparently, they didn’t understood the impact at all. eWON said: It's a minor issue as these informations are already available through eWON User Manual. We will however completely block the page in a future eWON firmware release when user credentials don't meet the requirements to avoid any ambiguity regarding eWON security.
—> Regardless, the new firmware says this issue has been fixed..
…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..
STORED CROSS-SITE SCRIPTING - NOT FIXED by eWON CVE-2015-7927
Vulnerable functions / parameters Create / Edit User User First Name User Last Name User information Create / Edit Tag Tag Description …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..….. eWON says
Verified. Won't fix: We left the possibility to include HTML tags or javascript in form fields and form url parameters to meet some specific final user needs. Note that this kind of injection is achievable through FTP upload as everything is saved in the eWON config files. Furthermore all theses XSS exploit also require valid user authentication and rights.
—> Yeah, it’s a feature and input validation is a useless practice anyway.. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..
Reflected XSS - NOT FIXED by eWON Vulnerable parameter - AST_ErrorMsg
http:///rcgi.bin/wsdForm?sys_Csave=1&AST_ErrorMsg=Successalert("xss-AST_ErrorMsg")</ script>&sys_IpMbsSrvPort=502&sys_IpEipSrvPort=44818&sys_IpIsoSrvPort=102& sys_IpFinsSrvPort=9600&sys_TagPollMode=0&sys_IOTcpDefTO=1000&btUpdate= Update
PASSWORDS NOT SECURED - PARTIAL FIX by eWON CVE-2015-7928
Passwords are passed in plain text allowing a malicious party to retrieve them from network traffic. The autocomplete setting of some eWON forms also allows these passwords to be retrieved from the browser. Compromise of the credentials would allow unauthenticated access. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..….. eWON says
- Won't fix as the final user is supposed to configure eWON through VPN. —> Yeah, supposed to.. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..….. GET is less secure because data that are sent are part of the URL. …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..….. eWON says Won't fix. This could be a problem regarding CRSF (issue B) but the final user is supposed to configure eWON through VPN (and thus https).
Mitigating factors:
This could be an issue regarding the CSRF attacks described above. However as already mentioned the eWON firmware exposure to CSRF attacks is really limited. Thus having equivalent POST and GET parameters handling for each request sent to the eWON webserver is by extension not problematic.
—> Yeah, supposed to.. Not problematic... …..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..…..….. -- Best Regards, Karn Ganeshen
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0022",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewon",
"scope": "lte",
"trust": 1.0,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "lte",
"trust": 0.8,
"vendor": "ewon",
"version": "10.1s0"
},
{
"model": "\u003c10.1s0",
"scope": null,
"trust": 0.6,
"vendor": "ewon",
"version": null
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.6,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.3,
"vendor": "ewon",
"version": "0"
},
{
"model": "10.1s0",
"scope": "ne",
"trust": 0.3,
"vendor": "ewon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ewon:ewon_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "79625"
},
{
"db": "PACKETSTORM",
"id": "135069"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
}
],
"trust": 1.0
},
"cve": "CVE-2015-7929",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7929",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08455",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85890",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.8,
"id": "CVE-2015-7929",
"impactScore": 1.4,
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7929",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-7929",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2015-08455",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-551",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85890",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2015-7929",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history. eWON is an industrial router product of the Belgian eWON company. A security vulnerability exists in eWON using firmware prior to 10.1s0, which was caused by the program using an unsafe GET HTML command instead of a POST command. An attacker could exploit the vulnerability to perform unauthorized actions. eWON are prone to the following security vulnerabilities:\n1. Weak session management vulnerability\n2. A cross-site request forgery vulnerability\n3. HTML-injection vulnerability\n5. Plain text password information disclosure vulnerability\n6. A security weakness\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. *eWON sa Industrial router - Multiple Vulnerabilities*\n\neWON connects the machine across the Internet\n\nBreaking the barrier between industrial applications and IT standards, the\nmission of eWON is to connect industrial machines securely to the Internet,\nenabling easy remote access and gathering all types of technical data\noriginating from industrial machines. \n\nTypical applications within the scope of our mission include remote\nmaintenance, predictive maintenance, remote services, asset management,\nremote metering, multi-site building management, M2M, and more. \n\n*AFFECTED PRODUCTS*\n\nThe following eWON router firmware versions are affected:\n*All eWON firmware versions prior to 10.1s0*\n\n\n*Reference*\nhttps://ics-cert.us-cert.gov/advisories/ICSA-15-342-01\n\n*Vulnerabilities*\n\n*WEAK SESSION MANAGEMENT - FIXED by eWON*\n\nCVE-2015-7924\n\nSession remains active even after user performs log off. Session is destroyed only after browser is exited. \n\n\n*CROSS-SITE REQUEST FORGERY ATTACKS - NOT FIXED by eWON*\n\nCVE-2015-7925\n\nThere is no CSRF token set by the application in any of the forms / pages. \nAny \u0026 all functions can be executed silently without getting validated from\nauthorized user, if / when this issue is exploited. \n\n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n\n*eWON says*Verified but won\u0027t fix. The current implementation is done by\ndesign (the user must be able to submit forms using GET only). \n\nAs CSRF attack suggests, the user must be already logged on the eWON using\nits internet browser and the session must thus be valid on user\u0027s browser. \nHowever eWON IP must also be known by the attacker knowing that the VPN\nwill set another IP each time the victim connects to eWON. \n\nThe connection to an eWON device is only possible by a secured VPN, a\npoint- to-point LAN or a secured LAN. \n\nOn their website, eWON describes this issue as following:\nhttp://ewon.biz/support/news/support/ewon-security-enhancement-7529-01\n\nMitigating factors:\n\nMany requirements have to be met for a successful attack:\n\nThe attacker needs a valid login to the eWON. \n\nThe attacker needs HTTP access to the eWON (e.g. eWON web server exposed to\nthe public Internet). \n\nAlso connections to eWON devices should in standard use cases only occur\nthrough:\n\n- a point-to-point LAN, a secured LAN (sniffing the victim IP is not really\nachievable in these two cases)\n\n- or a secured VPN (VPN allocated IP address is then defined by the VPN\nserver). \n\u2014\u003e eWON team just doesn\u0027t understand how CSRF works. And continue to assume\nthe device mgmt portal is accessible ONLY over the VPN, P2P LAN or secured\nLAN. They clearly have not looked at Shodan and / or publicly accessible\nportals. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n\n*WEAK RBAC CONTROLS - FIXED by eWON*\n\nCVE-2015-7926\n\nThe software allows an unauthenticated user to gather information and\nstatus of I/O servers through the use of a forged URL. \n\n*NOTE*: It should be -\n*An unauthorized / low-privileged user can perform several unauthorized\nactions such as reading, updating, \u0026 deleting I/O servers, configurations,\nenabling/disabling I/O servers, \u0026 accessing, deleting valid users.*\n*Scenario*\n\nTwo users\n\n1. adm - Default privileged user - can perform all administrative functions\n- full rights - [ v o a c f e h j ]\n2. test - newly created user - no rights - no [ v o a c f e h j ]\n\n*Issue 1*\n\n\n*It is possible to enumerate valid I/O servers*\nI/O Server list is a set defined list:\nMEM cbIOSrvList=0\nEWON cbIOSrvList=1\nMODBUS cbIOSrvList=2\nNETMPI ... \nSNMP cbIOSrvList=4\nDF1 ... \nFINS ... \nso on\n... \n\u0026 others\n\nAn unauthorized / unprivileged user can gather information and status of\nthese IO servers in the following manner:\n\n*Logged in as \u2018test\u0027*\n\nAccess -\nhttp://\u003cIP\u003e/rcgi.bin/Edit1IOSrvForm?cbIOSrvList=0\u0026Ac2on=edit\n\nIf Response says\n-\u003e Not Configurable. \n-\u003e Implies Not a valid I/O\n\nIf Response says\n-\u003e Access Denied\n-\u003e Implies a valid I/O\n-\u003e Window Title reveals the I/O server type - example, Modbus IO Server\nConfig, DF1 1O Server Config, n so on\n\n*Issue 2*\n\n*It is possible to modify parameter values of I/O servers directly*Updating\nthe values when logged in as \u0027test\u0027\n\nChange POST request to GET Modify param values\n\nhttp://\u003cIP\u003e/rcgi.bin/EditUsrIOSrvForm?edCfgData=MinInterval%3A10%0D\n%0AMaxInterval%3A268435459%0D%0AReverseCount %3A0\u0026B1=Update\u0026AST_IOSrvNdx=1\n\nResponse\n-\u003e IO Server config updated. \n\nSimilarly, other I/O server configuration can be updated. In case an I/O\nserver is not Enabled, it can be enabled and configured with custom values. \n\n\n*Following poc for SNMP I/O Server settings (This IO server communicates\nwith any SNMP device)*\nEnabling and configuring SNMP I/O server (logged in as test)\n\nhttp://\u003cIP\u003e/rcgi.bin/EditAdvUsrIOSrvForm?\nedEnabledA=1\u0026edGlobAddrA=\u0026edPeriodA=\u0026edGlobAddrB=\u0026edPeriodB=\u0026edGlo\nbAddrC=\u0026edPeriodC=\u0026B1=Update+Config\u0026IOServer=SNMP\n\n-\u003e IO Server config updated. \n\n*Issue 3*\n\n*Deleting All Users*\nIt is possible for a user with no rights to:\n\n1. Enumerate configured users\n2. Delete any \u0026 all users. \n\nHTTP GET request to delete a user (when logged in as \u0027test\u0027) (unauthorized\nrequest)\n\nhttp://\u003cIP\u003e/rcgi.bin/EditForm?CB2=3\u0026NbCB=4\u0026Opera2onType=DeleteUser\n\nThis brings up a confirmation prompt validating if we really want to delete\nthe user. \n\nIt presents the username and offers two options -\nOption 1 - Cancel and Confirm/Delete\nOption 2 - Select Confirm/Delete\n..... \nUsers List test\nPlease confirm you want to delete these items Select Confirm/Delete\n..... \n\nNext, the url redirects to DeleteForm which then shows Access denied twice\n..... \n-\u003e But the user gets deleted anyway. :) Verify by Refreshing User List\n\n\n*Enumerating Users*\nIn order to enumerate valid users, we only need to submit the first\nDeleteUser request\n\nhttp://\u003cIP\u003e/rcgi.bin/EditForm?CB2=4\u0026NbCB=3\u0026Opera2onType=DeleteUser\n\nIt will show the username. \n\nThis process can of course be automated to view all valid application\nusernames. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n\n*eWON considered WEAK RBAC issue a minor one. Apparently, they didn\u2019t\nunderstood the impact at all.*\neWON said:\nIt\u0027s a minor issue as these informations are already available through eWON\nUser Manual. We will however completely block the page in a future eWON\nfirmware release when user credentials don\u0027t meet the requirements to avoid\nany ambiguity regarding eWON security. \n\n\u2014\u003e Regardless, the new firmware says this issue has been fixed.. \n\n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n\n*STORED CROSS-SITE SCRIPTING - NOT FIXED by eWON*\nCVE-2015-7927\n\n\n*Vulnerable functions / parameters*\nCreate / Edit User\nUser First Name\nUser Last Name\nUser information\nCreate / Edit Tag\nTag Description\n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \neWON says\n\nVerified. \nWon\u0027t fix: We left the possibility to include HTML tags or javascript in\nform fields and form url parameters to meet some specific final user needs. \nNote that this kind of injection is achievable through FTP upload as\neverything is saved in the eWON config files. Furthermore all theses XSS\nexploit also require valid user authentication and rights. \n\n\u2014\u003e Yeah, it\u2019s a feature and input validation is a useless practice anyway.. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n\n\n*Reflected XSS - NOT FIXED by eWON*\nVulnerable parameter - AST_ErrorMsg\n\nhttp://\u003cIP\u003e/rcgi.bin/wsdForm?sys_Csave=1\u0026AST_ErrorMsg=Success\u003cscript\u003ealert(\"xss-AST_ErrorMsg\")\u003c/\nscript\u003e\u0026sys_IpMbsSrvPort=502\u0026sys_IpEipSrvPort=44818\u0026sys_IpIsoSrvPort=102\u0026\nsys_IpFinsSrvPort=9600\u0026sys_TagPollMode=0\u0026sys_IOTcpDefTO=1000\u0026btUpdate=\nUpdate\n\n*PASSWORDS NOT SECURED - PARTIAL FIX by eWON*\nCVE-2015-7928\n\nPasswords are passed in plain text allowing a malicious party to retrieve\nthem from network traffic. The autocomplete setting of some eWON forms also\nallows these passwords to be retrieved from the browser. Compromise of the\ncredentials would allow unauthenticated access. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \neWON says\n\n2. Won\u0027t fix as the final user is supposed to configure eWON through VPN. \n\u2014\u003e Yeah, *supposed to*.. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. GET is less secure because data that are sent are part of the URL. \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \neWON says\nWon\u0027t fix. This could be a problem regarding CRSF (issue B) but the final\nuser is supposed to configure eWON through VPN (and thus https). \n\nMitigating factors:\n\nThis could be an issue regarding the CSRF attacks described above. However\nas already mentioned the eWON firmware exposure to CSRF attacks is really\nlimited. Thus having equivalent POST and GET parameters handling for each\nrequest sent to the eWON webserver is by extension not problematic. \n\n\u2014\u003e Yeah, *supposed to*.. Not problematic... \n\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026..\u2026.. \n-- \nBest Regards,\nKarn Ganeshen\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7929"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"db": "PACKETSTORM",
"id": "135069"
}
],
"trust": 2.7
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7929",
"trust": 3.6
},
{
"db": "ICS CERT",
"id": "ICSA-15-351-03",
"trust": 2.9
},
{
"db": "BID",
"id": "79625",
"trust": 2.7
},
{
"db": "PACKETSTORM",
"id": "135069",
"trust": 1.3
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08455",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85890",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7929",
"trust": 0.1
},
{
"db": "ICS CERT",
"id": "ICSA-15-342-01",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "PACKETSTORM",
"id": "135069"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"id": "VAR-201512-0022",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "VULHUB",
"id": "VHN-85890"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
}
]
},
"last_update_date": "2025-04-13T23:14:24.150000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eWON Security Enhancement (FW 10.1s0)",
"trust": 0.8,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"title": "eWON Information Disclosure Vulnerability Patch",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68900"
},
{
"title": "eWON Repair measures for information disclosure vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59318"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-351-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/79625"
},
{
"trust": 1.9,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2015/dec/118"
},
{
"trust": 1.2,
"url": "http://packetstormsecurity.com/files/135069/ewon-xss-csrf-session-management-rbac-issues.html"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7929"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7929"
},
{
"trust": 0.3,
"url": "http://ewon.biz"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/200.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/deleteform"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/edit1iosrvform?cbiosrvlist=0\u0026ac2on=edit"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7927"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/editform?cb2=4\u0026nbcb=3\u0026opera2ontype=deleteuser"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/wsdform?sys_csave=1\u0026ast_errormsg=success\u003cscript\u003ealert(\"xss-ast_errormsg\")\u003c/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7925"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7926"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/editusriosrvform?edcfgdata=mininterval%3a10%0d"
},
{
"trust": 0.1,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-342-01"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/editform?cb2=3\u0026nbcb=4\u0026opera2ontype=deleteuser"
},
{
"trust": 0.1,
"url": "http://\u003cip\u003e/rcgi.bin/editadvusriosrvform?"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7929"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-7928"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "PACKETSTORM",
"id": "135069"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "VULHUB",
"id": "VHN-85890"
},
{
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"db": "PACKETSTORM",
"id": "135069"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-85890"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"date": "2015-12-24T20:35:19",
"db": "PACKETSTORM",
"id": "135069"
},
{
"date": "2015-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"date": "2015-12-23T11:59:05.220000",
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85890"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7929"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006509"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-551"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7929"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08455"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-551"
}
],
"trust": 0.6
}
}
GSD-2015-7929
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-7929",
"description": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.",
"id": "GSD-2015-7929",
"references": [
"https://packetstormsecurity.com/files/cve/CVE-2015-7929"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-7929"
],
"details": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history.",
"id": "GSD-2015-7929",
"modified": "2023-12-13T01:20:01.882641Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7929",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
},
{
"name": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"name": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01",
"refsource": "CONFIRM",
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03",
"refsource": "MISC",
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/79625"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:ewon:ewon_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.0s0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "ics-cert@hq.dhs.gov",
"ID": "CVE-2015-7929"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "eWON devices with firmware through 10.1s0 support unspecified GET requests, which might allow remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer logs, or (3) the browser history."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"name": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03",
"refsource": "MISC",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "https://ics-cert.us-cert.gov/advisories/ICSA-15-351-03"
},
{
"name": "79625",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/79625"
},
{
"name": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html",
"refsource": "MISC",
"tags": [],
"url": "http://packetstormsecurity.com/files/135069/eWON-XSS-CSRF-Session-Management-RBAC-Issues.html"
},
{
"name": "20151224 eWON sa Industrial router - Multiple Vulnerabilities",
"refsource": "FULLDISC",
"tags": [],
"url": "http://seclists.org/fulldisclosure/2015/Dec/118"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM"
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
},
"lastModifiedDate": "2016-12-07T18:25Z",
"publishedDate": "2015-12-23T11:59Z"
}
}
}
CNVD-2015-08455
Vulnerability from cnvd - Published: 2015-12-24
VLAI Severity ?
Title
eWON信息泄露漏洞
Description
eWON是比利时eWON公司的一款工业路由器产品。
使用10.1s0之前版本固件的eWON中存在安全漏洞,该漏洞源于程序使用不安全的GET HTML命令代替POST命令。攻击者可利用该漏洞执行未授权操作。
Severity
中
Patch Name
eWON信息泄露漏洞的补丁
Patch Description
eWON是比利时eWON公司的一款工业路由器产品。
使用10.1s0之前版本固件的eWON中存在安全漏洞,该漏洞源于程序使用不安全的GET HTML命令代替POST命令。攻击者可利用该漏洞执行未授权操作。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已经发布了升级补丁以修复此安全问题,详情请关注厂商主页: http://ewon.biz/
Reference
http://www.securityfocus.com/bid/79625
Impacted products
| Name | eWON ewon_firmware <10.1s0 |
|---|
{
"bids": {
"bid": {
"bidNumber": "79625"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2015-7929"
}
},
"description": "eWON\u662f\u6bd4\u5229\u65f6eWON\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u752810.1s0\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684eWON\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e0d\u5b89\u5168\u7684GET HTML\u547d\u4ee4\u4ee3\u66ffPOST\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002",
"discovererName": "Karn Ganeshen",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttp://ewon.biz/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-08455",
"openTime": "2015-12-24",
"patchDescription": "eWON\u662f\u6bd4\u5229\u65f6eWON\u516c\u53f8\u7684\u4e00\u6b3e\u5de5\u4e1a\u8def\u7531\u5668\u4ea7\u54c1\u3002\r\n\r\n\u4f7f\u752810.1s0\u4e4b\u524d\u7248\u672c\u56fa\u4ef6\u7684eWON\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u4f7f\u7528\u4e0d\u5b89\u5168\u7684GET HTML\u547d\u4ee4\u4ee3\u66ffPOST\u547d\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6267\u884c\u672a\u6388\u6743\u64cd\u4f5c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "eWON\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "eWON ewon_firmware \u003c10.1s0"
},
"referenceLink": "http://www.securityfocus.com/bid/79625",
"serverity": "\u4e2d",
"submitTime": "2015-12-23",
"title": "eWON\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…