VAR-201310-0651
Vulnerability from variot - Updated: 2022-05-17 01:51UNICORN WB-3300NR Router Management Page has multiple cross-site request forgery vulnerabilities, allowing remote attackers to build malicious URIs, enticing users to resolve, and performing arbitrary operations in the target user context, such as resetting factory settings, changing DNS settings, and obtaining WPA passwords. UNICORN WB-3300NR Router is a wireless router product from UNICORN in Korea. A cross-site request forgery vulnerability exists in the UNICORN WB-3300NR Router, which originates from a program that does not properly filter HTTP requests. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device. This may aid in other attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0651",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "co.,ltd wb-3300nr router",
"scope": "eq",
"trust": 0.6,
"vendor": "unicorn",
"version": "1.0"
},
{
"model": "wb-3300nr",
"scope": "eq",
"trust": 0.3,
"vendor": "unicorn",
"version": "0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"db": "BID",
"id": "63465"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "jsibley1",
"sources": [
{
"db": "BID",
"id": "63465"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
],
"trust": 0.9
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 6.8,
"id": "CNVD-2013-14258",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2013-14258",
"trust": 0.6,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UNICORN WB-3300NR Router Management Page has multiple cross-site request forgery vulnerabilities, allowing remote attackers to build malicious URIs, enticing users to resolve, and performing arbitrary operations in the target user context, such as resetting factory settings, changing DNS settings, and obtaining WPA passwords. UNICORN WB-3300NR Router is a wireless router product from UNICORN in Korea. \nA cross-site request forgery vulnerability exists in the UNICORN WB-3300NR Router, which originates from a program that does not properly filter HTTP requests. A remote attacker could use this vulnerability to perform unauthorized operations and take control of an affected device. This may aid in other attacks",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
},
{
"db": "BID",
"id": "63465"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "63465",
"trust": 1.5
},
{
"db": "CNVD",
"id": "CNVD-2013-14258",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"db": "BID",
"id": "63465"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
]
},
"id": "VAR-201310-0651",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
}
],
"trust": 1.6
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
}
]
},
"last_update_date": "2022-05-17T01:51:11.743000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.9,
"url": "http://seclists.org/bugtraq/2013/oct/158"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/bid/63465"
},
{
"trust": 0.3,
"url": "http://www.eunicorn.co.kr/kimsboard7/_product.php?inc=wb-3300nr"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"db": "BID",
"id": "63465"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"db": "BID",
"id": "63465"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"date": "2013-10-30T00:00:00",
"db": "BID",
"id": "63465"
},
{
"date": "2013-10-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-05T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-14258"
},
{
"date": "2013-10-30T00:00:00",
"db": "BID",
"id": "63465"
},
{
"date": "2013-11-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Cross-Site Request Forgery Vulnerabilities in UNICORN WB-3300NR Router",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-14258"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-012"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…