VAR-201512-0088
Vulnerability from variot - Updated: 2025-04-13 23:03Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. A cross-site request forgery vulnerability exists in AmpedWirelessR10000deviceswithfirmware2.5.2.11. An attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker's behalf using a victim's currently active session. A remote attacker could exploit this vulnerability to perform unauthorized operations
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0088",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r10000",
"scope": "eq",
"trust": 1.6,
"vendor": "ampedwireless",
"version": "2.5.2.11"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "amped",
"version": null
},
{
"model": "wireless r10000",
"scope": null,
"trust": 0.8,
"vendor": "amped",
"version": null
},
{
"model": "wireless r10000",
"scope": "eq",
"trust": 0.8,
"vendor": "amped",
"version": "2.5.2.11"
},
{
"model": "wireless r10000 devices with",
"scope": "eq",
"trust": 0.6,
"vendor": "amped",
"version": "2.5.2.11"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:ampedwireless:r10000",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:ampedwireless:r10000_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Joel Land of the CERT/CC",
"sources": [
{
"db": "BID",
"id": "78818"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7278",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2015-7278",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CNVD-2016-00145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-85239",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-7278",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7278",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7278",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2016-00145",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-317",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-85239",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "VULHUB",
"id": "VHN-85239"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cross-site request forgery (CSRF) vulnerability on Amped Wireless R10000 devices with firmware 2.5.2.11 allows remote attackers to hijack the authentication of arbitrary users. AmpedWirelessR10000deviceswithfirmware is the R10000 series router from AmpedWireless. A cross-site request forgery vulnerability exists in AmpedWirelessR10000deviceswithfirmware2.5.2.11. \nAn attacker can exploit these issues to bypass certain security restrictions, allowing attackers to perform certain unauthorized actions or by tricking a victim into following a specially crafted HTTP request designed to perform some action on the attacker\u0027s behalf using a victim\u0027s currently active session. A remote attacker could exploit this vulnerability to perform unauthorized operations",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7278"
},
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "VULHUB",
"id": "VHN-85239"
}
],
"trust": 3.24
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763576",
"trust": 3.9
},
{
"db": "NVD",
"id": "CVE-2015-7278",
"trust": 3.4
},
{
"db": "BID",
"id": "78818",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU99863047",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2016-00145",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85239",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "VULHUB",
"id": "VHN-85239"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"id": "VAR-201512-0088",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "VULHUB",
"id": "VHN-85239"
}
],
"trust": 1.575
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2016-00145"
}
]
},
"last_update_date": "2025-04-13T23:03:36.695000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "High Power Wireless-N 600mW Smart Router R10000",
"trust": 0.8,
"url": "http://www.ampedwireless.com/products/r10000.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-352",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-85239"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://www.kb.cert.org/vuls/id/763576"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/78818"
},
{
"trust": 0.8,
"url": "about vulnerability notes"
},
{
"trust": 0.8,
"url": "contact us about this vulnerability"
},
{
"trust": 0.8,
"url": "provide a vendor statement"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7278"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu99863047/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7278"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "VULHUB",
"id": "VHN-85239"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#763576"
},
{
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"db": "VULHUB",
"id": "VHN-85239"
},
{
"db": "BID",
"id": "78818"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#763576"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"date": "2015-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-85239"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78818"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"date": "2015-12-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"date": "2015-12-31T05:59:20.400000",
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-10T00:00:00",
"db": "CERT/CC",
"id": "VU#763576"
},
{
"date": "2016-01-12T00:00:00",
"db": "CNVD",
"id": "CNVD-2016-00145"
},
{
"date": "2016-11-28T00:00:00",
"db": "VULHUB",
"id": "VHN-85239"
},
{
"date": "2015-12-10T00:00:00",
"db": "BID",
"id": "78818"
},
{
"date": "2016-01-05T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006585"
},
{
"date": "2016-01-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-317"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2015-7278"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Amped Wireless R10000 router contains multiple vulnerabilities",
"sources": [
{
"db": "CERT/CC",
"id": "VU#763576"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cross-site request forgery",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-317"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…