cvelistv5 - CVE-2015-4624

CVE-2015-4624 (GCVE-0-2015-4624)

Vulnerability from cvelistv5

Published

2017-03-31 15:00

Modified

2024-08-06 06:18

Severity ?

CWE

Summary

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

References

URL

Tags

cve@mitre.org	http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/536184/100/500/threaded
cve@mitre.org	https://www.exploit-db.com/exploits/40609/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/536184/100/500/threaded
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40609/	Exploit, Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:18:12.075Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "40609",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/40609/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
          },
          {
            "name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware \u003c= 2.3.0",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-08-04T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "40609",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/40609/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
        },
        {
          "name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware \u003c= 2.3.0",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4624",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40609",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/40609/"
            },
            {
              "name": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
            },
            {
              "name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware \u003c= 2.3.0",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
            },
            {
              "name": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-4624",
    "datePublished": "2017-03-31T15:00:00",
    "dateReserved": "2015-06-16T00:00:00",
    "dateUpdated": "2024-08-06T06:18:12.075Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4624\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-03-31T16:59:00.443\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.\"},{\"lang\":\"es\",\"value\":\"Hak5 WiFi Pineapple 2.0 hasta la versi\u00f3n 2.3 utiliza fichas predecibles CSRF.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"ADJACENT_NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:A/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":4.3,\"accessVector\":\"ADJACENT_NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.2,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-284\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"84DECCA9-C108-41DF-8C78-900C545C49C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD99543F-3BE9-42BB-8C0D-0C6230209572\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57BDBE5A-CB29-403C-9F7F-CDEA69208AAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"873109D2-EBA3-4B7E-B367-8E8720E5A09D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:hak5:wi-fi_pineapple:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53B8C164-B1E2-42BB-B215-7A1D2374274A\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/536184/100/500/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.exploit-db.com/exploits/40609/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/archive/1/536184/100/500/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/40609/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

var-201703-0354

Vulnerability from variot

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. Hak5 WiFi Pineapple Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Hak5 WiFi Pineapple is an open-source security testing device based on a wireless security auditing platform from Hak5 Company in the United States. An attacker could exploit this vulnerability to inject commands

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201703-0354",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "wi-fi pineapple",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hak5",
        "version": "2.1"
      },
      {
        "model": "wi-fi pineapple",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hak5",
        "version": "2.2"
      },
      {
        "model": "wi-fi pineapple",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hak5",
        "version": "2.0"
      },
      {
        "model": "wi-fi pineapple",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "hak5",
        "version": "2.3"
      },
      {
        "model": "wifi pineapple",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hak5",
        "version": "2.0 to  2.3"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/o:hak5:wi-fi_pineapple_firmware",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      }
    ]
  },
  "cve": "CVE-2015-4624",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.2,
            "id": "CVE-2015-4624",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.8,
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.2,
            "id": "VHN-82585",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:H/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT",
            "author": "nvd@nist.gov",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.6,
            "id": "CVE-2015-4624",
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2015-4624",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2015-4624",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201611-043",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82585",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. Hak5 WiFi Pineapple Contains an access control vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) An attack may be carried out. Hak5 WiFi Pineapple is an open-source security testing device based on a wireless security auditing platform from Hak5 Company in the United States. An attacker could exploit this vulnerability to inject commands",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      }
    ],
    "trust": 1.71
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-82585",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "PACKETSTORM",
        "id": "133052",
        "trust": 2.5
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624",
        "trust": 2.5
      },
      {
        "db": "EXPLOIT-DB",
        "id": "40609",
        "trust": 1.7
      },
      {
        "db": "PACKETSTORM",
        "id": "139212",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043",
        "trust": 0.7
      },
      {
        "db": "VULHUB",
        "id": "VHN-82585",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "id": "VAR-201703-0354",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T22:49:08.144000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "https://www.hak5.org/"
      },
      {
        "title": "Hak5 WiFi Pineapple Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65454"
      },
      {
        "title": "Hak5 WiFi Pineapple Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65305"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-284",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://packetstormsecurity.com/files/133052/wifi-pineapple-predictable-csrf-token.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.exploit-db.com/exploits/40609/"
      },
      {
        "trust": 1.7,
        "url": "http://packetstormsecurity.com/files/139212/hak5-wifi-pineapple-preconfiguration-command-injection-2.html"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4624"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2015-4624"
      },
      {
        "trust": 0.6,
        "url": "http://www.securityfocus.com/archive/1/archive/1/536184/100/500/threaded"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-03-31T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "date": "2016-10-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "date": "2017-03-31T16:59:00.443000",
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-09T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82585"
      },
      {
        "date": "2017-04-28T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      },
      {
        "date": "2017-04-01T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      },
      {
        "date": "2024-11-21T02:31:25.340000",
        "db": "NVD",
        "id": "CVE-2015-4624"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Hak5 WiFi Pineapple Access control vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-007448"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "lack of information",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201611-043"
      }
    ],
    "trust": 0.6
  }
}

fkie_cve-2015-4624

Vulnerability from fkie_nvd

Published

2017-03-31 16:59

Modified

2025-04-20 01:37

Severity ?

7.5 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

References

URL	Tags
cve@mitre.org	http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html	Exploit, Third Party Advisory, VDB Entry
cve@mitre.org	http://www.securityfocus.com/archive/1/536184/100/500/threaded
cve@mitre.org	https://www.exploit-db.com/exploits/40609/	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html	Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/536184/100/500/threaded
af854a3a-2127-422b-91ae-364da2661108	https://www.exploit-db.com/exploits/40609/	Exploit, Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
hak5	wi-fi_pineapple_firmware	2.0
hak5	wi-fi_pineapple_firmware	2.1
hak5	wi-fi_pineapple_firmware	2.2
hak5	wi-fi_pineapple_firmware	2.3
hak5	wi-fi_pineapple	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "84DECCA9-C108-41DF-8C78-900C545C49C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD99543F-3BE9-42BB-8C0D-0C6230209572",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BDBE5A-CB29-403C-9F7F-CDEA69208AAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "873109D2-EBA3-4B7E-B367-8E8720E5A09D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:hak5:wi-fi_pineapple:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B8C164-B1E2-42BB-B215-7A1D2374274A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
    },
    {
      "lang": "es",
      "value": "Hak5 WiFi Pineapple 2.0 hasta la versi\u00f3n 2.3 utiliza fichas predecibles CSRF."
    }
  ],
  "id": "CVE-2015-4624",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.2,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-31T16:59:00.443",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40609/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/40609/"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-h33q-qxcf-7vxx

Vulnerability from github

Published

2022-05-14 02:48

Modified

2025-04-20 03:35

Severity ?

7.5 (High) - CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4624"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-284"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-31T16:59:00Z",
    "severity": "HIGH"
  },
  "details": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.",
  "id": "GHSA-h33q-qxcf-7vxx",
  "modified": "2025-04-20T03:35:04Z",
  "published": "2022-05-14T02:48:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4624"
    },
    {
      "type": "WEB",
      "url": "https://www.exploit-db.com/exploits/40609"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

cnvd-2017-05222

Vulnerability from cnvd

Title

Hak5 WiFi Pineapple预配置命令注入漏洞

Description

Hak5 WiFi Pineapple是进攻性无线活动中使用的渗透测试工具。 Hak5 WiFi Pineapple预配置存在命令注入漏洞，攻击者可利用漏洞使用基于会话ID的可预测的反CSRF令牌。

Severity

中

Patch Name

Hak5 WiFi Pineapple预配置命令注入漏洞的补丁

Patch Description

Hak5 WiFi Pineapple是进攻性无线活动中使用的渗透测试工具。 Hak5 WiFi Pineapple预配置存在命令注入漏洞，攻击者可利用漏洞使用基于会话ID的可预测的反CSRF令牌。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html

Reference

https://www.exploit-db.com/exploits/40609/

Impacted products

Name
Hak5 WiFi Pineapple >=2.0，<=2.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4624"
    }
  },
  "description": "Hak5 WiFi Pineapple\u662f\u8fdb\u653b\u6027\u65e0\u7ebf\u6d3b\u52a8\u4e2d\u4f7f\u7528\u7684\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3002\r\n\r\nHak5 WiFi Pineapple\u9884\u914d\u7f6e\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f7f\u7528\u57fa\u4e8e\u4f1a\u8bddID\u7684\u53ef\u9884\u6d4b\u7684\u53cdCSRF\u4ee4\u724c\u3002",
  "discovererName": "Metasploit",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-05222",
  "openTime": "2017-04-24",
  "patchDescription": "Hak5 WiFi Pineapple\u662f\u8fdb\u653b\u6027\u65e0\u7ebf\u6d3b\u52a8\u4e2d\u4f7f\u7528\u7684\u6e17\u900f\u6d4b\u8bd5\u5de5\u5177\u3002\r\n\r\nHak5 WiFi Pineapple\u9884\u914d\u7f6e\u5b58\u5728\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u4f7f\u7528\u57fa\u4e8e\u4f1a\u8bddID\u7684\u53ef\u9884\u6d4b\u7684\u53cdCSRF\u4ee4\u724c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Hak5 WiFi Pineapple\u9884\u914d\u7f6e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Hak5 WiFi Pineapple \u003e=2.0\uff0c\u003c=2.3"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/40609/",
  "serverity": "\u4e2d",
  "submitTime": "2017-04-05",
  "title": "Hak5 WiFi Pineapple\u9884\u914d\u7f6e\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

gsd-2015-4624

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.

Aliases

CVE-2015-4624

Aliases

CVE-2015-4624

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4624",
    "description": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.",
    "id": "GSD-2015-4624",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2015-4624"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4624"
      ],
      "details": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.",
      "id": "GSD-2015-4624",
      "modified": "2023-12-13T01:19:59.624211Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-4624",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "40609",
            "refsource": "EXPLOIT-DB",
            "url": "https://www.exploit-db.com/exploits/40609/"
          },
          {
            "name": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
          },
          {
            "name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware \u003c= 2.3.0",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
          },
          {
            "name": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.3:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.1:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:hak5:wi-fi_pineapple_firmware:2.2:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hak5:wi-fi_pineapple:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-4624"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-284"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "40609",
              "refsource": "EXPLOIT-DB",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "https://www.exploit-db.com/exploits/40609/"
            },
            {
              "name": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/139212/Hak5-WiFi-Pineapple-Preconfiguration-Command-Injection-2.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/133052/WiFi-Pineapple-Predictable-CSRF-Token.html"
            },
            {
              "name": "20150811 [CVE-2015-4624] Predictable CSRF tokens in WiFi Pineapple firmware \u003c= 2.3.0",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/536184/100/500/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.2,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2018-10-09T19:57Z",
      "publishedDate": "2017-03-31T16:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2015-4624 (GCVE-0-2015-4624)

Vulnerability from cvelistv5

var-201703-0354

Vulnerability from variot

fkie_cve-2015-4624

Vulnerability from fkie_nvd

ghsa-h33q-qxcf-7vxx

Vulnerability from github

cnvd-2017-05222

Vulnerability from cnvd

gsd-2015-4624

Vulnerability from gsd

Tags

Sightings

Nomenclature