var-201310-0217
Vulnerability from variot
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. ASUS Wireless-N150 Router RT-N10E No authentication bypass (CWE-592) Vulnerabilities exist. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlAdministrator authentication information may be obtained by a third party who can access the product. As a result, arbitrary operations may be executed with administrator privileges for the product. Successful exploits will allow unauthenticated attackers to obtain sensitive information of the device such as administrative password, which may aid in further attacks. ASUS RT-N10E firmware version 2.0.0.24 is vulnerable
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0217",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.0.0.19"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.0.0.20"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.0.0.16"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.0.0.7"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.6,
"vendor": "asus",
"version": "2.0.0.10"
},
{
"model": "rt-n10e",
"scope": "lte",
"trust": 1.0,
"vendor": "asus",
"version": "2.0.0.24"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 1.0,
"vendor": "asus",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "asustek computer",
"version": null
},
{
"model": "rt-n10e",
"scope": "lte",
"trust": 0.8,
"vendor": "asustek computer",
"version": "version 2.0.0.24"
},
{
"model": "rt-n10e wireless router",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "2.0.0.24"
},
{
"model": "rt-n10e",
"scope": "eq",
"trust": 0.6,
"vendor": "asus",
"version": "2.0.0.24"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:asus:rt-n10e_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sanket Karalkar",
"sources": [
{
"db": "BID",
"id": "62850"
}
],
"trust": 0.3
},
"cve": "CVE-2013-3610",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "CVE-2013-3610",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 5.6,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "COMPLETE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 1.2,
"exploitability": "FUNCTIONAL",
"exploitabilityScore": 3.9,
"id": "CVE-2013-3610",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "OFFICIAL FIX",
"reportConfidence": "CONFIRMED",
"severity": "MEDIUM",
"targetDistribution": "LOW",
"trust": 0.8,
"userInteractionRequired": null,
"vector_string": "AV:L/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.9,
"id": "CNVD-2013-13507",
"impactScore": 7.8,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:L/AC:L/Au:N/C:C/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 6.5,
"id": "VHN-63612",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-3610",
"trust": 1.6,
"value": "MEDIUM"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2013-3610",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2013-13507",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-021",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-63612",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "VULHUB",
"id": "VHN-63612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request. ASUS Wireless-N150 Router RT-N10E No authentication bypass (CWE-592) Vulnerabilities exist. CWE-592: Authentication Bypass Issues http://cwe.mitre.org/data/definitions/592.htmlAdministrator authentication information may be obtained by a third party who can access the product. As a result, arbitrary operations may be executed with administrator privileges for the product. \nSuccessful exploits will allow unauthenticated attackers to obtain sensitive information of the device such as administrative password, which may aid in further attacks. \nASUS RT-N10E firmware version 2.0.0.24 is vulnerable",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-3610"
},
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "BID",
"id": "62850"
},
{
"db": "VULHUB",
"id": "VHN-63612"
}
],
"trust": 3.24
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.kb.cert.org/vuls/id/984366",
"trust": 0.8,
"type": "unknown"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#984366",
"trust": 4.2
},
{
"db": "NVD",
"id": "CVE-2013-3610",
"trust": 3.4
},
{
"db": "BID",
"id": "62850",
"trust": 1.0
},
{
"db": "JVN",
"id": "JVNVU96826639",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2013-13507",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-63612",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "VULHUB",
"id": "VHN-63612"
},
{
"db": "BID",
"id": "62850"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"id": "VAR-201310-0217",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "VULHUB",
"id": "VHN-63612"
}
],
"trust": 1.49166665
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13507"
}
]
},
"last_update_date": "2024-11-23T23:12:48.528000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "RT-N10E - Driver \u0026 Tools",
"trust": 0.8,
"url": "http://www.asus.com/Networking/RTN10E/#support_Download"
},
{
"title": "ASUS RT-N10E Wireless Router \u0027QIS_finish.htm\u0027 Patch for Password Information Disclosure Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/40041"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
},
{
"problemtype": "CWE-592",
"trust": 0.8
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "VULHUB",
"id": "VHN-63612"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.4,
"url": "http://www.kb.cert.org/vuls/id/984366"
},
{
"trust": 1.1,
"url": "http://www.asus.com/networking/rtn10e/"
},
{
"trust": 0.8,
"url": "http://cwe.mitre.org/data/definitions/592.html"
},
{
"trust": 0.8,
"url": "http://www.asus.com/networking/rtn10e/#support_download"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-3610"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu96826639/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-3610"
},
{
"trust": 0.3,
"url": "http://www.asus.com/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "VULHUB",
"id": "VHN-63612"
},
{
"db": "BID",
"id": "62850"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#984366"
},
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "VULHUB",
"id": "VHN-63612"
},
{
"db": "BID",
"id": "62850"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#984366"
},
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"date": "2013-10-05T00:00:00",
"db": "VULHUB",
"id": "VHN-63612"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62850"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"date": "2013-10-05T10:55:03.493000",
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-10-04T00:00:00",
"db": "CERT/CC",
"id": "VU#984366"
},
{
"date": "2013-10-10T00:00:00",
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"date": "2013-10-07T00:00:00",
"db": "VULHUB",
"id": "VHN-63612"
},
{
"date": "2013-10-04T00:00:00",
"db": "BID",
"id": "62850"
},
{
"date": "2013-10-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-004505"
},
{
"date": "2013-10-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-021"
},
{
"date": "2024-11-21T01:53:59.057000",
"db": "NVD",
"id": "CVE-2013-3610"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "specific network environment",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ASUS RT-N10E Wireless Router \u0027QIS_finish.htm\u0027 Password Information Disclosure Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2013-13507"
},
{
"db": "BID",
"id": "62850"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-021"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…