var-201512-0017
Vulnerability from variot
eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-613: Insufficient Session Expiration ( Incorrect session deadline ) Has been identified. https://cwe.mitre.org/data/definitions/613.htmlA third party may gain access by using an unattended workstation. eWON is an industrial router product of the Belgian eWON company. An attacker could exploit the vulnerability to interact with the device using the same session. eWON are prone to the following security vulnerabilities: 1. A cross-site request forgery vulnerability 3. Unauthorized Access Vulnerability 4. HTML-injection vulnerability 5. Plain text password information disclosure vulnerability 6. A security weakness An attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. There is a security vulnerability in eWON using firmware 10.0s0 and earlier versions
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201512-0017",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ewon",
"scope": "lte",
"trust": 1.0,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "lt",
"trust": 0.8,
"vendor": "ewon",
"version": "10.1s0"
},
{
"model": "\u003c10.1s0",
"scope": null,
"trust": 0.6,
"vendor": "ewon",
"version": null
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.6,
"vendor": "ewon",
"version": "10.0s0"
},
{
"model": "ewon",
"scope": "eq",
"trust": 0.3,
"vendor": "ewon",
"version": "0"
},
{
"model": "10.1s0",
"scope": "ne",
"trust": 0.3,
"vendor": "ewon",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:ewon:ewon_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Karn Ganeshen",
"sources": [
{
"db": "BID",
"id": "79625"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.9
},
"cve": "CVE-2015-7924",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-7924",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2015-08450",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-85885",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2015-7924",
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-7924",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-7924",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-08450",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201512-546",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-85885",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-7924",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session data in response to a log-off action, which makes it easier for remote attackers to obtain access by leveraging an unattended workstation. Supplementary information : CWE Vulnerability type by CWE-613: Insufficient Session Expiration ( Incorrect session deadline ) Has been identified. https://cwe.mitre.org/data/definitions/613.htmlA third party may gain access by using an unattended workstation. eWON is an industrial router product of the Belgian eWON company. An attacker could exploit the vulnerability to interact with the device using the same session. eWON are prone to the following security vulnerabilities:\n1. A cross-site request forgery vulnerability\n3. Unauthorized Access Vulnerability\n4. HTML-injection vulnerability\n5. Plain text password information disclosure vulnerability\n6. A security weakness\nAn attacker can exploit these issues to bypass the authentication mechanism and gain unauthorized access, execute attacker-supplied HTML or JavaScript code in the context of the affected site, steal cookie-based authentication credentials, obtain sensitive information, and perform certain unauthorized actions. This may aid in further attacks. There is a security vulnerability in eWON using firmware 10.0s0 and earlier versions",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-7924"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-7924",
"trust": 3.5
},
{
"db": "ICS CERT",
"id": "ICSA-15-351-03",
"trust": 2.9
},
{
"db": "BID",
"id": "79625",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-08450",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-85885",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-7924",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"id": "VAR-201512-0017",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
}
]
},
"last_update_date": "2024-11-23T21:54:47.092000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "eWON Security Enhancement (FW 10.1s0)",
"trust": 0.8,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"title": "Patch for eWON weak session management vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/68894"
},
{
"title": "eWON Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59313"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.0,
"url": "https://ics-cert.us-cert.gov/advisories/icsa-15-351-03"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/79625"
},
{
"trust": 1.8,
"url": "http://ewon.biz/support/news/support/ewon-security-enhancement-7529-01"
},
{
"trust": 1.2,
"url": "http://seclists.org/fulldisclosure/2015/dec/118"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7924"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-7924"
},
{
"trust": 0.3,
"url": "http://ewon.biz"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"db": "VULHUB",
"id": "VHN-85885"
},
{
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"db": "BID",
"id": "79625"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULHUB",
"id": "VHN-85885"
},
{
"date": "2015-12-23T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"date": "2015-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"date": "2015-12-23T11:59:00.127000",
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-12-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-08450"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-85885"
},
{
"date": "2016-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2015-7924"
},
{
"date": "2015-12-17T00:00:00",
"db": "BID",
"id": "79625"
},
{
"date": "2015-12-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-006504"
},
{
"date": "2015-12-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201512-546"
},
{
"date": "2024-11-21T02:37:40.520000",
"db": "NVD",
"id": "CVE-2015-7924"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eWON Vulnerability to gain access rights in device firmware",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-006504"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201512-546"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…