CVE-2013-7293

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.kb.cert.org/vuls/id/191750	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/64799

Configurations

Configuration 1 (hide)

cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-01-15 16:13

Updated : 2016-12-31 02:59

NVD link : CVE-2013-7293

Mitre link : CVE-2013-7293

CVE.ORG link : CVE-2013-7293

JSON object : View

Products Affected

asus

wl-330nul

CWE

CWE-16

Configuration

CWE-284

Improper Access Control

{"id": "CVE-2013-7293", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-01-15T16:13:03.757", "references": [{"url": "http://www.kb.cert.org/vuls/id/191750", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/64799", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-16"}, {"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."}, {"lang": "es", "value": "El router ASUS WL-330NUL tiene un proceso de configuraci\u00f3n que se basa en el acceso a la direcci\u00f3n IP 192.168.1.1, pero la documentaci\u00f3n recomienda a los usuarios acceder en su lugar por un nombre de host DNS que no siempre se resuelve a 192.168.1.1, lo que hace que sea m\u00e1s f\u00e1cil para los atacantes remotos secuestrar el tr\u00e1fico mediante el control de la configuraci\u00f3n del servidor asociado con ese nombre de host."}], "lastModified": "2016-12-31T02:59:09.983", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "005D168F-AD18-4881-936B-B5CAFC24F357"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10