CVE-2013-3092

The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header.

CVSS v2.0 8.3 HIGH

8.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf	Exploit
http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Exploit

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:belkin:n300_firmware:1.00.06:*:*:*:*:*:*:*

cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*

History

21 Nov 2024, 01:52

Type	Values Removed	Values Added
References	~~() http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf - Exploit~~	() http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf - Exploit
References	~~() http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php - Exploit~~	() http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php - Exploit

Information

Published : 2014-09-29 22:55

Updated : 2024-11-21 01:52

NVD link : CVE-2013-3092

Mitre link : CVE-2013-3092

CVE.ORG link : CVE-2013-3092

JSON object : View

Products Affected

belkin

n300_firmware
n300

CWE

CWE-287

Improper Authentication

{"id": "CVE-2013-3092", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-09-29T22:55:08.473", "references": [{"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication and gain privileges via vectors related to incorrect validation of the HTTP Authorization header."}, {"lang": "es", "value": "El router Belkin N300 (F7D7301v1) permite a atacantes remotos evadir la autenticaci\u00f3n y ganar privilegios a trav\u00e9s de vectores relacionados con la validaci\u00f3n incorrecta dela cabecera HTTP Authorization."}], "lastModified": "2024-11-21T01:52:59.497", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:belkin:n300_firmware:1.00.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3E25236-DE44-40EC-990C-5D123C6DACD2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3B151B0B-F29D-43CB-9147-C9DAFBBA0D19"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}