CVE-2013-6918

{"id": "CVE-2013-6918", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2013-11-30T11:43:54.663", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0123.html", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0123.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the \"Web Management via WAN\" setting, which allows remote attackers to bypass intended access restrictions via HTTP requests."}, {"lang": "es", "value": "La interfaz web en el travel router Satechi 1.5, cuando se utiliza la WiFi para acceso WAN, expone la consola sin autenticaci\u00f3n en la direcci\u00f3n IP WAN, independientemente de la configuraci\u00f3n en \"Web Management via WAN\", lo que permite a atacantes remotos evadir restricciones de acceso intencionadas a trav\u00e9s de peticiones HTTP."}], "lastModified": "2024-11-21T01:59:57.977", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:satechi:smart_travel_router:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "59AFAA8A-4A13-46A7-AB6F-42FA24DC4F0D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}