PT-2014-3331 · Nisuta · Nisuta Ns-Wir300N+1

Publicado

2014-01-10

Atualizado

2014-01-10

CVE-2013-7282

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nisuta NS-WIR150NE router version 5.07.41 Nisuta NS-WIR300N router version 5.07.36 NIS01

Description The issue allows remote attackers to bypass authentication on the management web interface of the affected routers by using a specific HTTP header, "Cookie: :language=en".

Recommendations For Nisuta NS-WIR150NE router version 5.07.41, consider restricting access to the management web interface until a patch is available. For Nisuta NS-WIR300N router version 5.07.36 NIS01, avoid using the management web interface with the language parameter set to en in the Cookie HTTP header until the issue is resolved. As a temporary workaround, consider disabling remote access to the management web interface on both routers until a fix is provided.

Exploit

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2013-7282

Produtos afetados

Nisuta Ns-Wir150Ne

Nisuta Ns-Wir300N

PT-2014-3331 · Nisuta · Nisuta Ns-Wir300N+1

CVE-2013-7282

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4