PT-2014-3331 · Nisuta · Nisuta Ns-Wir300N+1

Published

2014-01-10

Updated

2014-01-10

CVE-2013-7282

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Nisuta NS-WIR150NE router version 5.07.41 Nisuta NS-WIR300N router version 5.07.36 NIS01

Description The issue allows remote attackers to bypass authentication on the management web interface of the affected routers by using a specific HTTP header, "Cookie: :language=en".

Recommendations For Nisuta NS-WIR150NE router version 5.07.41, consider restricting access to the management web interface until a patch is available. For Nisuta NS-WIR300N router version 5.07.36 NIS01, avoid using the management web interface with the language parameter set to en in the Cookie HTTP header until the issue is resolved. As a temporary workaround, consider disabling remote access to the management web interface on both routers until a fix is provided.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2013-7282

Affected Products

Nisuta Ns-Wir150Ne

Nisuta Ns-Wir300N

PT-2014-3331 · Nisuta · Nisuta Ns-Wir300N+1

CVE-2013-7282

Weakness Enumeration

Related Identifiers

Affected Products

References · 4