Web application abuses : Belkin N150 Wireless Home Router Multiple Vulnerabilities (Nov 2015)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.806170

Categoría: Web application abuses

Título: Belkin N150 Wireless Home Router Multiple Vulnerabilities (Nov 2015) - Active Check

Resumen: Belkin N150 Wireless Home Router is prone to multiple; vulnerabilities.

Descripción: Summary:
Belkin N150 Wireless Home Router is prone to multiple
vulnerabilities.

Vulnerability Insight:
The following vulnerabilities exist:

- The 'InternetGatewayDevice.DeviceInfo.X_TWSZ-COM_Language' parameter is not validated properly.

- The sessionid is allocated using hex encoding and of fixed length 8. Therefore, it is very easy
to bruteforce it in feasible amount for time as this session id ranges from 00000000 to ffffffff.

- The Telnet protocol can be used by an attacker to gain remote access to the router with root
privileges.

- The Request doesn't contain any CSRF-token. Therefore, requests can be forged.It can be
verified with any request.

Vulnerability Impact:
Successful exploitation will allow remote attackers to execute
arbitrary HTML and script code in a user's browser session in the context of an affected site and
upload and download of arbitrary files, and to take malicious actions against the application.

Affected Software/OS:
Belkin N150 WiFi N Router, other firmware may also be
affected.

Solution:
No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General
solution options are to upgrade to a newer release, disable respective features, remove the
product or replace the product by another one.

CVSS Score:
7.8

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:N/A:N

Copyright Copyright (C) 2015 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.806170
Categoría:	Web application abuses
Título:	Belkin N150 Wireless Home Router Multiple Vulnerabilities (Nov 2015) - Active Check
Resumen:	Belkin N150 Wireless Home Router is prone to multiple; vulnerabilities.
Descripción:	Summary: Belkin N150 Wireless Home Router is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - The 'InternetGatewayDevice.DeviceInfo.X_TWSZ-COM_Language' parameter is not validated properly. - The sessionid is allocated using hex encoding and of fixed length 8. Therefore, it is very easy to bruteforce it in feasible amount for time as this session id ranges from 00000000 to ffffffff. - The Telnet protocol can be used by an attacker to gain remote access to the router with root privileges. - The Request doesn't contain any CSRF-token. Therefore, requests can be forged.It can be verified with any request. Vulnerability Impact: Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site and upload and download of arbitrary files, and to take malicious actions against the application. Affected Software/OS: Belkin N150 WiFi N Router, other firmware may also be affected. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 7.8 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N
Copyright	Copyright (C) 2015 Greenbone AG