CVE-2013-0717
Published Mar 19, 2013
Last updated 12 years ago
Overview
- Description
- Multiple cross-site request forgery (CSRF) vulnerabilities in the web-based management utility on the NEC AtermWR9500N, AtermWR8600N, AtermWR8370N, AtermWR8160N, AtermWM3600R, and AtermWM3450RN routers allow remote attackers to hijack the authentication of administrators for requests that (1) initialize settings or (2) reboot the device.
- Source
- vultures@jpcert.or.jp
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-352
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:nec:atermwm3450rn:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2214321D-ABC8-4FFD-BF33-E1F707386DD5"
},
{
"criteria": "cpe:2.3:h:nec:atermwm3600r:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6D5040C6-5035-46CF-A80C-E2D69A5E3401"
},
{
"criteria": "cpe:2.3:h:nec:atermwr8160n:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "36D01D2D-ABD8-47C7-8070-41608AE59DE8"
},
{
"criteria": "cpe:2.3:h:nec:atermwr8370n:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20AB6685-5F0E-46E9-8776-2FBF8ACE8DF4"
},
{
"criteria": "cpe:2.3:h:nec:atermwr8600n:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56589FA6-6A4E-4D47-83BE-9E246E722202"
},
{
"criteria": "cpe:2.3:h:nec:atermwr9500n:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EC88A006-8AB5-4780-8280-676B34BFE7F4"
}
],
"operator": "OR"
}
]
}
]