- Description
- The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable.
- Source
- cret@cert.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.4
- Exploitability score
- 4.4
- Vector string
- AV:A/AC:M/Au:S/C:P/I:P/A:P
- Hype score
- Not currently trending
- Comment
- -
- Impact
- Per: http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"
- Solution
- Per: http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:virtualaccess:gw6110a_firmware:9.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B3C5B25-7F70-40EC-8D60-DEC2A080D711"
},
{
"criteria": "cpe:2.3:o:virtualaccess:gw6110a_firmware:9.50:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B38620CE-8BDA-4557-A427-4AF3258DC1F1"
},
{
"criteria": "cpe:2.3:o:virtualaccess:gw6110a_firmware:10.00:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "75A77877-B098-4FFF-8E30-DC02EC232F7D"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:virtualaccess:gw6110a:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "373E84F2-09D5-4AEC-BF65-B6AF485A0CCF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]