CVE-2013-3091 - OpenCVE

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript debugging."

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Belkin	N300 Firmware N300

Configuration 1 [-]

AND

cpe:2.3:o:belkin:n300_firmware:1.00.06:*:*:*:*:*:*:*

cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*

References

Link	Resource
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf	Broken Link
http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php	Third Party Advisory
https://www.ise.io/research/studies-and-papers/belkin_n900/	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-02-07T18:03:21

Updated: 2020-02-07T18:03:21

Reserved: 2013-04-17T00:00:00

Link: CVE-2013-3091

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-02-07T19:15:09.973

Modified: 2020-02-10T17:45:01.683

Link: CVE-2013-3091

JSON object: View

Redhat Information

No data.

CWE

CWE-287

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-13T00:00:00", "descriptions": [{"lang": "en", "value": "An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using \"Javascript debugging.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-02-07T18:03:21", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"tags": ["x_refsource_MISC"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"}, {"tags": ["x_refsource_MISC"], "url": "https://www.ise.io/research/studies-and-papers/belkin_n900/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-3091", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using \"Javascript debugging.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf", "refsource": "MISC", "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"name": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php", "refsource": "MISC", "url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"}, {"name": "https://www.ise.io/research/studies-and-papers/belkin_n900/", "refsource": "MISC", "url": "https://www.ise.io/research/studies-and-papers/belkin_n900/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-3091", "datePublished": "2020-02-07T18:03:21", "dateReserved": "2013-04-17T00:00:00", "dateUpdated": "2020-02-07T18:03:21", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:belkin:n300_firmware:1.00.06:*:*:*:*:*:*:*", "matchCriteriaId": "C3E25236-DE44-40EC-990C-5D123C6DACD2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:belkin:n300:-:*:*:*:*:*:*:*", "matchCriteriaId": "3B151B0B-F29D-43CB-9147-C9DAFBBA0D19", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using \"Javascript debugging.\""}, {"lang": "es", "value": "Una vulnerabilidad de Omisi\u00f3n de Autenticaci\u00f3n en el enrutador Belkin N300 (versi\u00f3n F7D7301v1), permite a atacantes remotos omitir la autenticaci\u00f3n usando \"Javascript debugging.\""}], "id": "CVE-2013-3091", "lastModified": "2020-02-10T17:45:01.683", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-02-07T19:15:09.973", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://securityevaluators.com/knowledge/case_studies/routers/belkin_n900.php"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.ise.io/research/studies-and-papers/belkin_n900/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}