CVE-2013-7293 - OpenCVE

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Asus	Wl-330nul

Configuration 1 [-]

cpe:2.3:h:asus:wl-330nul:-:*:*:*:*:*:*:*

References

Link	Resource
http://www.kb.cert.org/vuls/id/191750	Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/64799

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-15T02:00:00

Updated: 2016-12-29T18:57:01

Reserved: 2014-01-14T00:00:00

Link: CVE-2013-7293

JSON object: View

NVD Information

Status : Modified

Published: 2014-01-15T16:13:03.757

Modified: 2016-12-31T02:59:09.983

Link: CVE-2013-7293

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-25T00:00:00", "descriptions": [{"lang": "en", "value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "64799", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/64799"}, {"name": "VU#191750", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/191750"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-7293", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "64799", "refsource": "BID", "url": "http://www.securityfocus.com/bid/64799"}, {"name": "VU#191750", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/191750"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-7293", "datePublished": "2014-01-15T02:00:00", "dateReserved": "2014-01-14T00:00:00", "dateUpdated": "2016-12-29T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}