CVE-2013-3098

2014-02-0421:55:05

CWE-352

mitre

web.nvd.nist.gov

cve-2013-3098

csrf

trendnet

tew-812dru

router

firmware

vulnerability

authentication

hijacking

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

Low

EPSS

0.007

Percentile

80.0%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet TEW-812DRU router with firmware before 1.0.9.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change admin credentials in a request to setSysAdm.cgi, (2) enable remote management or (3) enable port forwarding in an Apply action to uapply.cgi, or (4) have unspecified impact via a request to setNTP.cgi. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

trendnettew-812dru_firmwareMatch1.0.8.0

AND

trendnettew-812druMatch-

VendorProductVersionCPE
trendnettew-812dru_firmware1.0.8.0cpe:2.3:o:trendnet:tew-812dru_firmware:1.0.8.0:*:*:*:*:*:*:*
trendnettew-812dru-cpe:2.3:h:trendnet:tew-812dru:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
trendnet	tew-812dru_firmware	1.0.8.0	cpe:2.3:o:trendnet:tew-812dru_firmware:1.0.8.0:::::::*
trendnet	tew-812dru	-	cpe:2.3:h:trendnet:tew-812dru:-:::::::*