Vulnerabilities > CVE-2013-3064 - Open Redirection vulnerability in Linksys Ea6500 and Ea6500 Firmware

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

linksys

NVD

Published: 2014-09-29

Updated: 2014-09-30

Summary

Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys EA6500 with firmware 1.1.28.147876 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the target parameter. <a href = "http://cwe.mitre.org/data/definitions/601.html"> CWE-601: URL Redirection to Untrusted Site ('Open Redirect') </a>

Vulnerable Configurations

Part	Description	Count
OS	Linksys Linksys Ea6500 Firmware 1.1.28.147876	1
Hardware	Linksys Linksys Ea6500 -	1

References

http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.php
http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_Catalog.pdf