Vulnerabilities > CVE-2014-0343 - Privilege Escalation vulnerability in Virtual Access GW6110A Router

CVSS 4.9 - MEDIUM

Attack vector

ADJACENT_NETWORK

Attack complexity

MEDIUM

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

virtualaccess

NVD

Published: 2014-03-25

Updated: 2014-03-26

Summary

The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. Per: http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"

Vulnerable Configurations

Part	Description	Count
OS	Virtualaccess Virtualaccess Gw6110A Firmware 9.00 Virtualaccess Gw6110A Firmware 9.50 Virtualaccess Gw6110A Firmware 10.00	3
Hardware	Virtualaccess Virtualaccess Gw6110A -	1

Seebug

bulletinFamily	exploit
description	CVE ID:CVE-2014-0343 Virtual Access GW6110A是路由器产品系列。 Virtual Access GW6110A路由器在实现上存在权限提升漏洞，可使经过身份验证的远程攻击者通过修改javascript变量，更改在Web接口上的用户访问级别，利用此漏洞提升其权限。 0 virtualaccess GW6000-adsl2-router < 9.50.21 virtualaccess GW6000-adsl2-router < 9.09.27 virtualaccess GW6000-adsl2-router < 10.00.21 virtualaccess GW6000-adsl2-router 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.virtualaccess.com/
id	SSV:61948
last seen	2017-11-19
modified	2014-03-26
published	2014-03-26
reporter	Root
title	Virtual Access GW6110A路由器权限提升漏洞

References

http://www.kb.cert.org/vuls/id/213046