Vulnerabilities > CVE-2014-0343 - Privilege Escalation vulnerability in Virtual Access GW6110A Router
Attack vector
ADJACENT_NETWORK Attack complexity
MEDIUM Privileges required
SINGLE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The web interface on Virtual Access GW6110A routers with software 9.00 before 9.09.27, 9.50 before 9.50.21, and 10.00 before 10.00.21 allows remote authenticated users to gain privileges via a modified JavaScript variable. Per: http://cwe.mitre.org/data/definitions/472.html "CWE-472: External Control of Assumed-Immutable Web Parameter"
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 3 | |
Hardware | 1 |
Seebug
bulletinFamily | exploit |
description | CVE ID:CVE-2014-0343 Virtual Access GW6110A是路由器产品系列。 Virtual Access GW6110A路由器在实现上存在权限提升漏洞,可使经过身份验证的远程攻击者通过修改javascript变量,更改在Web接口上的用户访问级别,利用此漏洞提升其权限。 0 virtualaccess GW6000-adsl2-router < 9.50.21 virtualaccess GW6000-adsl2-router < 9.09.27 virtualaccess GW6000-adsl2-router < 10.00.21 virtualaccess GW6000-adsl2-router 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.virtualaccess.com/ |
id | SSV:61948 |
last seen | 2017-11-19 |
modified | 2014-03-26 |
published | 2014-03-26 |
reporter | Root |
title | Virtual Access GW6110A路由器权限提升漏洞 |