CVE-2009-2323 - Vulnerability Details - OpenCVE

ReportizFlow

The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Axesstel	Mv 410r

Configuration 1 [-]

cpe:2.3:h:axesstel:mv_410r:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/504716/100/0/threaded
http://www.securityfocus.com/bid/35563

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-05T16:00:00

Updated: 2024-08-07T05:44:55.936Z

Reserved: 2009-07-05T00:00:00

Link: CVE-2009-2323

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-07-05T16:30:00.640

Modified: 2024-11-21T01:04:36.360

Link: CVE-2009-2323

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-02T00:00:00", "descriptions": [{"lang": "en", "value": "The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "35563", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35563"}, {"name": "20090702 Multiple Flaws in Axesstel MV 410R", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2009-2323", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "35563", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35563"}, {"name": "20090702 Multiple Flaws in Axesstel MV 410R", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:44:55.936Z"}, "title": "CVE Program Container", "references": [{"name": "35563", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35563"}, {"name": "20090702 Multiple Flaws in Axesstel MV 410R", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2323", "datePublished": "2009-07-05T16:00:00", "dateReserved": "2009-07-05T00:00:00", "dateUpdated": "2024-08-07T05:44:55.936Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:axesstel:mv_410r:*:*:*:*:*:*:*:*", "matchCriteriaId": "19511BCC-9DAD-4342-99B5-163DABC3A432", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site request forgery (CSRF) attacks, as demonstrated by a redirect from the cgi-bin/wireless.cgi script."}, {"lang": "es", "value": "El interfaz web del Axesstel MV 410R, redrecciona a los usuarios a la p\u00e1gina visitada previamente tras la ejecuci\u00f3n de algunas secuencias de comandos CGI, lo que facilita a atacantes remotos evitar la detecci\u00f3n de ataques de falsificaci\u00f3n de petici\u00f3n en sitios cruzados (CSFR), como se ha demostrado mediante una redirecci\u00f3n en la secuencia de comandos cgi-bin/wireless.cgi."}], "id": "CVE-2009-2323", "lastModified": "2024-11-21T01:04:36.360", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-07-05T16:30:00.640", "references": [{"source": "[email protected]", "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/35563"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/504716/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35563"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "[email protected]", "type": "Primary"}]}