CVE-2013-7282
published 2014-01-10CVE-2013-7282: The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote…
PriorityP262critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
9.57%
94.9th percentile
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nisuta | ns-wir150ne_firmware | — | — |
| nisuta | ns-wir300n_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP requests to router management interfaces containing the bypass cookie ':language=en' or 'admin:language=en' without a prior successful authentication session. ↗
- →Alert on unauthenticated HTTP GET requests to /cgi-bin/DownloadCfg/config.cfg, which exposes the management password in the 'http_passwd' variable. ↗
- →Flag HTTP responses containing 'Set-Cookie: admin:language=en' as evidence of the vulnerable hard-coded cookie being issued by a Nisuta router. ↗
- ·The authentication bypass works on both WAN and LAN interfaces; WAN remote management is not enabled by default, but LAN management cannot be disabled, meaning internal network attackers are always exposed. ↗
- ·The management web interface operates over plain HTTP with no encryption, so even after patching the auth bypass, credentials remain exposed in transit. ↗
- ·No firmware update was made available for the NS-WIR300N; that model remains permanently vulnerable. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txthttp://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.htmlhttp://www.ampliasecurity.com/advisories/AMPLIA-ARA050913.txthttp://www.ampliasecurity.com/advisories/nisuta-nswir150ne-nswir300n-wireless-router-remote-management-web-interface-authentication-bypass-vulnerability.html
2014-01-10
Published