Vulnerability Description
Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.
CVSS Score
7.1
HIGH
AV:N/AC:M/Au:N/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linksys | Ea6500 Firmware | 1.1.28.147876 |
| Linksys | Ea6500 | - |
Related Weaknesses (CWE)
References
- http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_CatalExploit
- http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.phpExploit
- http://securityevaluators.com/knowledge/case_studies/routers/Vulnerability_CatalExploit
- http://securityevaluators.com/knowledge/case_studies/routers/linksys_ea6500.phpExploit
FAQ
What is CVE-2013-3066?
CVE-2013-3066 is a vulnerability with a CVSS score of 7.1 (HIGH). Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict access, which allows remote attackers to obtain sensitive information (clients and router configuration) via a request to /JNAP/.
How severe is CVE-2013-3066?
CVE-2013-3066 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-3066?
Check the references section above for vendor advisories and patch information. Affected products include: Linksys Ea6500 Firmware, Linksys Ea6500.