CVE-2013-7293 — MEDIUM (5.0)

Vulnerability Description

The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always resolve to 192.168.1.1, which makes it easier for remote attackers to hijack the configuration traffic by controlling the server associated with that hostname.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Asus	Wl-330Nul	-

Related Weaknesses (CWE)

CWE-284 CWE-16

References

http://www.kb.cert.org/vuls/id/191750Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/64799
http://www.kb.cert.org/vuls/id/191750Third Party AdvisoryUS Government Resource
http://www.securityfocus.com/bid/64799

FAQ

What is CVE-2013-7293?

CVE-2013-7293 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The ASUS WL-330NUL router has a configuration process that relies on accessing the 192.168.1.1 IP address, but the documentation advises users to instead access a DNS hostname that does not always res...

How severe is CVE-2013-7293?

CVE-2013-7293 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-7293?

Check the references section above for vendor advisories and patch information. Affected products include: Asus Wl-330Nul.