NVD Vulnerability Detail

CVE-2015-5536

Summary	Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.10 allows remote authenticated users to execute arbitrary commands via the (1) sub_dir parameter in a formUSBStorage request; pinCode parameter in a (2) formWpsStart or (3) formiNICWpsStart request; (4) wps_enrolee_pin parameter in a formWlanSetupWPS request; or unspecified parameters in a (5) formWlanMP, (6) formBSSetSitesurvey, (7) formHwSet, or (8) formConnectionSetting request.
Publication Date	Aug. 13, 2015, 11:59 p.m.
Registration Date	Jan. 26, 2021, 2:52 p.m.
Last Update	Nov. 21, 2024, 11:33 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:belkin:n300_dual-band_wi-fi_range_extender_firmware:1.0.0:::::::*
execution environment
1	cpe:2.3:h:belkin:n300_dual-band_wi-fi_range_extender::::::::

Related information, measures and tools

No	URL	タグ
1	http://www.belkin.com/us/support-article?articleNum=4975	Patch
2	http://www.belkin.com/us/support-article?articleNum=4975	Patch
3	http://www.securityfocus.com/bid/75978
4	http://www.securityfocus.com/bid/75978
5	http://www.securitytracker.com/id/1033295
6	http://www.securitytracker.com/id/1033295
7	http://www.zerodayinitiative.com/advisories/ZDI-15-343/
8	http://www.zerodayinitiative.com/advisories/ZDI-15-343/
9	http://www.zerodayinitiative.com/advisories/ZDI-15-344/
10	http://www.zerodayinitiative.com/advisories/ZDI-15-344/
11	http://www.zerodayinitiative.com/advisories/ZDI-15-346/
12	http://www.zerodayinitiative.com/advisories/ZDI-15-346/
13	http://www.zerodayinitiative.com/advisories/ZDI-15-347/
14	http://www.zerodayinitiative.com/advisories/ZDI-15-347/
15	http://www.zerodayinitiative.com/advisories/ZDI-15-348/
16	http://www.zerodayinitiative.com/advisories/ZDI-15-348/
17	http://www.zerodayinitiative.com/advisories/ZDI-15-349/
18	http://www.zerodayinitiative.com/advisories/ZDI-15-349/
19	http://www.zerodayinitiative.com/advisories/ZDI-15-350/
20	http://www.zerodayinitiative.com/advisories/ZDI-15-350/
21	http://www.zerodayinitiative.com/advisories/ZDI-15-351/
22	http://www.zerodayinitiative.com/advisories/ZDI-15-351/

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html

JVN Vulnerability Information

Belkin N300 Dual-Band Wi-Fi Range Extender のファームウェアにおける任意のコマンドを実行される脆弱性

Title	Belkin N300 Dual-Band Wi-Fi Range Extender のファームウェアにおける任意のコマンドを実行される脆弱性
Summary	Belkin N300 Dual-Band Wi-Fi Range Extender のファームウェアには、任意のコマンドを実行される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、以下のパラメータを介して、任意のコマンドを実行される可能性があります。 (1) formUSBStorage リクエストの sub_dir パラメータ (2) formWpsStart リクエストの pinCode パラメータ (3) formiNICWpsStart リクエストの pinCode パラメータ (4) formWlanSetupWPS リクエストの wps_enrolee_pin パラメータ (5) formWlanMP リクエストの不特定のパラメータ (6) formBSSetSitesurvey リクエストの不特定のパラメータ (7) formHwSet リクエストの不特定のパラメータ (8) formConnectionSetting リクエストの不特定のパラメータ
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	May 6, 2015, midnight
Registration Date	Aug. 14, 2015, 2:38 p.m.
Last Update	Aug. 14, 2015, 2:38 p.m.

Affected System

Belkin International

N300 Dual-Band Wi-Fi Range Extender

N300 Dual-Band Wi-Fi Range Extender ファームウェア 1.04.10 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2015-5536	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5536
National Vulnerability Database (NVD)
2	CVE-2015-5536	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5536

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
Support Article
1	N300 Dual-Band Wi-Fi Range Extender F9K1111 - Firmware	http://www.belkin.com/us/support-article?articleNum=4975

Change Log

No	Changed Details	Date of change
0	[2015年08月14日] 掲載	Feb. 17, 2018, 10:37 a.m.