Vulnerability Note VU#630872
Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N contains multiple vulnerabilities
Mediabridge Medialink Wireless-N Broadband Router MWN-WAPR300N, firmware version 5.07.50 and possibly earlier, uses non-unique default credentials and is vulnerable to universal authentication bypass and cross-site request forgery (CSRF).
CWE-255: Credentials Management - CVE-2015-5994
Medialink MWN-WAPR300N by default uses the common admin:admin credentials for the web management interface and uses medialink:password for the wireless network. An attacker within range of a wireless network using default settings can connect and gain privileged access to the web management interface. Additionally, default credentials can be leveraged in remote attacks such as cross-site request forgery.
A remote, unauthenticated attacker may be able to induce an authenticated user into making an unintentional request to the web server that will be treated as an authentic request. A LAN-based attacker can bypass authentication to take complete control of a vulnerable device.
The CERT/CC is currently unaware of a practical solution to this problem. Until these vulnerabilities are addressed, users should consider the following workarounds.
Restrict access and use strong passwords
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Mediabridge||Affected||01 Jul 2015||02 Sep 2015|
|Tenda||Affected||-||07 Dec 2015|
CVSS Metrics (Learn More)
These vulnerabilities were reported by Joel Land of the CERT/CC. Thanks to Mandeep Singh Jadon for reporting the cookie authentication vulnerability in the Tenda N3 Wireless N150 Home Router.
This document was written by Joel Land.
- CVE IDs: CVE-2015-5994 CVE-2015-5995 CVE-2015-5996
- Date Public: 03 Sep 2015
- Date First Published: 03 Sep 2015
- Date Last Updated: 31 May 2016
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.