Sign-up

ID

VAR-200005-0008


CVE

CVE-2000-0379


TITLE

Netopia DSL Router Vulnerability

Trust: 0.9

sources: BID: 1177 // CNNVD: CNNVD-200005-056

DESCRIPTION

The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. The following devices are confirmed as vulnerable: R2020 Dual Analog Router R3100 ISDN Router R3100-I ISDL Router R3100-T IDSL router for Covad R3232-I IDSL 4-IMUX router R5100 Serial router R5200 DDS router R5220 DDS router w/ V.90 backup R5300 T1 router R5320 T1 router w/ V.90 backup R5331 T1 router w/ ISDN backup R7100-C SDSL router R7120 SDSL Router w/int V.90 R7131 SDSL router w/int ISDN R7171 SDSL 2x IMUX router R7200-T SDSL router for Covad R7220 SDSL router w/int.V.90 R7231 SDSL router w/int ISDN R9100 Ethernet-to-ethernet Router

Trust: 1.26

sources: NVD: CVE-2000-0379 // BID: 1177 // VULHUB: VHN-1958

AFFECTED PRODUCTS

vendor:netopiamodel:r-series routersscope:eqversion:4.6.2

Trust: 1.9

sources: BID: 1177 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0379
value: LOW

Trust: 1.0

CNNVD: CNNVD-200005-056
value: LOW

Trust: 0.6

VULHUB: VHN-1958
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2000-0379
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1958
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1958 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0379

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200005-056

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200005-056

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-1958

EXTERNAL IDS
db:BIDid:1177
Trust: 2.0
db:NVDid:CVE-2000-0379
Trust: 1.7
db:CNNVDid:CNNVD-200005-056
Trust: 0.7
db:BUGTRAQid:20000507 ADVISORY: NETOPIA R9100 ROUTER VULNERABILITY
Trust: 0.6
db:SEEBUGid:SSVID-73809
Trust: 0.1
db:EXPLOIT-DBid:19901
Trust: 0.1
db:VULHUBid:VHN-1958
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1958 // 
            
            
            
            BID: 1177 // 
            
            
            
            CNNVD: CNNVD-200005-056 // 
            
            
            
            NVD: CVE-2000-0379

REFERENCES
url:http://www.securityfocus.com/bid/1177
Trust: 1.7
url:http://www.netopia.com/equipment/purchase/fmw_update.html
Trust: 1.7
url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.naa32590%40linux.mtndew.com
Trust: 1.0
url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.naa32590@linux.mtndew.com
Trust: 0.7
url:http://www.netopia.com/equipment/routers/r9100/
Trust: 0.3
url: - 
Trust: 0.1
sources:
            
            
            VULHUB: VHN-1958 // 
            
            
            
            BID: 1177 // 
            
            
            
            CNNVD: CNNVD-200005-056 // 
            
            
            
            NVD: CVE-2000-0379

CREDITS
This vulnerability was posted by Stephen Friedl <friedl@mtndew.com> to the Bugtraq mailing list on Mon, 8 May 2000.
Trust: 0.9
sources:
            
            
            BID: 1177 // 
            
            
            
            CNNVD: CNNVD-200005-056

SOURCES
db:VULHUBid:VHN-1958
db:BIDid:1177
db:CNNVDid:CNNVD-200005-056
db:NVDid:CVE-2000-0379

LAST UPDATE DATE
2024-08-14T14:16:24.621000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-1958date:2008-09-10T00:00:00
db:BIDid:1177date:2000-05-16T00:00:00
db:CNNVDid:CNNVD-200005-056date:2005-05-02T00:00:00
db:NVDid:CVE-2000-0379date:2023-11-07T01:55:17.863

SOURCES RELEASE DATE
db:VULHUBid:VHN-1958date:2000-05-16T00:00:00
db:BIDid:1177date:2000-05-16T00:00:00
db:CNNVDid:CNNVD-200005-056date:2000-05-16T00:00:00
db:NVDid:CVE-2000-0379date:2000-05-16T04:00:00