ID

VAR-200005-0008


CVE

CVE-2000-0379


TITLE

Netopia DSL Router Vulnerability

Trust: 0.9

sources: BID: 1177 // CNNVD: CNNVD-200005-056

DESCRIPTION

The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. The following devices are confirmed as vulnerable: R2020 Dual Analog Router R3100 ISDN Router R3100-I ISDL Router R3100-T IDSL router for Covad R3232-I IDSL 4-IMUX router R5100 Serial router R5200 DDS router R5220 DDS router w/ V.90 backup R5300 T1 router R5320 T1 router w/ V.90 backup R5331 T1 router w/ ISDN backup R7100-C SDSL router R7120 SDSL Router w/int V.90 R7131 SDSL router w/int ISDN R7171 SDSL 2x IMUX router R7200-T SDSL router for Covad R7220 SDSL router w/int.V.90 R7231 SDSL router w/int ISDN R9100 Ethernet-to-ethernet Router

Trust: 1.26

sources: NVD: CVE-2000-0379 // BID: 1177 // VULHUB: VHN-1958

AFFECTED PRODUCTS

vendor:netopiamodel:r-series routersscope:eqversion:4.6.2

Trust: 1.9

sources: BID: 1177 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2000-0379
value: LOW

Trust: 1.0

CNNVD: CNNVD-200005-056
value: LOW

Trust: 0.6

VULHUB: VHN-1958
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2000-0379
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1958
severity: LOW
baseScore: 3.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1958 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2000-0379

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-200005-056

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200005-056

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1958

EXTERNAL IDS

db:BIDid:1177

Trust: 2.0

db:NVDid:CVE-2000-0379

Trust: 1.7

db:CNNVDid:CNNVD-200005-056

Trust: 0.7

db:BUGTRAQid:20000507 ADVISORY: NETOPIA R9100 ROUTER VULNERABILITY

Trust: 0.6

db:SEEBUGid:SSVID-73809

Trust: 0.1

db:EXPLOIT-DBid:19901

Trust: 0.1

db:VULHUBid:VHN-1958

Trust: 0.1

sources: VULHUB: VHN-1958 // BID: 1177 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

REFERENCES

url:http://www.securityfocus.com/bid/1177

Trust: 2.7

url:http://www.netopia.com/equipment/purchase/fmw_update.html

Trust: 2.7

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.naa32590%40linux.mtndew.com

Trust: 2.0

url:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.naa32590@linux.mtndew.com

Trust: 0.7

url:http://www.netopia.com/equipment/routers/r9100/

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-1958 // BID: 1177 // CNNVD: CNNVD-200005-056 // NVD: CVE-2000-0379

CREDITS

This vulnerability was posted by Stephen Friedl <friedl@mtndew.com> to the Bugtraq mailing list on Mon, 8 May 2000.

Trust: 0.9

sources: BID: 1177 // CNNVD: CNNVD-200005-056

SOURCES

db:VULHUBid:VHN-1958
db:BIDid:1177
db:CNNVDid:CNNVD-200005-056
db:NVDid:CVE-2000-0379

LAST UPDATE DATE

2024-11-22T23:08:33.249000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1958date:2008-09-10T00:00:00
db:BIDid:1177date:2000-05-16T00:00:00
db:CNNVDid:CNNVD-200005-056date:2005-05-02T00:00:00
db:NVDid:CVE-2000-0379date:2024-11-20T23:32:22.227

SOURCES RELEASE DATE

db:VULHUBid:VHN-1958date:2000-05-16T00:00:00
db:BIDid:1177date:2000-05-16T00:00:00
db:CNNVDid:CNNVD-200005-056date:2000-05-16T00:00:00
db:NVDid:CVE-2000-0379date:2000-05-16T04:00:00