Sign-up

ID

VAR-200106-0211


CVE

CVE-2001-1430


TITLE

Cayman-DSL Router Insecure Default Account Vulnerability

Trust: 0.9

sources: BID: 3017 // CNNVD: CNNVD-200106-060

DESCRIPTION

Cayman 3220-H DSL Router 1.0 ship without a password set, which allows remote attackers to gain unauthorized access. Cayman gateways ship without a default password on the admin and user accounts. As long as the gateway is not addressable via the WAN, this can only be accessed and set by anyone on the LAN side. With admin access, the gateway settings can be configured by an intruder. This could facilitate remote denials of service, as well as potentially allowing further compromises of the network served by the router

Trust: 1.98

sources: NVD: CVE-2001-1430 // CERT/CC: VU#557136 // BID: 3017 // VULHUB: VHN-4234

AFFECTED PRODUCTS

vendor:caymanmodel:3220-h dsl routerscope:eqversion:1.0

Trust: 1.9

vendor:caymanmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#557136 // BID: 3017 // CNNVD: CNNVD-200106-060 // NVD: CVE-2001-1430

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2001-1430
value: HIGH

Trust: 1.0

CARNEGIE MELLON: VU#557136
value: 45.00

Trust: 0.8

CNNVD: CNNVD-200106-060
value: HIGH

Trust: 0.6

VULHUB: VHN-4234
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2001-1430
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4234
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CERT/CC: VU#557136 // VULHUB: VHN-4234 // CNNVD: CNNVD-200106-060 // NVD: CVE-2001-1430

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1430

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200106-060

TYPE

Configuration Error

Trust: 0.9

sources: BID: 3017 // CNNVD: CNNVD-200106-060

EXTERNAL IDS

db:CERT/CCid:VU#557136

Trust: 2.5

db:NVDid:CVE-2001-1430

Trust: 2.0

db:BIDid:3017

Trust: 2.0

db:CNNVDid:CNNVD-200106-060

Trust: 0.7

db:XFid:6841

Trust: 0.6

db:BUGTRAQid:20010711 CAYMAN STRIKES AGAIN

Trust: 0.6

db:CERT/CCid:HTTP://WWW.KB.CERT.ORG/VULS/ID/JARL-4ZTKY9

Trust: 0.6

db:VULHUBid:VHN-4234

Trust: 0.1

sources: CERT/CC: VU#557136 // VULHUB: VHN-4234 // BID: 3017 // CNNVD: CNNVD-200106-060 // NVD: CVE-2001-1430

REFERENCES

url:http://www.securityfocus.com/bid/3017

Trust: 1.7

url:http://www.securityfocus.com/archive/1/196083

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/557136

Trust: 1.7

url:http://www.kb.cert.org/vuls/id/jarl-4ztky9

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/6841

Trust: 1.1

url:about vulnerability notes

Trust: 0.8

url:contact us about this vulnerability

Trust: 0.8

url:provide a vendor statement

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/6841

Trust: 0.6

sources: CERT/CC: VU#557136 // VULHUB: VHN-4234 // CNNVD: CNNVD-200106-060 // NVD: CVE-2001-1430

CREDITS

Reported to bugtraq by Russell Handorf <rhandorf@mail.russells-world.com> on July 11, 2001.

Trust: 0.9

sources: BID: 3017 // CNNVD: CNNVD-200106-060

SOURCES

db:CERT/CCid:VU#557136
db:VULHUBid:VHN-4234
db:BIDid:3017
db:CNNVDid:CNNVD-200106-060
db:NVDid:CVE-2001-1430

LAST UPDATE DATE

2024-08-14T15:20:22.339000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#557136date:2001-08-27T00:00:00
db:VULHUBid:VHN-4234date:2017-07-11T00:00:00
db:BIDid:3017date:2009-07-11T06:56:00
db:CNNVDid:CNNVD-200106-060date:2005-10-20T00:00:00
db:NVDid:CVE-2001-1430date:2017-07-11T01:29:06.743

SOURCES RELEASE DATE

db:CERT/CCid:VU#557136date:2001-08-27T00:00:00
db:VULHUBid:VHN-4234date:2001-06-11T00:00:00
db:BIDid:3017date:2001-07-11T00:00:00
db:CNNVDid:CNNVD-200106-060date:2001-06-11T00:00:00
db:NVDid:CVE-2001-1430date:2001-06-11T04:00:00