Details of VAR-200107-0147

ID

VAR-200107-0147

CVE

CVE-2001-0514

TITLE

Atmel SNMP Group string vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200107-135

DESCRIPTION

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Atmel is a chip design and manufacturing firm that provides various RF-based products to corporate consumers. Atmel manufactures firmware for various wireless access systems. It is possible to gain SNMP access to some wireless access points that use the Atmel chipset and firmware. These systems do not use sufficient access control, and allow reading/writing of MIB data with any community password. This makes it possible for a remote user to gain access to sensitive information, and potentially launch an information gathering attack

Trust: 1.26

sources: NVD: CVE-2001-0514 // BID: 2896 // VULHUB: VHN-3329

AFFECTED PRODUCTS

vendor:	linksys	model:	wap11	scope:	eq	version:	*	Trust: 1.0
vendor:	atmel	model:	802.11b vnet-b access point	scope:	lte	version:	1.3	Trust: 1.0
vendor:	netgear	model:	me102	scope:	eq	version:	*	Trust: 1.0
vendor:	atmel	model:	802.11b vnet-b access point	scope:	eq	version:	1.3	Trust: 0.6
vendor:	atmel	model:	-	scope:	eq	version:	1.3	Trust: 0.3
vendor:	atmel	model:	-	scope:	ne	version:	1.4	Trust: 0.3

sources: BID: 2896 // CNNVD: CNNVD-200107-135 // NVD: CVE-2001-0514

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-0514
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200107-135
value:	HIGH
Trust: 0.6
VULHUB:	VHN-3329
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-0514
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3329
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3329 // CNNVD: CNNVD-200107-135 // NVD: CVE-2001-0514

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-0514

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200107-135

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200107-135

EXTERNAL IDS

db:	BID	id:	2896	Trust: 2.0
db:	NVD	id:	CVE-2001-0514	Trust: 1.7
db:	CNNVD	id:	CNNVD-200107-135	Trust: 0.7
db:	ISS	id:	20010620 MULTIPLE VENDOR 802.11B ACCESS POINT SNMP AUTHENTICATION FLAW	Trust: 0.6
db:	XF	id:	6576	Trust: 0.6
db:	VULHUB	id:	VHN-3329	Trust: 0.1

sources: VULHUB: VHN-3329 // BID: 2896 // CNNVD: CNNVD-200107-135 // NVD: CVE-2001-0514

REFERENCES

url:	http://www.securityfocus.com/bid/2896	Trust: 1.7
url:	http://xforce.iss.net/alerts/advise83.php	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6576	Trust: 1.1
url:	http://xforce.iss.net/static/6576.php	Trust: 0.6

sources: VULHUB: VHN-3329 // CNNVD: CNNVD-200107-135 // NVD: CVE-2001-0514

CREDITS

This vulnerability was announced in an IIS X-Force Security Advisory on June 20, 2001.

Trust: 0.9

sources: BID: 2896 // CNNVD: CNNVD-200107-135

SOURCES

db:	VULHUB	id:	VHN-3329
db:	BID	id:	2896
db:	CNNVD	id:	CNNVD-200107-135
db:	NVD	id:	CVE-2001-0514

LAST UPDATE DATE

2024-08-14T15:36:15.361000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3329	date:	2017-10-10T00:00:00
db:	BID	id:	2896	date:	2001-06-20T00:00:00
db:	CNNVD	id:	CNNVD-200107-135	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-0514	date:	2017-10-10T01:29:45.907

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3329	date:	2001-07-21T00:00:00
db:	BID	id:	2896	date:	2001-06-20T00:00:00
db:	CNNVD	id:	CNNVD-200107-135	date:	2001-07-21T00:00:00
db:	NVD	id:	CVE-2001-0514	date:	2001-07-21T04:00:00