Details of VAR-200108-0036

ID

VAR-200108-0036

CVE

CVE-2001-1117

TITLE

LinkSys EtherFast BEFSR41 Cable/DSL Router View Management and User Password Vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200108-037

DESCRIPTION

LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. Linksys EtherFast routers are small four port routers designed to optimize the use of DSL or Cable connections. EtherFast routers provide advanced features such as Network Address Translation, and DHCP Serving. EtherFast routers store the ISP and router login passwords in HTML configuration files. Additionally, when accessed by the administrator, the information is sent over the network in plain text. This makes it possible to sniff the passwords during transit. A vulnerability exists in the LinkSys EtherFast BEFSR41 Cable/DSL router running firmware prior to 1.39.3 Beta

Trust: 1.26

sources: NVD: CVE-2001-1117 // BID: 3141 // VULHUB: VHN-3922

AFFECTED PRODUCTS

vendor:	linksys	model:	befsr41	scope:	eq	version:	1.36	Trust: 1.6
vendor:	linksys	model:	befsr41	scope:	eq	version:	1.37	Trust: 1.6
vendor:	linksys	model:	befsr41	scope:	eq	version:	1.38.5	Trust: 1.6
vendor:	linksys	model:	befsr41	scope:	eq	version:	1.35	Trust: 1.6
vendor:	linksys	model:	etherfast befsr41 router	scope:	eq	version:	1.38	Trust: 0.3
vendor:	linksys	model:	etherfast befsr41 router	scope:	eq	version:	1.37	Trust: 0.3
vendor:	linksys	model:	etherfast befsr41 router	scope:	eq	version:	1.36	Trust: 0.3
vendor:	linksys	model:	etherfast befsr41 router	scope:	eq	version:	1.35	Trust: 0.3
vendor:	linksys	model:	etherfast befsr41 router	scope:	ne	version:	1.39	Trust: 0.3

sources: BID: 3141 // CNNVD: CNNVD-200108-037 // NVD: CVE-2001-1117

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1117
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200108-037
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-3922
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2001-1117
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-3922
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-3922 // CNNVD: CNNVD-200108-037 // NVD: CVE-2001-1117

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1117

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200108-037

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200108-037

EXTERNAL IDS

db:	BID	id:	3141	Trust: 2.0
db:	OSVDB	id:	1920	Trust: 1.7
db:	OSVDB	id:	5467	Trust: 1.7
db:	NVD	id:	CVE-2001-1117	Trust: 1.7
db:	CNNVD	id:	CNNVD-200108-037	Trust: 0.7
db:	BUGTRAQ	id:	20010802 ADVISORY UPDATE: DESIGN FLAW IN LINKSYS ETHERFAST 4-PORT	Trust: 0.6
db:	BUGTRAQ	id:	20010810 LINKSYS ROUTER SECURITY FIX	Trust: 0.6
db:	XF	id:	6949	Trust: 0.6
db:	VULHUB	id:	VHN-3922	Trust: 0.1

sources: VULHUB: VHN-3922 // BID: 3141 // CNNVD: CNNVD-200108-037 // NVD: CVE-2001-1117

REFERENCES

url:	http://www.securityfocus.com/bid/3141	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/201390	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/203302	Trust: 1.7
url:	ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip	Trust: 1.7
url:	http://www.osvdb.org/1920	Trust: 1.7
url:	http://www.osvdb.org/5467	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/6949	Trust: 1.1
url:	http://xforce.iss.net/static/6949.php	Trust: 0.6
url:	http://hypoclear.cjb.net/hypo_linksys_advisory.txt	Trust: 0.3

sources: VULHUB: VHN-3922 // BID: 3141 // CNNVD: CNNVD-200108-037 // NVD: CVE-2001-1117

CREDITS

This vulnerability was announced via the Vulnwatch Security List by hypoclear <hypoclear@jungle.net> on August 2, 2001.

Trust: 0.3

sources: BID: 3141

SOURCES

db:	VULHUB	id:	VHN-3922
db:	BID	id:	3141
db:	CNNVD	id:	CNNVD-200108-037
db:	NVD	id:	CVE-2001-1117

LAST UPDATE DATE

2024-08-14T14:36:02.357000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-3922	date:	2017-10-10T00:00:00
db:	BID	id:	3141	date:	2001-08-02T00:00:00
db:	CNNVD	id:	CNNVD-200108-037	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2001-1117	date:	2017-10-10T01:30:00.673

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-3922	date:	2001-08-10T00:00:00
db:	BID	id:	3141	date:	2001-08-02T00:00:00
db:	CNNVD	id:	CNNVD-200108-037	date:	2001-08-10T00:00:00
db:	NVD	id:	CVE-2001-1117	date:	2001-08-10T04:00:00