ID
VAR-200210-0081
CVE
CVE-2002-0949
TITLE
Telindus 1100 ADSL Router Administrator Password Disclosure Vulnerability
Trust: 0.6
DESCRIPTION
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext. The 1100 series routers are a broadband connectivity solution distributed by Telindus. Under some circumstances, a vulnerable Telindus router may leak sensitive information. When an attempt to connect to the router is made using the administrative software, the router sends the password to the client in plain text. This packet is sent via UDP. **The vendor has released firmware version 6.0.27, dated July 2002. Reports suggest that this firmware does not adequately protect against this vulnerability. The firmware is reported to use an encrypted UDP packet when connecting to the router. However, the firmware uses a weak encryption scheme and thus it is easily circumvented by an attacker. A design vulnerability in the Telindus 1100 series routers could allow a remote attacker to obtain administrator password information. Telindus 1100 series routers provide a management software, which can be downloaded from Telindus website for free, and can be used to remotely manage routers
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | telindus | model: | adsl router | scope: | eq | version: | 1120 | Trust: 1.9 |
| vendor: | telindus | model: | adsl router | scope: | eq | version: | 1110 | Trust: 1.9 |
| vendor: | telindus | model: | adsl router .21b | scope: | eq | version: | 11206.0 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
EXPLOIT AVAILABILITY
EXTERNAL IDS
| db: | NVD | id: | CVE-2002-0949 | Trust: 2.0 |
| db: | BID | id: | 4946 | Trust: 2.0 |
| db: | CNNVD | id: | CNNVD-200210-219 | Trust: 0.7 |
| db: | XF | id: | 9277 | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20020605 SOME VULNERABILITIES IN THE TELINDUS 11XX ROUTER SERIES | Trust: 0.6 |
| db: | EXPLOIT-DB | id: | 21513 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-5338 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/4946 | Trust: 1.7 |
| url: | http://archives.neohapsis.com/archives/bugtraq/2002-06/0028.html | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/9277.php | Trust: 1.7 |
| url: | http://www.telindus.com/ | Trust: 0.3 |
| url: | /archive/1/304670 | Trust: 0.3 |
CREDITS
finelli@ieee.org※>finelli@ieee.org</a>※ finelli@ieee.org
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-5338 |
| db: | BID | id: | 4946 |
| db: | CNNVD | id: | CNNVD-200210-219 |
| db: | NVD | id: | CVE-2002-0949 |
LAST UPDATE DATE
2024-08-14T14:29:36.484000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-5338 | date: | 2008-09-05T00:00:00 |
| db: | BID | id: | 4946 | date: | 2009-07-11T13:56:00 |
| db: | CNNVD | id: | CNNVD-200210-219 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2002-0949 | date: | 2008-09-05T20:29:22.567 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-5338 | date: | 2002-10-04T00:00:00 |
| db: | BID | id: | 4946 | date: | 2002-06-05T00:00:00 |
| db: | CNNVD | id: | CNNVD-200210-219 | date: | 2002-06-05T00:00:00 |
| db: | NVD | id: | CVE-2002-0949 | date: | 2002-10-04T04:00:00 |