Details of VAR-200210-0223

ID

VAR-200210-0223

CVE

CVE-2002-1069

TITLE

D-Link DI-804 remote management interface can freely release DHCP address vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3447

DESCRIPTION

The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm, (2) Device Status, or (3) Device Information. DI-804 is a hardware gateway and firewall developed and designed by D-LINK. DI-804's web management interface lacks access control, which causes the DHCP address that has been allocated to be released. When the web management interface of DI-804 is enabled, the /release.html page can be used to operate the DHCP-assigned address. Due to the lack of access control to the /release.html page, remote attackers can cause the allocated address to be maliciously released. This page is used to manipulate DHCP allocated addresses, and could be used to revoke leases on assigned addresses. It is possible to access to the Device information and Device status pages. These pages contain information such as the WAN IP, netmask, name server information, DHCP log, and MAC address to IP address mappings. The device information page lists the device name, firmware version, MAC addresses of LAN and WAN interfaces

Trust: 2.07

sources: NVD: CVE-2002-1069 // CNVD: CNVD-2002-3447 // BID: 5544 // BID: 5553 // VULHUB: VHN-5458

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2002-3447

AFFECTED PRODUCTS

vendor:	d link	model:	di-804	scope:	eq	version:	4.68	Trust: 2.2
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2002-3447 // BID: 5544 // BID: 5553 // CNNVD: CNNVD-200210-125 // NVD: CVE-2002-1069

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1069
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200210-125
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-5458
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-1069
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-5458
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-5458 // CNNVD: CNNVD-200210-125 // NVD: CVE-2002-1069

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1069

THREAT TYPE

network

Trust: 0.6

sources: BID: 5544 // BID: 5553

TYPE

Access Validation Error

Trust: 0.6

sources: BID: 5544 // BID: 5553

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1069	Trust: 2.9
db:	BID	id:	5553	Trust: 2.0
db:	BID	id:	5544	Trust: 2.0
db:	CNNVD	id:	CNNVD-200210-125	Trust: 0.7
db:	CNVD	id:	CNVD-2002-3447	Trust: 0.6
db:	XF	id:	9969	Trust: 0.6
db:	XF	id:	9967	Trust: 0.6
db:	BUGTRAQ	id:	20020822 POSSIBLE EXPLOIT: D-LINK DI-804 UNAUTHORIZED DHCP RELEASE FROM WAN	Trust: 0.6
db:	BUGTRAQ	id:	20020822 RE: POSSIBLE EXPLOIT: D-LINK DI-804 UNAUTHORIZED DHCP RELEASE	Trust: 0.6
db:	VULHUB	id:	VHN-5458	Trust: 0.1

sources: CNVD: CNVD-2002-3447 // VULHUB: VHN-5458 // BID: 5544 // BID: 5553 // CNNVD: CNNVD-200210-125 // NVD: CVE-2002-1069

REFERENCES

url:	http://www.securityfocus.com/bid/5544	Trust: 1.7
url:	http://www.securityfocus.com/bid/5553	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/288584	Trust: 1.7
url:	http://www.iss.net/security_center/static/9969.php	Trust: 1.7
url:	http://www.iss.net/security_center/static/9967.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=103004834131542&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=103004834131542&w=2	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=103004834131542&w=2	Trust: 0.1

sources: VULHUB: VHN-5458 // CNNVD: CNNVD-200210-125 // NVD: CVE-2002-1069

CREDITS

Roger McLaren※ RMcLaren@vcss.k12.ca.us

Trust: 0.6

sources: CNNVD: CNNVD-200210-125

SOURCES

db:	CNVD	id:	CNVD-2002-3447
db:	VULHUB	id:	VHN-5458
db:	BID	id:	5544
db:	BID	id:	5553
db:	CNNVD	id:	CNNVD-200210-125
db:	NVD	id:	CVE-2002-1069

LAST UPDATE DATE

2024-08-14T14:16:19.373000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-3447	date:	2002-08-27T00:00:00
db:	VULHUB	id:	VHN-5458	date:	2016-10-18T00:00:00
db:	BID	id:	5544	date:	2009-07-11T15:56:00
db:	BID	id:	5553	date:	2009-07-11T15:56:00
db:	CNNVD	id:	CNNVD-200210-125	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1069	date:	2016-10-18T02:23:36.323

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-3447	date:	2002-08-22T00:00:00
db:	VULHUB	id:	VHN-5458	date:	2002-10-04T00:00:00
db:	BID	id:	5544	date:	2002-08-22T00:00:00
db:	BID	id:	5553	date:	2002-08-22T00:00:00
db:	CNNVD	id:	CNNVD-200210-125	date:	2002-08-22T00:00:00
db:	NVD	id:	CVE-2002-1069	date:	2002-10-04T04:00:00