Sign-up

ID

VAR-200211-0060


CVE

CVE-2002-1312


TITLE

Multiple Linksys Device Password Field Buffer Overflow Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2002-4108

DESCRIPTION

Buffer overflow in the Web management interface in Linksys BEFW11S4 wireless access point router 2 and BEFSR11, BEFSR41, and BEFSRU31 EtherFast Cable/DSL routers with firmware before 1.43.3 with remote management enabled allows remote attackers to cause a denial of service (router crash) via a long password. Linksys has developed a variety of broadband router devices, including BEFW11S4, BEFSRU31, etc., which all include WEB management interfaces.  The router's WEB management interface incorrectly handles long passwords. Remote attackers can use this vulnerability to perform buffer overflow attacks and crash the device.  An attacker can submit a request with a password field containing a long string to the router's WEB management interface system. When the device attempts to process this malformed input request, it can cause the device to crash. Need to restart to resume normal function.  The remote management interface is not enabled by default. Multiple Linksys devices lack proper handling of very long GET requests. Because the device does not adequately allocate memory buffers, an attacker can exploit this vulnerability to send a very long GET request to a Linksys device that has this vulnerability. Rebooting the device is necessary to restore functionality. This may allow an attacker to change configuration information on the vulnerable device

Trust: 2.61

sources: NVD: CVE-2002-1312 // CNVD: CNVD-2002-4108 // CNVD: CNVD-2013-15339 // BID: 6208 // BID: 6301 // VULHUB: VHN-5697

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2013-15339

AFFECTED PRODUCTS

vendor:linksysmodel:befw11s4scope:eqversion:1.4.3

Trust: 2.2

vendor:linksysmodel:befw11s4scope:eqversion:1.4.2.7

Trust: 2.2

vendor:linksysmodel:hpro200scope:eqversion:1.42.7

Trust: 1.9

vendor:linksysmodel:befvp41scope:eqversion:1.42.7

Trust: 1.9

vendor:linksysmodel:befsx41scope:eqversion:1.42.7

Trust: 1.9

vendor:linksysmodel:befn2ps4scope:eqversion:1.42.7

Trust: 1.6

vendor:linksysmodel:befsru31scope:eqversion:1.42.7

Trust: 1.6

vendor:linksysmodel:befsr41scope:eqversion:1.43

Trust: 1.6

vendor:linksysmodel:befsr41scope:eqversion:1.42.7

Trust: 1.6

vendor:linksysmodel:befsr81scope:eqversion:2.42.7.1

Trust: 1.6

vendor:linksysmodel:befsru31scope:eqversion:1.43

Trust: 1.6

vendor:linksysmodel:befsr11scope:eqversion:1.42.7

Trust: 1.0

vendor:linksysmodel:befsr11scope:eqversion:1.43

Trust: 1.0

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.43

Trust: 0.6

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.42.7

Trust: 0.6

vendor:linksysmodel:etherfast befsr81 routerscope:eqversion:2.42.7

Trust: 0.6

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43

Trust: 0.6

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.7

Trust: 0.6

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.43

Trust: 0.6

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.42.7

Trust: 0.6

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:neversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:neversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:neversion:1.43.3

Trust: 0.3

vendor:linksysmodel:befw11s4scope:neversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr81 routerscope: - version: -

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:befw11s4scope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:befsx41scope:eqversion:1.43.4

Trust: 0.3

vendor:linksysmodel:befsx41scope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:befsx41scope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsru31 routerscope:neversion:1.44

Trust: 0.3

vendor:linksysmodel:etherfast befsr81 routerscope:neversion:2.44

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:neversion:1.44

Trust: 0.3

vendor:linksysmodel:etherfast befsr11 routerscope:neversion:1.44

Trust: 0.3

vendor:linksysmodel:befw11s4scope:neversion:1.44

Trust: 0.3

vendor:linksysmodel:befsx41scope:neversion:1.44

Trust: 0.3

sources: CNVD: CNVD-2002-4108 // CNVD: CNVD-2013-15339 // BID: 6208 // BID: 6301 // CNNVD: CNNVD-200211-037 // NVD: CVE-2002-1312

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-1312
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2013-15339
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-200211-037
value: MEDIUM

Trust: 0.6

VULHUB: VHN-5697
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-1312
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2013-15339
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-5697
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2013-15339 // VULHUB: VHN-5697 // CNNVD: CNNVD-200211-037 // NVD: CVE-2002-1312

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1312

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200211-037

TYPE

Boundary Condition Error

Trust: 1.2

sources: BID: 6208 // BID: 6301 // CNNVD: CNNVD-200211-037

PATCH

title:Patch for Multiple Linksys Device GET Request Remote Buffer Overflow Vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/41776

Trust: 0.6

sources: CNVD: CNVD-2013-15339

EXTERNAL IDS

db:NVDid:CVE-2002-1312

Trust: 2.6

db:BIDid:6301

Trust: 2.6

db:BIDid:6208

Trust: 2.0

db:CNNVDid:CNNVD-200211-037

Trust: 0.7

db:CNVDid:CNVD-2002-4108

Trust: 0.6

db:CNVDid:CNVD-2013-15339

Trust: 0.6

db:IDEFENSEid:20021119 DENIAL OF SERVICE VULNERABILITY IN LINKSYS CABLE/DSL ROUTERS

Trust: 0.6

db:BUGTRAQid:20021202 CORE-20021005: VULNERABILITY REPORT FOR LINKSYS DEVICES

Trust: 0.6

db:XFid:10654

Trust: 0.6

db:VULHUBid:VHN-5697

Trust: 0.1

sources: CNVD: CNVD-2002-4108 // CNVD: CNVD-2013-15339 // VULHUB: VHN-5697 // BID: 6208 // BID: 6301 // CNNVD: CNNVD-200211-037 // NVD: CVE-2002-1312

REFERENCES

url:http://www.securityfocus.com/bid/6208

Trust: 1.7

url:http://www.securityfocus.com/bid/6301

Trust: 1.7

url:http://archives.neohapsis.com/archives/bugtraq/2002-12/0022.html

Trust: 1.7

url:http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10

Trust: 1.6

url:http://www.idefense.com/application/poi/display?id=36&type=vulnerabilities&flashstatus=true

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/10654

Trust: 1.1

url:http://marc.theaimsgroup.com/?l=bugtraq&m=103893609009727&w=2

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/10654

Trust: 0.6

url:http://www.linksys.com/products/group.asp?grid=23

Trust: 0.3

url:http://www.evansconforti.com/befw11s4

Trust: 0.3

url:/archive/1/300836

Trust: 0.3

url:http://www.idefense.com/application/poi/display?id=36&type=vulnerabilities&flashstatus=true

Trust: 0.1

url:http://www1.corest.com/common/showdoc.php?idx=276&idxseccion=10

Trust: 0.1

sources: CNVD: CNVD-2013-15339 // VULHUB: VHN-5697 // BID: 6208 // CNNVD: CNNVD-200211-037 // NVD: CVE-2002-1312

CREDITS

Alex S. Harasic※ aharasic@terra.cl

Trust: 0.6

sources: CNNVD: CNNVD-200211-037

SOURCES

db:CNVDid:CNVD-2002-4108
db:CNVDid:CNVD-2013-15339
db:VULHUBid:VHN-5697
db:BIDid:6208
db:BIDid:6301
db:CNNVDid:CNNVD-200211-037
db:NVDid:CVE-2002-1312

LAST UPDATE DATE

2024-08-14T15:31:15.774000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2002-4108date:2002-11-23T00:00:00
db:CNVDid:CNVD-2013-15339date:2013-12-19T00:00:00
db:VULHUBid:VHN-5697date:2017-07-11T00:00:00
db:BIDid:6208date:2009-07-11T19:16:00
db:BIDid:6301date:2002-12-03T00:00:00
db:CNNVDid:CNNVD-200211-037date:2005-10-20T00:00:00
db:NVDid:CVE-2002-1312date:2017-07-11T01:29:13.570

SOURCES RELEASE DATE

db:CNVDid:CNVD-2002-4108date:2002-11-23T00:00:00
db:CNVDid:CNVD-2013-15339date:2002-12-03T00:00:00
db:VULHUBid:VHN-5697date:2002-11-20T00:00:00
db:BIDid:6208date:2002-11-20T00:00:00
db:BIDid:6301date:2002-12-03T00:00:00
db:CNNVDid:CNNVD-200211-037date:2002-11-20T00:00:00
db:NVDid:CVE-2002-1312date:2002-11-20T05:00:00