Details of VAR-200212-0082

ID

VAR-200212-0082

CVE

CVE-2002-2133

TITLE

Telindus ADSL Router Encryption mechanism is not strong vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-635

DESCRIPTION

Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. A weakness has been discovered in the encryption algorithm used by Telindus ADSL routers. Due to the use of a weak algorithm, as well as various static values within an encrypted packet, it may be possible for a remote attacker to decipher sensitive router information. By sniffing sensitive network traffic sent by the router, it may be possible for an attacker to deduce the administrator password. It should be noted that this issue is partially derived from the vulnerability described in BID 4946. TELINDUS ADSL router can be used for ADSL network connection

Trust: 1.26

sources: NVD: CVE-2002-2133 // BID: 6919 // VULHUB: VHN-6516

AFFECTED PRODUCTS

vendor:	telindus	model:	1120 adsl router	scope:	eq	version:	6.0.21b_firmware	Trust: 1.6
vendor:	telindus	model:	adsl router .21b	scope:	eq	version:	11206.0	Trust: 0.3

sources: BID: 6919 // CNNVD: CNNVD-200212-635 // NVD: CVE-2002-2133

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2133
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-635
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-6516
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2133
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6516
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6516 // CNNVD: CNNVD-200212-635 // NVD: CVE-2002-2133

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2133

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-635

TYPE

Design Error

Trust: 0.9

sources: BID: 6919 // CNNVD: CNNVD-200212-635

EXTERNAL IDS

db:	BID	id:	6919	Trust: 2.0
db:	OSVDB	id:	4762	Trust: 1.7
db:	NVD	id:	CVE-2002-2133	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-635	Trust: 0.7
db:	BUGTRAQ	id:	20021228 TELINDUS 112X ADSL ROUTER - WEAK PASSWORD ENCRYPTION	Trust: 0.6
db:	BUGTRAQ	id:	20030223 WEAK ENCRYPTION SCHEME IN TELINDUS 112X	Trust: 0.6
db:	XF	id:	10951	Trust: 0.6
db:	NSFOCUS	id:	4446	Trust: 0.6
db:	VULHUB	id:	VHN-6516	Trust: 0.1

sources: VULHUB: VHN-6516 // BID: 6919 // CNNVD: CNNVD-200212-635 // NVD: CVE-2002-2133

REFERENCES

url:	http://www.securityfocus.com/bid/6919	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html	Trust: 1.7
url:	http://www.osvdb.org/4762	Trust: 1.7
url:	http://www.iss.net/security_center/static/10951.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/4446	Trust: 0.6
url:	/archive/1/312881	Trust: 0.3

sources: VULHUB: VHN-6516 // BID: 6919 // CNNVD: CNNVD-200212-635 // NVD: CVE-2002-2133

CREDITS

eflorio※ eflorio@edmaster.it

Trust: 0.6

sources: CNNVD: CNNVD-200212-635

SOURCES

db:	VULHUB	id:	VHN-6516
db:	BID	id:	6919
db:	CNNVD	id:	CNNVD-200212-635
db:	NVD	id:	CVE-2002-2133

LAST UPDATE DATE

2024-08-14T14:09:07.727000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6516	date:	2008-09-05T00:00:00
db:	BID	id:	6919	date:	2003-02-23T00:00:00
db:	CNNVD	id:	CNNVD-200212-635	date:	2006-01-25T00:00:00
db:	NVD	id:	CVE-2002-2133	date:	2008-09-05T20:32:25.087

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6516	date:	2002-12-31T00:00:00
db:	BID	id:	6919	date:	2003-02-23T00:00:00
db:	CNNVD	id:	CNNVD-200212-635	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2133	date:	2002-12-31T05:00:00