Details of VAR-200212-0086

ID

VAR-200212-0086

CVE

CVE-2002-2137

TITLE

GlobalSunTech Access Point Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 6100 // CNNVD: CNNVD-200212-229

DESCRIPTION

GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and possibly OEM products such as (2) D-Link DWL-900AP+ B1 2.1 and 2.2, (3) ALLOY GL-2422AP-S, (4) EUSSO GL2422-AP, and (5) LINKSYS WAP11-V2.2, allow remote attackers to obtain sensitive information like WEP keys, the administrator password, and the MAC filter via a "getsearch" request to UDP port 27155. An information disclosure vulnerability has been discovered in GlobalSunTech access points. It has been reported that a remote attacker is able to retrieve sensitive information from vulnerable access points, including AP login credentials. Information gained by exploiting this vulnerability may allow an attacker to launch further attacks against the target network. It should be noted that this vulnerability was reported for a WISECOM GL2422AP-0T access point. Devices that use Global Sun Technology access points may be affected by this issue. It has been determined that D-Link DI-614+ and SMC Barricade 7004AWBR access points are not affected by this issue. It has been reported that Linksys WAP11-V2.2 is prone to this issue, but to a lesser extent

Trust: 1.26

sources: NVD: CVE-2002-2137 // BID: 6100 // VULHUB: VHN-6520

AFFECTED PRODUCTS

vendor:	linksys	model:	wap11	scope:	eq	version:	2.2	Trust: 1.3
vendor:	eusso	model:	gl2422 ap	scope:	eq	version:	*	Trust: 1.0
vendor:	d link	model:	dwl-900ap\+	scope:	eq	version:	b1_2.2	Trust: 1.0
vendor:	d link	model:	dwl-900ap\+	scope:	eq	version:	b1_2.1	Trust: 1.0
vendor:	wisecom	model:	gl2422ap-0t	scope:	eq	version:	*	Trust: 1.0
vendor:	alloy	model:	gl-2422ap-s	scope:	eq	version:	*	Trust: 1.0
vendor:	alloy	model:	gl-2422ap-s	scope:	-	version:	-	Trust: 0.6
vendor:	globalsuntech	model:	wisecom gl2422ap-0t	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	dwl-900ap+	scope:	eq	version:	2.2	Trust: 0.3

sources: BID: 6100 // CNNVD: CNNVD-200212-229 // NVD: CVE-2002-2137

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2137
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-229
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6520
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-2137
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6520
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6520 // CNNVD: CNNVD-200212-229 // NVD: CVE-2002-2137

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2137

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-229

TYPE

Design Error

Trust: 0.9

sources: BID: 6100 // CNNVD: CNNVD-200212-229

EXTERNAL IDS

db:	BID	id:	6100	Trust: 2.0
db:	NVD	id:	CVE-2002-2137	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-229	Trust: 0.7
db:	XF	id:	80211	Trust: 0.6
db:	BUGTRAQ	id:	20021103 ACCESSPOINTS DISCLOSE WEP KEYS, PASSWORD AND MAC FILTER (FWD)	Trust: 0.6
db:	VULHUB	id:	VHN-6520	Trust: 0.1

sources: VULHUB: VHN-6520 // BID: 6100 // CNNVD: CNNVD-200212-229 // NVD: CVE-2002-2137

REFERENCES

url:	http://www.securityfocus.com/bid/6100	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/298432	Trust: 1.7
url:	http://www.iss.net/security_center/static/10536.php	Trust: 1.7
url:	http://www.globalsuntech.com/	Trust: 0.3
url:	/archive/1/298432	Trust: 0.3
url:	/archive/1/298494	Trust: 0.3
url:	/archive/1/298487	Trust: 0.3
url:	/archive/1/298983	Trust: 0.3
url:	/archive/1/298872	Trust: 0.3

sources: VULHUB: VHN-6520 // BID: 6100 // CNNVD: CNNVD-200212-229 // NVD: CVE-2002-2137

CREDITS

Discovery of this vulnerability is credited to Tom Knienieder <knienieder@khamsin.ch>.

Trust: 0.9

sources: BID: 6100 // CNNVD: CNNVD-200212-229

SOURCES

db:	VULHUB	id:	VHN-6520
db:	BID	id:	6100
db:	CNNVD	id:	CNNVD-200212-229
db:	NVD	id:	CVE-2002-2137

LAST UPDATE DATE

2024-08-14T12:07:38.724000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6520	date:	2008-09-05T00:00:00
db:	BID	id:	6100	date:	2002-11-04T00:00:00
db:	CNNVD	id:	CNNVD-200212-229	date:	2006-01-27T00:00:00
db:	NVD	id:	CVE-2002-2137	date:	2008-09-05T20:32:25.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6520	date:	2002-12-31T00:00:00
db:	BID	id:	6100	date:	2002-11-04T00:00:00
db:	CNNVD	id:	CNNVD-200212-229	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2137	date:	2002-12-31T05:00:00