Details of VAR-200212-0249

ID

VAR-200212-0249

CVE

CVE-2002-2020

TITLE

NetGear RP114 manages access vulnerability through external interface

Trust: 0.6

sources: CNVD: CNVD-2002-2888

DESCRIPTION

Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default administrator password and accepts admin logins on the external interface, which allows remote attackers to gain privileges if the password is not changed. NetGear RP114 router can access management through TELNET and HTTP. The NetGear RP114 router has a vulnerability in restricting management interface access processing. A remote attacker could use this vulnerability to externally access the management interface services. The NetGear RP114 router sets the 192.168.0.1 IP address as a local access address. All access restrictions on management tools are only accessible by this address, but there are loopholes. The NetGear RP114 router receives all communications with an IP address in the range of 192.168.xx. If the user has authentication information, he can access the management tool from the external interface for reconfiguration or conduct illegal activities such as denial of service attacks. However, there is a loophole

Trust: 1.8

sources: NVD: CVE-2002-2020 // CNVD: CNVD-2002-2888 // BID: 5036 // VULHUB: VHN-6403

AFFECTED PRODUCTS

vendor:	netgear	model:	rp114	scope:	eq	version:	3.26	Trust: 1.9
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2002-2888 // BID: 5036 // CNNVD: CNNVD-200212-369 // NVD: CVE-2002-2020

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2020
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-369
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6403
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2020
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6403
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6403 // CNNVD: CNNVD-200212-369 // NVD: CVE-2002-2020

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2020

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-369

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200212-369

EXTERNAL IDS

db:	NVD	id:	CVE-2002-2020	Trust: 2.3
db:	BID	id:	5036	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-369	Trust: 0.7
db:	CNVD	id:	CNVD-2002-2888	Trust: 0.6
db:	XF	id:	9371	Trust: 0.6
db:	BUGTRAQ	id:	20020617 EXTERNAL ACCESS TO NETGEAR RP114 "FIREWALL"	Trust: 0.6
db:	NSFOCUS	id:	3016	Trust: 0.6
db:	VULHUB	id:	VHN-6403	Trust: 0.1

sources: CNVD: CNVD-2002-2888 // VULHUB: VHN-6403 // BID: 5036 // CNNVD: CNNVD-200212-369 // NVD: CVE-2002-2020

REFERENCES

url:	http://www.securityfocus.com/bid/5036	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-06/0177.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/9371.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/3016	Trust: 0.6
url:	http://www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=93	Trust: 0.3

sources: VULHUB: VHN-6403 // BID: 5036 // CNNVD: CNNVD-200212-369 // NVD: CVE-2002-2020

CREDITS

auto353237@hushmail.com※>auto353237@hushmail.com</a>※ auto353237@hushmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200212-369

SOURCES

db:	CNVD	id:	CNVD-2002-2888
db:	VULHUB	id:	VHN-6403
db:	BID	id:	5036
db:	CNNVD	id:	CNNVD-200212-369
db:	NVD	id:	CVE-2002-2020

LAST UPDATE DATE

2024-08-14T14:48:14.495000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-2888	date:	2002-06-28T00:00:00
db:	VULHUB	id:	VHN-6403	date:	2008-09-05T00:00:00
db:	BID	id:	5036	date:	2002-06-17T00:00:00
db:	CNNVD	id:	CNNVD-200212-369	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-2020	date:	2008-09-05T20:32:07.230

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-2888	date:	2002-06-17T00:00:00
db:	VULHUB	id:	VHN-6403	date:	2002-12-31T00:00:00
db:	BID	id:	5036	date:	2002-06-17T00:00:00
db:	CNNVD	id:	CNNVD-200212-369	date:	2002-06-17T00:00:00
db:	NVD	id:	CVE-2002-2020	date:	2002-12-31T05:00:00