Details of VAR-200212-0510

ID

VAR-200212-0510

CVE

CVE-2002-1810

TITLE

D-Link DWL-900AP + TFTP Server Arbitrary File Acquisition Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3891

DESCRIPTION

D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link. DWL-900AP + contains an undisclosed TFTP service program. -WEP encryption key. -Network configuration data (address, SSID, etc.). This data exists in clear text, and through this data, an attacker may be able to control the entire device. In addition, you can obtain other configuration files by accessing the request TFTP server: -eeprom.dat -mac.dat -wtune.dat -rom.img -normal.img. This could lead to the disclosure of sensitive information

Trust: 1.8

sources: NVD: CVE-2002-1810 // CNVD: CNVD-2002-3891 // BID: 6015 // VULHUB: VHN-6193

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2002-3891

AFFECTED PRODUCTS

vendor:	dlink	model:	dwl-900ap\+	scope:	eq	version:	2.2	Trust: 1.0
vendor:	dlink	model:	dwl-900ap\+	scope:	eq	version:	2.1	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	d link	model:	dwl-900ap\+	scope:	eq	version:	2.1	Trust: 0.6
vendor:	d link	model:	dwl-900ap\+	scope:	eq	version:	2.2	Trust: 0.6
vendor:	d link	model:	dwl-900ap+	scope:	eq	version:	2.2	Trust: 0.3
vendor:	d link	model:	dwl-900ap+	scope:	eq	version:	2.1	Trust: 0.3
vendor:	d link	model:	dwl-900ap+	scope:	ne	version:	2.3	Trust: 0.3

sources: CNVD: CNVD-2002-3891 // BID: 6015 // CNNVD: CNNVD-200212-717 // NVD: CVE-2002-1810

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1810
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-717
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6193
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1810
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6193
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2002-1810
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-6193 // CNNVD: CNNVD-200212-717 // NVD: CVE-2002-1810

PROBLEMTYPE DATA

problemtype:

CWE-306

Trust: 1.0

sources: NVD: CVE-2002-1810

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-717

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200212-717

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1810	Trust: 2.3
db:	BID	id:	6015	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-717	Trust: 0.7
db:	CNVD	id:	CNVD-2002-3891	Trust: 0.6
db:	NSFOCUS	id:	3707	Trust: 0.6
db:	XF	id:	10424	Trust: 0.6
db:	VULHUB	id:	VHN-6193	Trust: 0.1

sources: CNVD: CNVD-2002-3891 // VULHUB: VHN-6193 // BID: 6015 // CNNVD: CNNVD-200212-717 // NVD: CVE-2002-1810

REFERENCES

url:	http://www.securityfocus.com/bid/6015	Trust: 1.7
url:	http://www.iss.net/security_center/static/10424.php	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/296374	Trust: 1.1
url:	http://www.nsfocus.net/vulndb/3707	Trust: 0.6
url:	http://www.dlink.com/products/digitalhome/wireless/11b+/dwl900ap+/	Trust: 0.3
url:	http://support.dlink.com/products/view.asp?productid=dwl-900ap+	Trust: 0.3

sources: VULHUB: VHN-6193 // BID: 6015 // CNNVD: CNNVD-200212-717 // NVD: CVE-2002-1810

CREDITS

Vulnerability discovery credited to <security@rionero.com>.

Trust: 0.3

sources: BID: 6015

SOURCES

db:	CNVD	id:	CNVD-2002-3891
db:	VULHUB	id:	VHN-6193
db:	BID	id:	6015
db:	CNNVD	id:	CNNVD-200212-717
db:	NVD	id:	CVE-2002-1810

LAST UPDATE DATE

2024-08-14T14:59:28.009000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-3891	date:	2002-10-25T00:00:00
db:	VULHUB	id:	VHN-6193	date:	2008-09-05T00:00:00
db:	BID	id:	6015	date:	2002-10-21T00:00:00
db:	CNNVD	id:	CNNVD-200212-717	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1810	date:	2024-02-14T17:25:43.527

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-3891	date:	2002-10-21T00:00:00
db:	VULHUB	id:	VHN-6193	date:	2002-12-31T00:00:00
db:	BID	id:	6015	date:	2002-10-21T00:00:00
db:	CNNVD	id:	CNNVD-200212-717	date:	2002-10-21T00:00:00
db:	NVD	id:	CVE-2002-1810	date:	2002-12-31T05:00:00