ID
VAR-200212-0704
CVE
CVE-2002-2380
TITLE
Arescom NetDSL-800 There is an undisclosed account vulnerability in the firmware
Trust: 0.6
DESCRIPTION
NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. A weakness has been discovered in NetDSL-800 router firmware. It has been reported that NetDSL-800 firmware, configured by certain Internet Service Providers(ISP), contains undocumented users. It is possible to obtain a target devices undocumented username and password using a network sniffer and the Arescom NetDSL Remote Manager. Access via undocumented accounts may allow attackers to corrupt configuration settings or cause a denial of service. It should be noted that all firmware configurations may not contain undocumented users. Firmware configured by the MSN ISP has been reported vulnreable. It should also be noted that it has not yet been confirmed whether unique username and passwords are generated for each device. Arescom NetDSL-800 is a pluggable, easy-to-use ADSL MODEM. There are undisclosed accounts in the NetDSL-800 firmware provided by some ISPs. There are undisclosed usernames and passwords in the NetDSL-800 firmware preset by MSN ISP, which can make, change settings, or conduct denial of service attacks
Trust: 1.26
AFFECTED PRODUCTS
| vendor: | microsoft | model: | network | scope: | eq | version: | 5.5.11 | Trust: 1.0 |
| vendor: | arescom | model: | netdsl | scope: | eq | version: | 800 | Trust: 0.6 |
| vendor: | arescom | model: | netdsl-800 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-200 | Trust: 1.1 |
THREAT TYPE
remote
Trust: 0.6
TYPE
information disclosure
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 6064 | Trust: 2.0 |
| db: | NVD | id: | CVE-2002-2380 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200212-770 | Trust: 0.7 |
| db: | XF | id: | 10498 | Trust: 0.6 |
| db: | NSFOCUS | id: | 3771 | Trust: 0.6 |
| db: | BUGTRAQ | id: | 20021029 FURTHER PROBLEMS WITH ARESCOM NETDSL-800 MSN FIRMWARE VERSION 5.4.X AND UP | Trust: 0.6 |
| db: | VULHUB | id: | VHN-6763 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/6064 | Trust: 1.7 |
| url: | http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00416.html | Trust: 1.7 |
| url: | http://www.iss.net/security_center/static/10498.php | Trust: 1.7 |
| url: | http://www.nsfocus.net/vulndb/3771 | Trust: 0.6 |
CREDITS
Justin Cervero※ Scorpion_1169@msn.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-6763 |
| db: | BID | id: | 6064 |
| db: | CNNVD | id: | CNNVD-200212-770 |
| db: | NVD | id: | CVE-2002-2380 |
LAST UPDATE DATE
2024-08-14T15:09:57.142000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-6763 | date: | 2008-09-05T00:00:00 |
| db: | BID | id: | 6064 | date: | 2002-10-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-770 | date: | 2002-12-31T00:00:00 |
| db: | NVD | id: | CVE-2002-2380 | date: | 2008-09-05T20:33:04.490 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-6763 | date: | 2002-12-31T00:00:00 |
| db: | BID | id: | 6064 | date: | 2002-10-29T00:00:00 |
| db: | CNNVD | id: | CNNVD-200212-770 | date: | 2002-10-29T00:00:00 |
| db: | NVD | id: | CVE-2002-2380 | date: | 2002-12-31T05:00:00 |