Details of VAR-200212-0872

ID

VAR-200212-0872

CVE

CVE-2002-2355

TITLE

Netgear FM114P Wireless Firewall Remote Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2002-3810 // CNNVD: CNNVD-200212-519

DESCRIPTION

Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users to obtain sensitive information. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. It includes Cable / DSL Prosafe 802.11b wireless firewall system. Netgear FM114P Cable / DSL Prosafe 802.11b wireless firewall stores plain text account information during backup operations. Remote attackers can use this vulnerability to obtain account data to further attack the system. When the FM114P Cable / DSL Prosafe 802.11b wireless firewall is configured for backup operation, the device will save the DDNS (DynDNS) account data in the system in clear text. A remote attacker can obtain account information by accessing this file to help the attacker further attack the WEB interface. It must be noted that the backup configuration option is not enabled by default

Trust: 1.8

sources: NVD: CVE-2002-2355 // CNVD: CNVD-2002-3810 // BID: 5943 // VULHUB: VHN-6738

AFFECTED PRODUCTS

vendor:	netgear	model:	fm114p	scope:	eq	version:	*	Trust: 1.0
vendor:	netgear	model:	fm114p	scope:	-	version:	-	Trust: 0.9
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2002-3810 // BID: 5943 // CNNVD: CNNVD-200212-519 // NVD: CVE-2002-2355

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2355
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-519
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6738
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-2355
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6738
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:C/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6738 // CNNVD: CNNVD-200212-519 // NVD: CVE-2002-2355

PROBLEMTYPE DATA

problemtype:

CWE-255

Trust: 1.1

sources: VULHUB: VHN-6738 // NVD: CVE-2002-2355

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-519

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200212-519

EXTERNAL IDS

db:	NVD	id:	CVE-2002-2355	Trust: 2.3
db:	BID	id:	5943	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-519	Trust: 0.7
db:	CNVD	id:	CNVD-2002-3810	Trust: 0.6
db:	XF	id:	114	Trust: 0.6
db:	BUGTRAQ	id:	20021010 PLAIN TEXT DDNS PASSWORD IN NETGEAR FM114P BACKUPS	Trust: 0.6
db:	NSFOCUS	id:	3652	Trust: 0.6
db:	VULHUB	id:	VHN-6738	Trust: 0.1

sources: CNVD: CNVD-2002-3810 // VULHUB: VHN-6738 // BID: 5943 // CNNVD: CNNVD-200212-519 // NVD: CVE-2002-2355

REFERENCES

url:	http://www.securityfocus.com/bid/5943	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/294740	Trust: 1.7
url:	http://www.iss.net/security_center/static/10341.php	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/3652	Trust: 0.6

sources: VULHUB: VHN-6738 // CNNVD: CNNVD-200212-519 // NVD: CVE-2002-2355

CREDITS

Marc Ruef※ marc.ruef@computec.ch

Trust: 0.6

sources: CNNVD: CNNVD-200212-519

SOURCES

db:	CNVD	id:	CNVD-2002-3810
db:	VULHUB	id:	VHN-6738
db:	BID	id:	5943
db:	CNNVD	id:	CNNVD-200212-519
db:	NVD	id:	CVE-2002-2355

LAST UPDATE DATE

2024-08-14T13:40:28.205000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-3810	date:	2002-10-15T00:00:00
db:	VULHUB	id:	VHN-6738	date:	2008-09-05T00:00:00
db:	BID	id:	5943	date:	2002-10-10T00:00:00
db:	CNNVD	id:	CNNVD-200212-519	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2355	date:	2008-09-05T20:33:00.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-3810	date:	2002-10-10T00:00:00
db:	VULHUB	id:	VHN-6738	date:	2002-12-31T00:00:00
db:	BID	id:	5943	date:	2002-10-10T00:00:00
db:	CNNVD	id:	CNNVD-200212-519	date:	2002-10-10T00:00:00
db:	NVD	id:	CVE-2002-2355	date:	2002-12-31T05:00:00