Details of VAR-200304-0137

ID

VAR-200304-0137

TITLE

Linksys BEFVP41 SNMP Default Community String Information Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-1004

DESCRIPTION

The Linsys BEFVP41 is a VPN-enabled router. Linsys BEFVP41 has a default community string that can be exploited by remote attackers to obtain a large amount of sensitive information on the target network. The external interface of the Linksys VPN router uses the default globally readable 'public' community string. Using this community string, you can obtain sensitive information such as routers and host hardware addresses in the internal network. This information can be used to further attack the network. Linksys BEFVP4 VPN router has been reported prone to a sensitive information disclosure vulnerability. It should be noted that this issue has also been reported to affect the Linksys BEFSR81 appliance

Trust: 0.81

sources: CNVD: CNVD-2003-1004 // BID: 7317

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-1004

AFFECTED PRODUCTS

vendor:	linksys	model:	bef	scope:	eq	version:	x.x	Trust: 0.6
vendor:	linksys	model:	befvp41	scope:	eq	version:	1.40.4	Trust: 0.3
vendor:	linksys	model:	befvp41 .3f	scope:	eq	version:	1.40	Trust: 0.3
vendor:	linksys	model:	befsr81	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2003-1004 // BID: 7317

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-1004
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-1004
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-1004

THREAT TYPE

network

Trust: 0.3

sources: BID: 7317

TYPE

Design Error

Trust: 0.3

sources: BID: 7317

EXTERNAL IDS

db:	BID	id:	7317	Trust: 0.9
db:	CNVD	id:	CNVD-2003-1004	Trust: 0.6

sources: CNVD: CNVD-2003-1004 // BID: 7317

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105012892518612&w=2	Trust: 0.6
url:	http://www.linksys.com/support/support.asp?spid=85	Trust: 0.3
url:	/archive/1/326871	Trust: 0.3
url:	/archive/1/318288	Trust: 0.3

sources: CNVD: CNVD-2003-1004 // BID: 7317

CREDITS

Discovery of this vulnerability has been credited to Branson Matheson <branson@windborne.net>.

Trust: 0.3

sources: BID: 7317

SOURCES

db:	CNVD	id:	CNVD-2003-1004
db:	BID	id:	7317

LAST UPDATE DATE

2022-05-17T01:59:14.409000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-1004	date:	2003-04-09T00:00:00
db:	BID	id:	7317	date:	2003-04-09T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-1004	date:	2003-04-09T00:00:00
db:	BID	id:	7317	date:	2003-04-09T00:00:00