Details of VAR-200307-0002

ID

VAR-200307-0002

CVE

CVE-2003-0419

TITLE

SMC Wireless router malformation PPTP Packet Remote Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200307-046

DESCRIPTION

SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR allows remote attackers to cause a denial of service via certain packets to PPTP port 1723 on the internal interface. A vulnerability has been discovered in the SMC SMC7004VWBR wireless router. The problem is said to occur while processing a sequence of malformed PPTP packets received via the local interface. Successful exploitation of this vulnerability will result in the router no longer responding to internal wireless traffic. SMC7004VWBR does not correctly process malformed PPTP packets. Remote attackers can use this vulnerability to conduct denial of service attacks on the device and prevent legitimate users from accessing network resources. By default, the router listens on TCP port 1723. The attacker connects to the target network through the 802.11b wireless network interface card and sends a series of malformed PPTP data, which can cause the router to stop responding, and legitimate users cannot access network resources

Trust: 1.26

sources: NVD: CVE-2003-0419 // BID: 7876 // VULHUB: VHN-7247

AFFECTED PRODUCTS

vendor:	smc	model:	barricade wireless cable dsl broadband router	scope:	eq	version:	smc7004vwbr	Trust: 1.6
vendor:	smc	model:	smc7004vwbr broadband router	scope:	eq	version:	1.23	Trust: 0.3
vendor:	smc	model:	smc7004vwbr	scope:	eq	version:	1.22	Trust: 0.3
vendor:	smc	model:	smc7004vwbr	scope:	ne	version:	1.23	Trust: 0.3

sources: BID: 7876 // CNNVD: CNNVD-200307-046 // NVD: CVE-2003-0419

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-0419
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200307-046
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-7247
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-0419
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-7247
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-7247 // CNNVD: CNNVD-200307-046 // NVD: CVE-2003-0419

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-0419

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200307-046

TYPE

Unknown

Trust: 0.9

sources: BID: 7876 // CNNVD: CNNVD-200307-046

EXTERNAL IDS

db:	NVD	id:	CVE-2003-0419	Trust: 2.0
db:	CNNVD	id:	CNNVD-200307-046	Trust: 0.7
db:	BID	id:	7876	Trust: 0.4
db:	VULHUB	id:	VHN-7247	Trust: 0.1

sources: VULHUB: VHN-7247 // BID: 7876 // CNNVD: CNNVD-200307-046 // NVD: CVE-2003-0419

REFERENCES

url:	http://www.idefense.com/advisory/06.11.03.txt	Trust: 1.7
url:	http://www.smc.com	Trust: 0.3

sources: VULHUB: VHN-7247 // BID: 7876 // CNNVD: CNNVD-200307-046 // NVD: CVE-2003-0419

CREDITS

Michael Sutton※ msutton@idefense.com

Trust: 0.6

sources: CNNVD: CNNVD-200307-046

SOURCES

db:	VULHUB	id:	VHN-7247
db:	BID	id:	7876
db:	CNNVD	id:	CNNVD-200307-046
db:	NVD	id:	CVE-2003-0419

LAST UPDATE DATE

2024-08-14T15:09:56.391000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-7247	date:	2008-09-05T00:00:00
db:	BID	id:	7876	date:	2009-07-11T22:06:00
db:	CNNVD	id:	CNNVD-200307-046	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2003-0419	date:	2008-09-05T20:34:16.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-7247	date:	2003-07-24T00:00:00
db:	BID	id:	7876	date:	2003-06-11T00:00:00
db:	CNNVD	id:	CNNVD-200307-046	date:	2003-06-11T00:00:00
db:	NVD	id:	CVE-2003-0419	date:	2003-07-24T04:00:00