ID
VAR-200307-0053
TITLE
Asus AAM6000EV ADSL Router Information Disclosure Vulnerability
Trust: 0.6
DESCRIPTION
The Asus AAM6000EV is an ADSL router. Asus AAM6000EV ADSL files with sensitive information can be accessed directly, and intranet users can use this vulnerability to obtain username and password information. If the WEB server embedded in the Asus AAM6000EV ADSL router is enabled, users on any local network can obtain some plain text username and password information by accessing the /userdata file. It is possible to request files from the built-in Web server that contain information such as usernames, passwords and other configuration information
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | asus | model: | aam6330bi null | scope: | - | version: | - | Trust: 0.6 |
| vendor: | asus | model: | aam6330bi | scope: | - | version: | - | Trust: 0.3 |
| vendor: | asus | model: | aam6000ev | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 8183 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2003-2157 | Trust: 0.6 |
REFERENCES
| url: | http://marc.theaimsgroup.com/?l=bugtraq&m=105821398921956&w=2 | Trust: 0.6 |
| url: | /archive/1/329008 | Trust: 0.3 |
| url: | /archive/1/329183 | Trust: 0.3 |
CREDITS
Reported by "cw" <security@fidei.co.uk>. Independent discovery reported by Andrew Hodgson <andrew@hodgsonfamily.org>.
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2003-2157 |
| db: | BID | id: | 8183 |
LAST UPDATE DATE
2022-05-17T01:47:38.216000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2003-2157 | date: | 2003-07-14T00:00:00 |
| db: | BID | id: | 8183 | date: | 2003-07-14T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2003-2157 | date: | 2003-07-14T00:00:00 |
| db: | BID | id: | 8183 | date: | 2003-07-14T00:00:00 |