Details of VAR-200310-0093

ID

VAR-200310-0093

TITLE

Conexant AccessRunner DSL Console Access Verification Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-3055

DESCRIPTION

The Conexant Access Runner DSL is a broadband router. There is a problem with the authentication mechanism of the Conexant Access Runner DSL Router Console, which can be exploited by remote attackers to access device changes. When connecting to the router console port, an attacker entering any key will return a \"please try again\" message, and then simply enter the Enter key to access the system maintenance menu with administrator privileges. However, this vulnerability is reproduced on some devices, and this issue does not exist on some devices. The authentication mechanism used by the Conexant AccessRunner DSL Console can be bypassed. This could allow a remote user to access the device's configuration settings. There is currently no known reason for why some devices are vulnerable while others are not. This record will be updated if and when further details become available

Trust: 0.81

sources: CNVD: CNVD-2003-3055 // BID: 8765

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-3055

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	conexant	model:	accessrunner dsl console	scope:	eq	version:	3.21	Trust: 0.3

sources: CNVD: CNVD-2003-3055 // BID: 8765

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-3055
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-3055
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-3055

TYPE

Design Error

Trust: 0.3

sources: BID: 8765

EXTERNAL IDS

db:	BID	id:	8765	Trust: 0.9
db:	CNVD	id:	CNVD-2003-3055	Trust: 0.6

sources: CNVD: CNVD-2003-3055 // BID: 8765

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=106529594132398&w=2	Trust: 0.6
url:	http://www.conexant.com/products/entry.jsp?id=14	Trust: 0.3
url:	/archive/1/340406	Trust: 0.3
url:	/archive/1/340248	Trust: 0.3

sources: CNVD: CNVD-2003-3055 // BID: 8765

CREDITS

Discovery is credited to Chris Norton <kicktd@hotmail.com>.

Trust: 0.3

sources: BID: 8765

SOURCES

db:	CNVD	id:	CNVD-2003-3055
db:	BID	id:	8765

LAST UPDATE DATE

2022-05-17T02:07:50.864000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-3055	date:	2014-01-21T00:00:00
db:	BID	id:	8765	date:	2003-10-04T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-3055	date:	2003-10-04T00:00:00
db:	BID	id:	8765	date:	2003-10-04T00:00:00