Details of VAR-200312-0067

ID

VAR-200312-0067

CVE

CVE-2003-1264

TITLE

Longshine Wireless Access Point Device Information Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-148

DESCRIPTION

TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication. The Longshine LCS-883R-AC-B device will allow tftp connections. The configuration file contains sensitive information including the administrator password and WEP keys. ** The D-Link DI-614+ product, reportedly based on the Longshine device, appears to be vulnerable to this issue however, only some files were accessible

Trust: 1.26

sources: NVD: CVE-2003-1264 // BID: 6533 // VULHUB: VHN-8089

AFFECTED PRODUCTS

vendor:	d link	model:	di-614\+	scope:	eq	version:	2.0	Trust: 1.6
vendor:	longshine technologie	model:	wireless ethernet access point	scope:	eq	version:	lcs-883r-ac-b	Trust: 1.0
vendor:	longshine	model:	lcs-883r-ac-b	scope:	-	version:	-	Trust: 0.3
vendor:	d link	model:	di-614+	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 6533 // CNNVD: CNNVD-200312-148 // NVD: CVE-2003-1264

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1264
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-148
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8089
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1264
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8089
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8089 // CNNVD: CNNVD-200312-148 // NVD: CVE-2003-1264

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2003-1264

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-148

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200312-148

EXTERNAL IDS

db:	BID	id:	6533	Trust: 2.0
db:	NVD	id:	CVE-2003-1264	Trust: 1.7
db:	SECTRACK	id:	1005897	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-148	Trust: 0.7
db:	BUGTRAQ	id:	20030106 LONGSHINE WLAN ACCESS-POINT LCS-883R VU#310201	Trust: 0.6
db:	BUGTRAQ	id:	20030106 RE: LONGSHINE WLAN ACCESS-POINT LCS-883R VU#310201	Trust: 0.6
db:	XF	id:	10997	Trust: 0.6
db:	VULHUB	id:	VHN-8089	Trust: 0.1

sources: VULHUB: VHN-8089 // BID: 6533 // CNNVD: CNNVD-200312-148 // NVD: CVE-2003-1264

REFERENCES

url:	http://www.securityfocus.com/bid/6533	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/305344	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/305391	Trust: 1.7
url:	http://www.securitytracker.com/id?1005897	Trust: 1.7
url:	http://www.iss.net/security_center/static/10997.php	Trust: 1.7
url:	http://www.longshine.de/produkt/wireless/883r-ac.htm	Trust: 0.3
url:	/archive/1/305344	Trust: 0.3
url:	/archive/1/305391	Trust: 0.3

sources: VULHUB: VHN-8089 // BID: 6533 // CNNVD: CNNVD-200312-148 // NVD: CVE-2003-1264

CREDITS

Discovery of this vulnerability credited to Lukas Grunwald <lukas@dnx.de>.

Trust: 0.9

sources: BID: 6533 // CNNVD: CNNVD-200312-148

SOURCES

db:	VULHUB	id:	VHN-8089
db:	BID	id:	6533
db:	CNNVD	id:	CNNVD-200312-148
db:	NVD	id:	CVE-2003-1264

LAST UPDATE DATE

2024-08-14T15:09:55.663000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8089	date:	2008-09-05T00:00:00
db:	BID	id:	6533	date:	2003-01-06T00:00:00
db:	CNNVD	id:	CNNVD-200312-148	date:	2006-01-19T00:00:00
db:	NVD	id:	CVE-2003-1264	date:	2008-09-05T20:36:28.683

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8089	date:	2003-12-31T00:00:00
db:	BID	id:	6533	date:	2003-01-06T00:00:00
db:	CNNVD	id:	CNNVD-200312-148	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1264	date:	2003-12-31T05:00:00