Details of VAR-200312-0293

ID

VAR-200312-0293

CVE

CVE-2003-1515

TITLE

Origo ADSL Router Remote Management Interface Configuration Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-460

DESCRIPTION

Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults. A problem has been identified in some Origo ADSL routers. Due to insufficient access control, it may be possible for a remote user to gain unauthorized administrative access to routers, potentially resulting in a denial of service. Origo ADSL includes a telnet-based configuration interface on the WAN interface, listening to port 254, and does not set any password authentication

Trust: 1.26

sources: NVD: CVE-2003-1515 // BID: 8855 // VULHUB: VHN-8340

AFFECTED PRODUCTS

vendor:	origo	model:	asr-8100	scope:	eq	version:	adsl_router_3.21	Trust: 1.6
vendor:	origo	model:	asr-8400	scope:	eq	version:	adsl_router	Trust: 1.6
vendor:	origo	model:	asr-8400 adsl router	scope:	-	version:	-	Trust: 0.3
vendor:	origo	model:	asr-8100 adsl router	scope:	eq	version:	3.21	Trust: 0.3

sources: BID: 8855 // CNNVD: CNNVD-200312-460 // NVD: CVE-2003-1515

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1515
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200312-460
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8340
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1515
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8340
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8340 // CNNVD: CNNVD-200312-460 // NVD: CVE-2003-1515

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.1

sources: VULHUB: VHN-8340 // NVD: CVE-2003-1515

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-460

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200312-460

EXTERNAL IDS

db:	BID	id:	8855	Trust: 2.0
db:	SREASON	id:	3300	Trust: 1.7
db:	NVD	id:	CVE-2003-1515	Trust: 1.7
db:	BUGTRAQ	id:	20031012 ORIGO ASR-8100 ADSL ROUTER REMOTE FACTORY RESET	Trust: 0.6
db:	NSFOCUS	id:	5569	Trust: 0.6
db:	XF	id:	13463	Trust: 0.6
db:	CNNVD	id:	CNNVD-200312-460	Trust: 0.6
db:	VULHUB	id:	VHN-8340	Trust: 0.1

sources: VULHUB: VHN-8340 // BID: 8855 // CNNVD: CNNVD-200312-460 // NVD: CVE-2003-1515

REFERENCES

url:	http://www.securityfocus.com/bid/8855	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/341752	Trust: 1.7
url:	http://securityreason.com/securityalert/3300	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/13463	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/13463	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/5569	Trust: 0.6
url:	http://www.origo2000.com/product/product.php?page=asr-8000	Trust: 0.3
url:	/archive/1/341752	Trust: 0.3

sources: VULHUB: VHN-8340 // BID: 8855 // CNNVD: CNNVD-200312-460 // NVD: CVE-2003-1515

CREDITS

Theo Markettos※ theo@markettos.org.uk

Trust: 0.6

sources: CNNVD: CNNVD-200312-460

SOURCES

db:	VULHUB	id:	VHN-8340
db:	BID	id:	8855
db:	CNNVD	id:	CNNVD-200312-460
db:	NVD	id:	CVE-2003-1515

LAST UPDATE DATE

2024-08-14T15:40:56.188000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8340	date:	2017-07-29T00:00:00
db:	BID	id:	8855	date:	2003-10-20T00:00:00
db:	CNNVD	id:	CNNVD-200312-460	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1515	date:	2017-07-29T01:29:15.280

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8340	date:	2003-12-31T00:00:00
db:	BID	id:	8855	date:	2003-10-20T00:00:00
db:	CNNVD	id:	CNNVD-200312-460	date:	2003-10-20T00:00:00
db:	NVD	id:	CVE-2003-1515	date:	2003-12-31T05:00:00