Details of VAR-200312-0345

ID

VAR-200312-0345

CVE

CVE-2003-1442

TITLE

HM220dp ADSL modem WEB Management interface insecure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-404

DESCRIPTION

The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side. This interface does not require any authentication in order to access. There is no option to enable any authentication requirement. Ericsson HM220dp is a small office environment ADSL MODEM

Trust: 1.26

sources: NVD: CVE-2003-1442 // BID: 6824 // VULHUB: VHN-8267

AFFECTED PRODUCTS

vendor:	ericsson	model:	hm220dp adsl modem	scope:	eq	version:	*	Trust: 1.0
vendor:	ericsson	model:	hm220dp adsl modem	scope:	-	version:	-	Trust: 0.6
vendor:	ericsson	model:	hm220dp dsl modem	scope:	-	version:	-	Trust: 0.3

sources: BID: 6824 // CNNVD: CNNVD-200312-404 // NVD: CVE-2003-1442

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1442
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200312-404
value:	HIGH
Trust: 0.6
VULHUB:	VHN-8267
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2003-1442
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8267
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8267 // CNNVD: CNNVD-200312-404 // NVD: CVE-2003-1442

PROBLEMTYPE DATA

problemtype:

CWE-287

Trust: 1.1

sources: VULHUB: VHN-8267 // NVD: CVE-2003-1442

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-404

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-200312-404

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-8267

EXTERNAL IDS

db:	BID	id:	6824	Trust: 2.0
db:	NVD	id:	CVE-2003-1442	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-404	Trust: 0.7
db:	BUGTRAQ	id:	20030211 ERICSSON HM220DP ADSL MODEM INSECURE WEB ADMINISTRATION VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20030225 RE: ERICSSON HM220DP ADSL MODEM INSECURE WEB ADMINISTRATION VULNE	Trust: 0.6
db:	XF	id:	220	Trust: 0.6
db:	XF	id:	11290	Trust: 0.6
db:	NSFOCUS	id:	4361	Trust: 0.6
db:	EXPLOIT-DB	id:	22244	Trust: 0.1
db:	VULHUB	id:	VHN-8267	Trust: 0.1

sources: VULHUB: VHN-8267 // BID: 6824 // CNNVD: CNNVD-200312-404 // NVD: CVE-2003-1442

REFERENCES

url:	http://www.securityfocus.com/bid/6824	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/11290	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=104619331706574&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/11290	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=104619331706574&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/4361	Trust: 0.6
url:	http://www.wii.ericsson.net/xdslterminals/files/cxc_132_2094-r3f.exe	Trust: 0.3
url:	/archive/1/358194	Trust: 0.3
url:	/archive/1/311330	Trust: 0.3
url:	/archive/1/313113	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=104619331706574&w=2	Trust: 0.1

sources: VULHUB: VHN-8267 // BID: 6824 // CNNVD: CNNVD-200312-404 // NVD: CVE-2003-1442

CREDITS

Davide Del Vecchio※ dante@alighieri.org

Trust: 0.6

sources: CNNVD: CNNVD-200312-404

SOURCES

db:	VULHUB	id:	VHN-8267
db:	BID	id:	6824
db:	CNNVD	id:	CNNVD-200312-404
db:	NVD	id:	CVE-2003-1442

LAST UPDATE DATE

2024-08-14T14:09:00.647000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8267	date:	2017-07-29T00:00:00
db:	BID	id:	6824	date:	2003-02-11T00:00:00
db:	CNNVD	id:	CNNVD-200312-404	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1442	date:	2017-07-29T01:29:11.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8267	date:	2003-12-31T00:00:00
db:	BID	id:	6824	date:	2003-02-11T00:00:00
db:	CNNVD	id:	CNNVD-200312-404	date:	2003-02-11T00:00:00
db:	NVD	id:	CVE-2003-1442	date:	2003-12-31T05:00:00