Sign-up

ID

VAR-200312-0489


CVE

CVE-2003-1346


TITLE

D-Link DWL-900AP+ Firmware Upgrade Configuration Reset Vulnerability

Trust: 0.9

sources: BID: 6609 // CNNVD: CNNVD-200312-133

DESCRIPTION

D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allows remote attackers to set factory default settings by upgrading the firmware using AirPlus Access Point Manager.  If the user has installed the D-Link AirPlus access point management program for firmware wins, once the program starts, two pages will pop up, of which the lower page is "Aveliable AP", and you can find that the AP is running in the 2.5 firmware version on. The upper window is "Upgrage AP", which can list the firmware version you want to upgrade. After obtaining the relevant version and clicking upgrade, the management program will not prompt for any password, and simply tftp the new firmware to the AP, and once the firmware is uploaded, return the AP to the default settings

Trust: 1.8

sources: NVD: CVE-2003-1346 // CNVD: CNVD-2003-0185 // BID: 6609 // VULHUB: VHN-8171

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2003-0185

AFFECTED PRODUCTS

vendor:d linkmodel:dwl-900ap\+scope:eqversion:2.5

Trust: 1.6

vendor:d linkmodel:dwl-900ap\+scope:eqversion:2.3

Trust: 1.6

vendor:d linkmodel:dwl-900ap\+scope:eqversion:2.2

Trust: 1.6

vendor:nonemodel: - scope: - version: -

Trust: 0.6

vendor:d linkmodel:dwl-900ap+scope:eqversion:2.5

Trust: 0.3

vendor:d linkmodel:dwl-900ap+scope:eqversion:2.3

Trust: 0.3

vendor:d linkmodel:dwl-900ap+scope:eqversion:2.2

Trust: 0.3

sources: CNVD: CNVD-2003-0185 // BID: 6609 // CNNVD: CNNVD-200312-133 // NVD: CVE-2003-1346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1346
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200312-133
value: CRITICAL

Trust: 0.6

VULHUB: VHN-8171
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2003-1346
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-8171
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8171 // CNNVD: CNNVD-200312-133 // NVD: CVE-2003-1346

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

sources: VULHUB: VHN-8171 // NVD: CVE-2003-1346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-133

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200312-133

EXTERNAL IDS

db:NVDid:CVE-2003-1346

Trust: 2.3

db:BIDid:6609

Trust: 2.0

db:SECTRACKid:1005926

Trust: 1.7

db:CNNVDid:CNNVD-200312-133

Trust: 0.7

db:CNVDid:CNVD-2003-0185

Trust: 0.6

db:NSFOCUSid:4236

Trust: 0.6

db:BUGTRAQid:20030114 D-LINK DWL-900AP+ SECURITY HOLE

Trust: 0.6

db:BUGTRAQid:20030116 RE: D-LINK DWL-900AP+ SECURITY HOLE

Trust: 0.6

db:XFid:11074

Trust: 0.6

db:VULHUBid:VHN-8171

Trust: 0.1

sources: CNVD: CNVD-2003-0185 // VULHUB: VHN-8171 // BID: 6609 // CNNVD: CNNVD-200312-133 // NVD: CVE-2003-1346

REFERENCES

url:http://www.securityfocus.com/bid/6609

Trust: 1.7

url:http://www.securitytracker.com/id?1005926

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/11074

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=104267037431451&w=2

Trust: 1.0

url:http://marc.info/?l=bugtraq&m=104311601319909&w=2

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/11074

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104311601319909&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=104267037431451&w=2

Trust: 0.6

url:http://www.nsfocus.net/vulndb/4236

Trust: 0.6

url:/archive/1/306766

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=104267037431451&w=2

Trust: 0.1

url:http://marc.info/?l=bugtraq&m=104311601319909&w=2

Trust: 0.1

sources: VULHUB: VHN-8171 // BID: 6609 // CNNVD: CNNVD-200312-133 // NVD: CVE-2003-1346

CREDITS

Jason Tedesco※ jtedesco@request.com.au

Trust: 0.6

sources: CNNVD: CNNVD-200312-133

SOURCES

db:CNVDid:CNVD-2003-0185
db:VULHUBid:VHN-8171
db:BIDid:6609
db:CNNVDid:CNNVD-200312-133
db:NVDid:CVE-2003-1346

LAST UPDATE DATE

2024-08-14T14:42:21.891000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2003-0185date:2003-01-15T00:00:00
db:VULHUBid:VHN-8171date:2017-07-29T00:00:00
db:BIDid:6609date:2003-01-14T00:00:00
db:CNNVDid:CNNVD-200312-133date:2007-10-17T00:00:00
db:NVDid:CVE-2003-1346date:2017-07-29T01:29:06.670

SOURCES RELEASE DATE

db:CNVDid:CNVD-2003-0185date:2003-01-15T00:00:00
db:VULHUBid:VHN-8171date:2003-12-31T00:00:00
db:BIDid:6609date:2003-01-14T00:00:00
db:CNNVDid:CNNVD-200312-133date:2003-01-15T00:00:00
db:NVDid:CVE-2003-1346date:2003-12-31T05:00:00