Details of VAR-200408-0066

ID

VAR-200408-0066

CVE

CVE-2004-0680

TITLE

Zoom Model 5560 X3 Ethernet ADSL Modem default backdoor account vulnerability

Trust: 1.5

sources: CNVD: CNVD-2004-1949 // BID: 10669 // CNNVD: CNNVD-200408-090

DESCRIPTION

Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access. Zoom Model 5560 X3 is an EHTERNET ADSL modem. The Zoom Model 5560 X3 has a default backdoor account, and remote attackers can use this vulnerability to control this device. Attackers can use this vulnerability to control the device. A remote attacker can gain unauthorized access to the vulnerable appliance and then carry out other attacks against the users of the network

Trust: 1.8

sources: NVD: CVE-2004-0680 // CNVD: CNVD-2004-1949 // BID: 10669 // VULHUB: VHN-9110

AFFECTED PRODUCTS

vendor:	zoom	model:	model 5560 x3 ethernet adsl modem	scope:	eq	version:	*	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	zoom	model:	model 5560 x3 ethernet adsl modem	scope:	-	version:	-	Trust: 0.6
vendor:	zoom	model:	model ethernet adsl modem	scope:	eq	version:	5560x3	Trust: 0.3

sources: CNVD: CNVD-2004-1949 // BID: 10669 // CNNVD: CNNVD-200408-090 // NVD: CVE-2004-0680

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0680
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200408-090
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-9110
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-0680
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9110
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9110 // CNNVD: CNNVD-200408-090 // NVD: CVE-2004-0680

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0680

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200408-090

TYPE

Design Error

Trust: 0.9

sources: BID: 10669 // CNNVD: CNNVD-200408-090

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0680	Trust: 2.6
db:	BID	id:	10669	Trust: 2.0
db:	CNNVD	id:	CNNVD-200408-090	Trust: 0.7
db:	CNVD	id:	CNVD-2004-1949	Trust: 0.6
db:	BUGTRAQ	id:	20040706 BACKDOOR MENU ON CONEXANT CHIPSET DSL ROUTER (ZOOM X3)	Trust: 0.6
db:	XF	id:	16639	Trust: 0.6
db:	VULHUB	id:	VHN-9110	Trust: 0.1

sources: CNVD: CNVD-2004-1949 // VULHUB: VHN-9110 // BID: 10669 // CNNVD: CNNVD-200408-090 // NVD: CVE-2004-0680

REFERENCES

url:	http://www.securityfocus.com/bid/10669	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16639	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108915255520924&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/16639	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108915255520924&w=2	Trust: 0.6
url:	http://www.zoom.com/	Trust: 0.3
url:	/archive/1/368118	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108915255520924&w=2	Trust: 0.1

sources: VULHUB: VHN-9110 // BID: 10669 // CNNVD: CNNVD-200408-090 // NVD: CVE-2004-0680

CREDITS

Adam Laurie※ adam@algroup.co.uk

Trust: 0.6

sources: CNNVD: CNNVD-200408-090

SOURCES

db:	CNVD	id:	CNVD-2004-1949
db:	VULHUB	id:	VHN-9110
db:	BID	id:	10669
db:	CNNVD	id:	CNNVD-200408-090
db:	NVD	id:	CVE-2004-0680

LAST UPDATE DATE

2024-08-14T15:15:07.684000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-1949	date:	2020-03-10T00:00:00
db:	VULHUB	id:	VHN-9110	date:	2017-07-11T00:00:00
db:	BID	id:	10669	date:	2009-07-12T06:16:00
db:	CNNVD	id:	CNNVD-200408-090	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0680	date:	2017-07-11T01:30:22.417

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-1949	date:	2004-07-06T00:00:00
db:	VULHUB	id:	VHN-9110	date:	2004-08-06T00:00:00
db:	BID	id:	10669	date:	2004-07-06T00:00:00
db:	CNNVD	id:	CNNVD-200408-090	date:	2004-07-06T00:00:00
db:	NVD	id:	CVE-2004-0680	date:	2004-08-06T04:00:00