Details of VAR-200410-0095

ID

VAR-200410-0095

CVE

CVE-2004-1637

TITLE

Hawking Technologies HAR11A Router Sensitive Information Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200410-099

DESCRIPTION

The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. HAR11A DSL routers are reported susceptible to an unauthenticated administrative console access vulnerability. This issue is due to a failure of the device to require authentication credentials prior to allowing administrative access to the devices CLI interface. Remote attackers may possibly be able to gain administrative access to affected devices. Due to code reuse among differing hardware, other devices may also be affected. This issue may also be related to BID 8855. The Hawking Technologies HAR11A is a small router. An attacker can connect to port 254 through the telnet tool, access without a password, and manage the router. It is possible that other routers have the same vulnerability

Trust: 1.26

sources: NVD: CVE-2004-1637 // BID: 11543 // VULHUB: VHN-10067

AFFECTED PRODUCTS

vendor:	hawking	model:	har11a dsl router	scope:	eq	version:	*	Trust: 1.0
vendor:	hawking	model:	har11a dsl router	scope:	-	version:	-	Trust: 0.6
vendor:	hawking	model:	technology har11a dsl router	scope:	-	version:	-	Trust: 0.3

sources: BID: 11543 // CNNVD: CNNVD-200410-099 // NVD: CVE-2004-1637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1637
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200410-099
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10067
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1637
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10067
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10067 // CNNVD: CNNVD-200410-099 // NVD: CVE-2004-1637

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1637

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200410-099

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200410-099

EXTERNAL IDS

db:	BID	id:	11543	Trust: 2.0
db:	NVD	id:	CVE-2004-1637	Trust: 1.7
db:	CNNVD	id:	CNNVD-200410-099	Trust: 0.7
db:	XF	id:	11	Trust: 0.6
db:	XF	id:	17877	Trust: 0.6
db:	BUGTRAQ	id:	20041026 HAWKING TECHNOLOGIES HAR11A ROUTER CONSIDERED INSECURE	Trust: 0.6
db:	VULHUB	id:	VHN-10067	Trust: 0.1

sources: VULHUB: VHN-10067 // BID: 11543 // CNNVD: CNNVD-200410-099 // NVD: CVE-2004-1637

REFERENCES

url:	http://www.securityfocus.com/bid/11543	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17877	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109882884617886&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/17877	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109882884617886&w=2	Trust: 0.6
url:	http://www.hawkingtech.com/	Trust: 0.3
url:	/archive/1/379437	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=109882884617886&w=2	Trust: 0.1

sources: VULHUB: VHN-10067 // BID: 11543 // CNNVD: CNNVD-200410-099 // NVD: CVE-2004-1637

CREDITS

Marcus Garvey※ dartroller@mad.scientist.com

Trust: 0.6

sources: CNNVD: CNNVD-200410-099

SOURCES

db:	VULHUB	id:	VHN-10067
db:	BID	id:	11543
db:	CNNVD	id:	CNNVD-200410-099
db:	NVD	id:	CVE-2004-1637

LAST UPDATE DATE

2024-08-14T12:27:08.119000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10067	date:	2017-07-11T00:00:00
db:	BID	id:	11543	date:	2004-10-26T00:00:00
db:	CNNVD	id:	CNNVD-200410-099	date:	2006-11-15T00:00:00
db:	NVD	id:	CVE-2004-1637	date:	2017-07-11T01:31:12.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10067	date:	2004-10-26T00:00:00
db:	BID	id:	11543	date:	2004-10-26T00:00:00
db:	CNNVD	id:	CNNVD-200410-099	date:	2004-10-26T00:00:00
db:	NVD	id:	CVE-2004-1637	date:	2004-10-26T04:00:00