Sign-up

ID

VAR-200412-0047


CVE

CVE-2004-0610


TITLE

WEB Management Interface Denial of Service Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-058

DESCRIPTION

The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. Multiple broadband routers from several different vendors, used for home and small office Internet sharing and routing are reported affected by a denial of service vulnerability in their web-based administration interfaces. The embedded web server is reportedly unable to maintain more than a small number of simultaneous TCP connections. An attacker who maintains a number of connections to port 80 of an affected device will block access to the web administration application for legitimate users. An attacker could block access to the administration interface as long as they can maintain the TCP connections. Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to be susceptible. NETGEAR FVS318 is a router with VPN, Microsoft MN-500 is a wireless router

Trust: 1.26

sources: NVD: CVE-2004-0610 // BID: 10585 // VULHUB: VHN-9040

AFFECTED PRODUCTS

vendor:microsoftmodel:mn-500 wireless base stationscope:eqversion:*

Trust: 1.0

vendor:microsoftmodel:mn-500 wireless base stationscope: - version: -

Trust: 0.6

vendor:netgearmodel:fvs318scope:eqversion:1.3

Trust: 0.3

vendor:netgearmodel:fvs318scope:eqversion:1.2

Trust: 0.3

vendor:netgearmodel:fvs318scope:eqversion:1.1

Trust: 0.3

vendor:netgearmodel:fvs318scope:eqversion:1.0

Trust: 0.3

vendor:microsoftmodel:mn-500scope: - version: -

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.45.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.44

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.43

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.7

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.42.3

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.41

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.40.2

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.39

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.38

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.37

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.36

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.35

Trust: 0.3

vendor:linksysmodel:etherfast befsr41 routerscope:eqversion:1.05.00

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v3

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v2

Trust: 0.3

vendor:linksysmodel:befsr41scope:eqversion:v1

Trust: 0.3

sources: BID: 10585 // CNNVD: CNNVD-200412-058 // NVD: CVE-2004-0610

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-0610
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-058
value: MEDIUM

Trust: 0.6

VULHUB: VHN-9040
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-0610
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-9040
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-9040 // CNNVD: CNNVD-200412-058 // NVD: CVE-2004-0610

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0610

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-058

TYPE

Design Error

Trust: 0.9

sources: BID: 10585 // CNNVD: CNNVD-200412-058

EXTERNAL IDS

db:BIDid:10585

Trust: 2.0

db:NVDid:CVE-2004-0610

Trust: 2.0

db:CNNVDid:CNNVD-200412-058

Trust: 0.7

db:BUGTRAQid:20040621 MICROSOFT MN-500 WIRELESS ROUTER WEB-BASED ADMINISTRATION DOS

Trust: 0.6

db:XFid:500

Trust: 0.6

db:XFid:16448

Trust: 0.6

db:VULHUBid:VHN-9040

Trust: 0.1

sources: VULHUB: VHN-9040 // BID: 10585 // CNNVD: CNNVD-200412-058 // NVD: CVE-2004-0610

REFERENCES

url:http://www.securityfocus.com/bid/10585

Trust: 1.7

url:http://www.kurczaba.com/securityadvisories/0406213.htm

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16448

Trust: 1.1

url:http://marc.info/?l=bugtraq&m=108796481501258&w=2

Trust: 1.0

url:http://xforce.iss.net/xforce/xfdb/16448

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=bugtraq&m=108796481501258&w=2

Trust: 0.6

url:http://www.netgear.com/

Trust: 0.3

url:http://www.netgear.com/products/prod_details.asp?prodid=129

Trust: 0.3

url:http://www.netgear.com/support_main.asp

Trust: 0.3

url:/archive/1/366823

Trust: 0.3

url:/archive/1/366601

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=108796481501258&w=2

Trust: 0.1

sources: VULHUB: VHN-9040 // BID: 10585 // CNNVD: CNNVD-200412-058 // NVD: CVE-2004-0610

CREDITS

Kurczaba Associates advisories※ advisories@kurczaba.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-058

SOURCES

db:VULHUBid:VHN-9040
db:BIDid:10585
db:CNNVDid:CNNVD-200412-058
db:NVDid:CVE-2004-0610

LAST UPDATE DATE

2024-08-14T13:15:13.492000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-9040date:2017-07-11T00:00:00
db:BIDid:10585date:2009-07-12T05:16:00
db:CNNVDid:CNNVD-200412-058date:2005-10-20T00:00:00
db:NVDid:CVE-2004-0610date:2017-07-11T01:30:18.543

SOURCES RELEASE DATE

db:VULHUBid:VHN-9040date:2004-12-06T00:00:00
db:BIDid:10585date:2004-06-21T00:00:00
db:CNNVDid:CNNVD-200412-058date:2004-06-22T00:00:00
db:NVDid:CVE-2004-0610date:2004-12-06T05:00:00