ID
VAR-200412-0301
CVE
CVE-2004-2455
TITLE
Sweex Wireless broadband router /AP Unauthorized access vulnerability
Trust: 0.6
DESCRIPTION
Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file. It has been reported that Sweex Wireless Broadband Router/Access Point is prone to a vulnerability that may allow a remote attacker to gain unauthorized access to a vulnerable access point. It has been reported that the access point has a TFTP service running that is enabled by default. Successful exploitation of this issue may allow a remote attacker to gain access to sensitive information that could eventually allow an attacker to completely compromise the access point. Sweex Wireless Broadband Router/Access Point 11g is reported to be prone to this issue. TITLE: Sweex Wireless Broadband Router Exposure of Configuration SECUNIA ADVISORY ID: SA11603 VERIFY ADVISORY: http://secunia.com/advisories/11603/ CRITICAL: Moderately critical IMPACT: Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Sweex Wireless Broadband Router/ Acces Point 11g DESCRIPTION: Mark Janssen has reported a vulnerability in Sweex Wireless Broadband Router/Accesspoint, allowing malicious people to gain knowledge of the configuration. This allows anyone with access to the network to download configuration files, including a file containing usernames and passwords. Reportedly, the tftp service can't be disabled. Other Sweex products may also be affected. SOLUTION: Do not use the device on networks with untrusted users. PROVIDED AND/OR DISCOVERED BY: Mark Janssen ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------
Trust: 1.35
AFFECTED PRODUCTS
| vendor: | sweex | model: | wireless broadband router accesspoint 802.11g | scope: | eq | version: | lc000060 | Trust: 1.6 |
| vendor: | sweex | model: | broadband router/acces point 11g | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
access verification error
Trust: 0.6
EXTERNAL IDS
| db: | BID | id: | 10339 | Trust: 2.0 |
| db: | SECUNIA | id: | 11603 | Trust: 1.8 |
| db: | NVD | id: | CVE-2004-2455 | Trust: 1.7 |
| db: | SECTRACK | id: | 1010143 | Trust: 1.7 |
| db: | OSVDB | id: | 6109 | Trust: 1.7 |
| db: | CNNVD | id: | CNNVD-200412-545 | Trust: 0.7 |
| db: | XF | id: | 16140 | Trust: 0.6 |
| db: | FULLDISC | id: | 20040512 SWEEX 802.11G ROUTER/ACCESSPOINT CONFIG DISCLOSURE / REMOTE CONFIG | Trust: 0.6 |
| db: | NSFOCUS | id: | 6438 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-10883 | Trust: 0.1 |
| db: | PACKETSTORM | id: | 33331 | Trust: 0.1 |
REFERENCES
| url: | http://www.securityfocus.com/bid/10339 | Trust: 1.7 |
| url: | http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0574.html | Trust: 1.7 |
| url: | http://www.osvdb.org/6109 | Trust: 1.7 |
| url: | http://www.securitytracker.com/alerts/2004/may/1010143.html | Trust: 1.7 |
| url: | http://secunia.com/advisories/11603 | Trust: 1.7 |
| url: | https://exchange.xforce.ibmcloud.com/vulnerabilities/16140 | Trust: 1.1 |
| url: | http://xforce.iss.net/xforce/xfdb/16140 | Trust: 0.6 |
| url: | http://www.nsfocus.net/vulndb/6438 | Trust: 0.6 |
| url: | http://www.sweex.com/product.asp?pid=288 | Trust: 0.3 |
| url: | http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org | Trust: 0.1 |
| url: | http://secunia.com/advisories/11603/ | Trust: 0.1 |
| url: | http://secunia.com/secunia_security_advisories/ | Trust: 0.1 |
| url: | http://secunia.com/about_secunia_advisories/ | Trust: 0.1 |
CREDITS
Discovery is credited to Mark Janssen.
Trust: 0.3
SOURCES
| db: | VULHUB | id: | VHN-10883 |
| db: | BID | id: | 10339 |
| db: | PACKETSTORM | id: | 33331 |
| db: | CNNVD | id: | CNNVD-200412-545 |
| db: | NVD | id: | CVE-2004-2455 |
LAST UPDATE DATE
2024-08-14T14:16:10.031000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-10883 | date: | 2017-07-11T00:00:00 |
| db: | BID | id: | 10339 | date: | 2004-05-13T00:00:00 |
| db: | CNNVD | id: | CNNVD-200412-545 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2004-2455 | date: | 2017-07-11T01:31:54.747 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-10883 | date: | 2004-12-31T00:00:00 |
| db: | BID | id: | 10339 | date: | 2004-05-13T00:00:00 |
| db: | PACKETSTORM | id: | 33331 | date: | 2004-05-13T23:19:00 |
| db: | CNNVD | id: | CNNVD-200412-545 | date: | 2004-05-13T00:00:00 |
| db: | NVD | id: | CVE-2004-2455 | date: | 2004-12-31T05:00:00 |