Details of VAR-200412-0769

ID

VAR-200412-0769

CVE

CVE-2004-2637

TITLE

Zonet Wireless Router NAT Implement design flaws

Trust: 0.6

sources: CNNVD: CNNVD-200412-1182

DESCRIPTION

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. A vulnerability has been reported to affect the implementation of NAT for the ZSR1104WE model Zonet Wireless Router. NAT for the wireless interface on the ZSR1104WE appliance is reported to modify IP data so that on the internal network, the origin address of forwarded traffic is that of the affected appliance. This issue may render the implementation of access controls on an internal host impossible. Zonet Wireless Router is a wireless access device. No detailed vulnerability details are currently available

Trust: 1.35

sources: NVD: CVE-2004-2637 // BID: 10225 // VULHUB: VHN-11065 // VULMON: CVE-2004-2637

AFFECTED PRODUCTS

vendor:	zonet	model:	zsr1104we wireless router runtime code	scope:	eq	version:	2.41	Trust: 1.6
vendor:	zonet	model:	zsr1104we	scope:	eq	version:	2.41	Trust: 0.3

sources: BID: 10225 // CNNVD: CNNVD-200412-1182 // NVD: CVE-2004-2637

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-2637
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200412-1182
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-11065
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2004-2637
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-2637
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-11065
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-11065 // VULMON: CVE-2004-2637 // CNNVD: CNNVD-200412-1182 // NVD: CVE-2004-2637

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2637

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1182

TYPE

Design Error

Trust: 0.9

sources: BID: 10225 // CNNVD: CNNVD-200412-1182

EXTERNAL IDS

db:	BID	id:	10225	Trust: 2.1
db:	SECUNIA	id:	11499	Trust: 1.8
db:	OSVDB	id:	5716	Trust: 1.8
db:	SECTRACK	id:	1009967	Trust: 1.8
db:	NVD	id:	CVE-2004-2637	Trust: 1.8
db:	CNNVD	id:	CNNVD-200412-1182	Trust: 0.7
db:	XF	id:	16005	Trust: 0.6
db:	FULLDISC	id:	20040429 ZONET ZSR1104WE ROUTER PROBLEM	Trust: 0.6
db:	NSFOCUS	id:	6392	Trust: 0.6
db:	VULHUB	id:	VHN-11065	Trust: 0.1
db:	VULMON	id:	CVE-2004-2637	Trust: 0.1

sources: VULHUB: VHN-11065 // VULMON: CVE-2004-2637 // BID: 10225 // CNNVD: CNNVD-200412-1182 // NVD: CVE-2004-2637

REFERENCES

url:	http://www.securityfocus.com/bid/10225	Trust: 1.8
url:	http://www.osvdb.org/5716	Trust: 1.8
url:	http://securitytracker.com/id?1009967	Trust: 1.8
url:	http://secunia.com/advisories/11499	Trust: 1.8
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16005	Trust: 1.2
url:	http://marc.info/?l=full-disclosure&m=108324905314026&w=2	Trust: 1.1
url:	http://xforce.iss.net/xforce/xfdb/16005	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=full-disclosure&m=108324905314026&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6392	Trust: 0.6
url:	http://www.zonetusa.com/	Trust: 0.3
url:	http://www.zonetusa.com/zsr1104we03.htm	Trust: 0.3
url:	http://marc.info/?l=full-disclosure&m=108324905314026&w=2	Trust: 0.1
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-11065 // VULMON: CVE-2004-2637 // BID: 10225 // CNNVD: CNNVD-200412-1182 // NVD: CVE-2004-2637

CREDITS

Jason Wachtel※ jwachtel@homelogic.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-1182

SOURCES

db:	VULHUB	id:	VHN-11065
db:	VULMON	id:	CVE-2004-2637
db:	BID	id:	10225
db:	CNNVD	id:	CNNVD-200412-1182
db:	NVD	id:	CVE-2004-2637

LAST UPDATE DATE

2024-08-14T15:09:53.995000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-11065	date:	2017-07-20T00:00:00
db:	VULMON	id:	CVE-2004-2637	date:	2017-07-20T00:00:00
db:	BID	id:	10225	date:	2004-04-23T00:00:00
db:	CNNVD	id:	CNNVD-200412-1182	date:	2005-12-21T00:00:00
db:	NVD	id:	CVE-2004-2637	date:	2017-07-20T01:29:03.347

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-11065	date:	2004-12-31T00:00:00
db:	VULMON	id:	CVE-2004-2637	date:	2004-12-31T00:00:00
db:	BID	id:	10225	date:	2004-04-23T00:00:00
db:	CNNVD	id:	CNNVD-200412-1182	date:	2004-04-23T00:00:00
db:	NVD	id:	CVE-2004-2637	date:	2004-12-31T05:00:00