Sign-up

ID

VAR-200412-0962


CVE

CVE-2004-2045


TITLE

Conceptronic CADSLR1 ADSL Router Service Rejection Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-1198

DESCRIPTION

The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. The Conseptronic CADSLR1 router is reported to contain a denial of service vulnerability. This vulnerability reportedly presents itself in the embedded HTTP server used for web-based administration of the router. When presented a large malformed request, the device will reportedly crash and reboot. This vulnerability could be exploited by a remote attacker to deny service to legitimate users. Due to code reuse across products, other Conseptronic devices may also be vulnerable to similar issues. TITLE: Conceptronic CADSLR1 Router Denial of Service Vulnerability SECUNIA ADVISORY ID: SA12110 VERIFY ADVISORY: http://secunia.com/advisories/12110/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Conceptronic CADSLR1 http://secunia.com/product/3707/ DESCRIPTION: Jordi Corrales has reported a vulnerability in CADSLR1, allowing malicious people to cause a Denial of Service. The problem is that the device fails to handle HTTP requests with a long username (65535 characters). This causes the device to reboot. This has been reported to affect devices running firmware version 3.04n. Prior versions may also be affected. SOLUTION: Filter access to the device or disable the HTTP service. PROVIDED AND/OR DISCOVERED BY: Jordi Corrales ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2004-2045 // BID: 10769 // VULHUB: VHN-10473 // PACKETSTORM: 33840

AFFECTED PRODUCTS

vendor:conceptronicmodel:cadslr1 adsl routerscope:eqversion:3.04n

Trust: 1.6

vendor:conceptronicmodel:cadslr1 routerscope: - version: -

Trust: 0.3

sources: BID: 10769 // CNNVD: CNNVD-200412-1198 // NVD: CVE-2004-2045

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2004-2045
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-1198
value: MEDIUM

Trust: 0.6

VULHUB: VHN-10473
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2004-2045
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-10473
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-10473 // CNNVD: CNNVD-200412-1198 // NVD: CVE-2004-2045

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-2045

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1198

TYPE

Boundary Condition Error

Trust: 0.9

sources: BID: 10769 // CNNVD: CNNVD-200412-1198

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-10473

EXTERNAL IDS
db:BIDid:10769
Trust: 2.0
db:SECUNIAid:12110
Trust: 1.8
db:NVDid:CVE-2004-2045
Trust: 1.7
db:CNNVDid:CNNVD-200412-1198
Trust: 0.7
db:BUGTRAQid:20040721 DENIAL OF SERVICE IN CONCEPTRONIC CADSLR1 ROUTER
Trust: 0.6
db:XFid:16746
Trust: 0.6
db:EXPLOIT-DBid:363
Trust: 0.1
db:VULHUBid:VHN-10473
Trust: 0.1
db:PACKETSTORMid:33840
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10473 // 
            
            
            
            BID: 10769 // 
            
            
            
            PACKETSTORM: 33840 // 
            
            
            
            CNNVD: CNNVD-200412-1198 // 
            
            
            
            NVD: CVE-2004-2045

REFERENCES
url:http://www.shellsec.net/leer_advisory.php?id=5
Trust: 2.0
url:http://www.securityfocus.com/bid/10769
Trust: 1.7
url:http://secunia.com/advisories/12110
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/16746
Trust: 1.1
url:http://marc.info/?l=bugtraq&m=109045084522857&w=2
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/16746
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=109045084522857&w=2
Trust: 0.6
url:http://www.conceptronic.net/
Trust: 0.3
url:http://marc.info/?l=bugtraq&m=109045084522857&w=2
Trust: 0.1
url:http://secunia.com/product/3707/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/12110/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-10473 // 
            
            
            
            BID: 10769 // 
            
            
            
            PACKETSTORM: 33840 // 
            
            
            
            CNNVD: CNNVD-200412-1198 // 
            
            
            
            NVD: CVE-2004-2045

CREDITS
Jordi Corrales
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-1198

SOURCES
db:VULHUBid:VHN-10473
db:BIDid:10769
db:PACKETSTORMid:33840
db:CNNVDid:CNNVD-200412-1198
db:NVDid:CVE-2004-2045

LAST UPDATE DATE
2024-08-14T15:45:43.598000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-10473date:2017-07-11T00:00:00
db:BIDid:10769date:2004-07-21T00:00:00
db:CNNVDid:CNNVD-200412-1198date:2005-10-20T00:00:00
db:NVDid:CVE-2004-2045date:2017-07-11T01:31:35.030

SOURCES RELEASE DATE
db:VULHUBid:VHN-10473date:2004-12-31T00:00:00
db:BIDid:10769date:2004-07-21T00:00:00
db:PACKETSTORMid:33840date:2004-07-21T21:40:50
db:CNNVDid:CNNVD-200412-1198date:2004-12-31T00:00:00
db:NVDid:CVE-2004-2045date:2004-12-31T05:00:00