Details of VAR-200412-1004

ID

VAR-200412-1004

CVE

CVE-2004-1550

TITLE

Motorola WR850G Wireless Router Remote Authentication Bypass Vulnerability

Trust: 1.5

sources: CNVD: CNVD-2004-2618 // BID: 11241 // CNNVD: CNNVD-200412-222

DESCRIPTION

Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. Motorola WR850G is a wireless router. The attacker gains access to the WEB interface through periodic access restricted 'ver.asp' scripts, and can obtain the WEB interface user name and password. Using this password, by accessing frame_debug.asp, the WEB SHELL can be obtained and executed on the system. Any command. This issue is caused by a design error and may allow an attacker to ultimately take complete control over the device. Motorola wireless router WR850G running firmware version 4.03 is reportedly affected by this issue. It is possible that other models and firmware versions are affected as well

Trust: 1.8

sources: NVD: CVE-2004-1550 // CNVD: CNVD-2004-2618 // BID: 11241 // VULHUB: VHN-9980

AFFECTED PRODUCTS

vendor:	motorola	model:	wr850g	scope:	eq	version:	4.0.3_firmware	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	motorola	model:	wr850g	scope:	eq	version:	4.03	Trust: 0.3
vendor:	motorola	model:	wr850g	scope:	ne	version:	5.13	Trust: 0.3

sources: CNVD: CNVD-2004-2618 // BID: 11241 // CNNVD: CNNVD-200412-222 // NVD: CVE-2004-1550

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1550
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200412-222
value:	HIGH
Trust: 0.6
VULHUB:	VHN-9980
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1550
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9980
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9980 // CNNVD: CNNVD-200412-222 // NVD: CVE-2004-1550

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1550

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-222

TYPE

Design Error

Trust: 0.9

sources: BID: 11241 // CNNVD: CNNVD-200412-222

EXTERNAL IDS

db:	NVD	id:	CVE-2004-1550	Trust: 2.6
db:	BID	id:	11241	Trust: 2.0
db:	CNNVD	id:	CNNVD-200412-222	Trust: 0.7
db:	CNVD	id:	CNVD-2004-2618	Trust: 0.6
db:	NSFOCUS	id:	6955	Trust: 0.6
db:	BUGTRAQ	id:	20040924 MOTOROLA WIRELESS ROUTER WR850G AUTHENTICATION CIRCUMVENTION	Trust: 0.6
db:	XF	id:	850	Trust: 0.6
db:	XF	id:	17474	Trust: 0.6
db:	FULLDISC	id:	20040923 MOTOROLA WIRELESS ROUTER WR850G AUTHENTICATION CIRCUMVENTION	Trust: 0.6
db:	VULHUB	id:	VHN-9980	Trust: 0.1

sources: CNVD: CNVD-2004-2618 // VULHUB: VHN-9980 // BID: 11241 // CNNVD: CNNVD-200412-222 // NVD: CVE-2004-1550

REFERENCES

url:	http://www.securityfocus.com/bid/11241	Trust: 1.7
url:	http://lists.grok.org.uk/pipermail/full-disclosure/2004-september/026791.html	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/17474	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109613135105800&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/17474	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109613135105800&w=2	Trust: 0.6
url:	http://www.nsfocus.net/vulndb/6955	Trust: 0.6
url:	http://broadband.motorola.com/consumers/products/wr850g/	Trust: 0.3
url:	/archive/1/376384	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=109613135105800&w=2	Trust: 0.1

sources: VULHUB: VHN-9980 // BID: 11241 // CNNVD: CNNVD-200412-222 // NVD: CVE-2004-1550

CREDITS

Daniel Fabian※ d.fabian@sec-consult.com

Trust: 0.6

sources: CNNVD: CNNVD-200412-222

SOURCES

db:	CNVD	id:	CNVD-2004-2618
db:	VULHUB	id:	VHN-9980
db:	BID	id:	11241
db:	CNNVD	id:	CNNVD-200412-222
db:	NVD	id:	CVE-2004-1550

LAST UPDATE DATE

2024-08-14T15:45:43.542000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2004-2618	date:	2004-09-23T00:00:00
db:	VULHUB	id:	VHN-9980	date:	2017-07-11T00:00:00
db:	BID	id:	11241	date:	2009-07-12T07:06:00
db:	CNNVD	id:	CNNVD-200412-222	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1550	date:	2017-07-11T01:31:08.107

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2004-2618	date:	2004-09-23T00:00:00
db:	VULHUB	id:	VHN-9980	date:	2004-12-31T00:00:00
db:	BID	id:	11241	date:	2004-09-23T00:00:00
db:	CNNVD	id:	CNNVD-200412-222	date:	2004-09-23T00:00:00
db:	NVD	id:	CVE-2004-1550	date:	2004-12-31T05:00:00