Details of VAR-200505-0406

ID

VAR-200505-0406

CVE

CVE-2005-0833

TITLE

Belkin 54G Access control vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-310

DESCRIPTION

Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication. The Belkin 54G (F5D7130) appliance is reported prone to multiple remote vulnerabilities. The following individual issues are reported: It is reported that the Belkin 54G appliance transmits UPNP datagrams to the connected private network at regular intervals. Reports indicate that these datagrams contain a URI, this URI may be accessed by local network users without requiring authentication. A remote attacker that resides on the local network segment connected to the affected appliance may exploit this vulnerability to disclose sensitive information. It is reported that SNMP support is enabled on the affected appliance under a default configuration. A remote attacker that resides on the local network segment connected to the affected appliance may exploit this vulnerability to disclose sensitive information. Finally, it is reported that the SNMP service may be exploited to deny service for legitimate users. A remote attacker that resides on the local network segment connected to the affected appliance may exploit this vulnerability to deny service for legitimate users

Trust: 1.26

sources: NVD: CVE-2005-0833 // BID: 12846 // VULHUB: VHN-12042

AFFECTED PRODUCTS

vendor:	belkin	model:	54g wireless router	scope:	eq	version:	f5d7130	Trust: 1.6
vendor:	belkin	model:	54g	scope:	-	version:	-	Trust: 0.3

sources: BID: 12846 // CNNVD: CNNVD-200505-310 // NVD: CVE-2005-0833

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-0833
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-310
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12042
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-0833
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12042
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12042 // CNNVD: CNNVD-200505-310 // NVD: CVE-2005-0833

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0833

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-310

TYPE

Design Error

Trust: 0.9

sources: BID: 12846 // CNNVD: CNNVD-200505-310

EXTERNAL IDS

db:	BID	id:	12846	Trust: 2.0
db:	NVD	id:	CVE-2005-0833	Trust: 2.0
db:	CNNVD	id:	CNNVD-200505-310	Trust: 0.7
db:	VULHUB	id:	VHN-12042	Trust: 0.1

sources: VULHUB: VHN-12042 // BID: 12846 // CNNVD: CNNVD-200505-310 // NVD: CVE-2005-0833

REFERENCES

url:	http://www.securityfocus.com/bid/12846	Trust: 1.7
url:	http://www.belkin.com/index.asp	Trust: 0.3

sources: VULHUB: VHN-12042 // BID: 12846 // CNNVD: CNNVD-200505-310 // NVD: CVE-2005-0833

CREDITS

Discovery of these vulnerabilities is credited to pureone <pureone36@gmail.com>.

Trust: 0.9

sources: BID: 12846 // CNNVD: CNNVD-200505-310

SOURCES

db:	VULHUB	id:	VHN-12042
db:	BID	id:	12846
db:	CNNVD	id:	CNNVD-200505-310
db:	NVD	id:	CVE-2005-0833

LAST UPDATE DATE

2024-08-14T14:53:46.077000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12042	date:	2008-09-05T00:00:00
db:	BID	id:	12846	date:	2009-07-12T10:56:00
db:	CNNVD	id:	CNNVD-200505-310	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-0833	date:	2008-09-05T20:47:27.410

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12042	date:	2005-05-02T00:00:00
db:	BID	id:	12846	date:	2005-03-18T00:00:00
db:	CNNVD	id:	CNNVD-200505-310	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-0833	date:	2005-05-02T04:00:00