ID
VAR-200505-0466
CVE
CVE-2005-0864
TITLE
DSL Modem multiple remote security vulnerabilities
Trust: 0.6
DESCRIPTION
The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. Multiple vulnerabilities are reported to exist in Samsung DSL modems. The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files. The second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem. These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device. Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected. Samsung's DSL modem is a communication device used in broadband networks
Trust: 1.35
AFFECTED PRODUCTS
| vendor: | securecomputing | model: | samsung adsl modem | scope: | eq | version: | smdk8947v1.2 | Trust: 1.6 |
| vendor: | samsung | model: | dsl modem smdk8947v1.2 | scope: | - | version: | - | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | NVD-CWE-Other | Trust: 1.0 |
THREAT TYPE
remote
Trust: 0.6
TYPE
Design Error
Trust: 0.9
PATCH
| title: | YABWF - Yet Another Boa Webserver Fork 以下是原Boa Webserver的README原文,用于参考 | url: | https://github.com/Knighthana/YABWF | Trust: 0.1 |
EXTERNAL IDS
| db: | BID | id: | 12864 | Trust: 2.1 |
| db: | NVD | id: | CVE-2005-0864 | Trust: 2.1 |
| db: | CNNVD | id: | CNNVD-200505-418 | Trust: 0.7 |
| db: | VULHUB | id: | VHN-12073 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2005-0864 | Trust: 0.1 |
REFERENCES
| url: | http://exploitlabs.com/files/advisories/expl-a-2005-002-samsung-adsl.txt | Trust: 2.1 |
| url: | http://www.securityfocus.com/bid/12864 | Trust: 1.9 |
| url: | http://zone-h.org/en/advisories/read/id=7339/ | Trust: 1.8 |
| url: | http://www.samsung.com/ | Trust: 0.3 |
| url: | https://cwe.mitre.org/data/definitions/.html | Trust: 0.1 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
| url: | https://github.com/knighthana/yabwf | Trust: 0.1 |
CREDITS
Morning Wood se_cur_ity@hotmail.com
Trust: 0.6
SOURCES
| db: | VULHUB | id: | VHN-12073 |
| db: | VULMON | id: | CVE-2005-0864 |
| db: | BID | id: | 12864 |
| db: | CNNVD | id: | CNNVD-200505-418 |
| db: | NVD | id: | CVE-2005-0864 |
LAST UPDATE DATE
2024-08-14T15:20:11.092000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-12073 | date: | 2008-09-05T00:00:00 |
| db: | VULMON | id: | CVE-2005-0864 | date: | 2008-09-05T00:00:00 |
| db: | BID | id: | 12864 | date: | 2009-07-12T10:56:00 |
| db: | CNNVD | id: | CNNVD-200505-418 | date: | 2005-10-20T00:00:00 |
| db: | NVD | id: | CVE-2005-0864 | date: | 2008-09-05T20:47:32.457 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-12073 | date: | 2005-05-02T00:00:00 |
| db: | VULMON | id: | CVE-2005-0864 | date: | 2005-05-02T00:00:00 |
| db: | BID | id: | 12864 | date: | 2005-03-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-200505-418 | date: | 2005-03-23T00:00:00 |
| db: | NVD | id: | CVE-2005-0864 | date: | 2005-05-02T04:00:00 |