Sign-up

ID

VAR-200505-0467


CVE

CVE-2005-0865


TITLE

DSL Modem multiple remote security vulnerabilities

Trust: 0.6

sources: CNNVD: CNNVD-200505-602

DESCRIPTION

Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi. Multiple vulnerabilities are reported to exist in Samsung DSL modems. The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files. The second issue is a default backdoor account vulnerability. These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device. Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected. Samsung's DSL modem is a communication device used in broadband networks

Trust: 1.26

sources: NVD: CVE-2005-0865 // BID: 12864 // VULHUB: VHN-12074

AFFECTED PRODUCTS

vendor:securecomputingmodel:samsung adsl modemscope:eqversion:smdk8947v1.2

Trust: 1.6

vendor:samsungmodel:dsl modem smdk8947v1.2scope: - version: -

Trust: 0.3

sources: BID: 12864 // CNNVD: CNNVD-200505-602 // NVD: CVE-2005-0865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0865
value: HIGH

Trust: 1.0

CNNVD: CNNVD-200505-602
value: HIGH

Trust: 0.6

VULHUB: VHN-12074
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2005-0865
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12074
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12074 // CNNVD: CNNVD-200505-602 // NVD: CVE-2005-0865

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-602

TYPE

Design Error

Trust: 0.9

sources: BID: 12864 // CNNVD: CNNVD-200505-602

EXTERNAL IDS

db:NVDid:CVE-2005-0865

Trust: 2.0

db:BIDid:12864

Trust: 2.0

db:SECTRACKid:1013615

Trust: 1.7

db:CNNVDid:CNNVD-200505-602

Trust: 0.7

db:VULHUBid:VHN-12074

Trust: 0.1

sources: VULHUB: VHN-12074 // BID: 12864 // CNNVD: CNNVD-200505-602 // NVD: CVE-2005-0865

REFERENCES

url:http://exploitlabs.com/files/advisories/expl-a-2005-002-samsung-adsl.txt

Trust: 2.0

url:http://www.securityfocus.com/bid/12864

Trust: 1.7

url:http://zone-h.org/en/advisories/read/id=7339/

Trust: 1.7

url:http://securitytracker.com/id?1013615

Trust: 1.7

url:http://www.samsung.com/

Trust: 0.3

sources: VULHUB: VHN-12074 // BID: 12864 // CNNVD: CNNVD-200505-602 // NVD: CVE-2005-0865

CREDITS

Morning Wood se_cur_ity@hotmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200505-602

SOURCES

db:VULHUBid:VHN-12074
db:BIDid:12864
db:CNNVDid:CNNVD-200505-602
db:NVDid:CVE-2005-0865

LAST UPDATE DATE

2024-08-14T15:20:11.066000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12074date:2008-09-05T00:00:00
db:BIDid:12864date:2009-07-12T10:56:00
db:CNNVDid:CNNVD-200505-602date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0865date:2008-09-05T20:47:32.630

SOURCES RELEASE DATE

db:VULHUBid:VHN-12074date:2005-05-02T00:00:00
db:BIDid:12864date:2005-03-21T00:00:00
db:CNNVDid:CNNVD-200505-602date:2005-03-23T00:00:00
db:NVDid:CVE-2005-0865date:2005-05-02T04:00:00