Details of VAR-200505-0862

ID

VAR-200505-0862

CVE

CVE-2005-1566

TITLE

Acrowave AAP-3100AR Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-1015

DESCRIPTION

Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell. Wlan Ap + Adsl Router is prone to a denial-of-service vulnerability. ---------------------------------------------------------------------- Want a new IT Security job? Vacant positions at Secunia: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Acrowave AAP-3100AR Router Authentication Bypass SECUNIA ADVISORY ID: SA15343 VERIFY ADVISORY: http://secunia.com/advisories/15343/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Acrowave AAP-3100AR Router http://secunia.com/product/5094/ DESCRIPTION: Martin Tornwall has reported a vulnerability in Acrowave AAP-3100AR Router, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication process. This can be exploited to login without supplying a username and password by pressing CTRL-C. SOLUTION: Filter access to the telnet interface. PROVIDED AND/OR DISCOVERED BY: Martin Tornwall ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.35

sources: NVD: CVE-2005-1566 // BID: 89988 // VULHUB: VHN-12775 // PACKETSTORM: 37633

AFFECTED PRODUCTS

vendor:	arcowave	model:	wlan ap \+ adsl router	scope:	eq	version:	aap_3100ar	Trust: 1.6
vendor:	arcowave	model:	systems wlan ap %2b adsl router aap 3100ar	scope:	-	version:	-	Trust: 0.3

sources: BID: 89988 // CNNVD: CNNVD-200505-1015 // NVD: CVE-2005-1566

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1566
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200505-1015
value:	HIGH
Trust: 0.6
VULHUB:	VHN-12775
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-1566
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12775
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12775 // CNNVD: CNNVD-200505-1015 // NVD: CVE-2005-1566

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1566

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-1015

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200505-1015

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1566	Trust: 2.0
db:	SECUNIA	id:	15343	Trust: 1.8
db:	OSVDB	id:	16445	Trust: 1.7
db:	CNNVD	id:	CNNVD-200505-1015	Trust: 0.7
db:	BUGTRAQ	id:	20050512 ACROWAVE AAP-3100AR AUTHETICATION BYPASS	Trust: 0.6
db:	BID	id:	89988	Trust: 0.4
db:	VULHUB	id:	VHN-12775	Trust: 0.1
db:	PACKETSTORM	id:	37633	Trust: 0.1

sources: VULHUB: VHN-12775 // BID: 89988 // PACKETSTORM: 37633 // CNNVD: CNNVD-200505-1015 // NVD: CVE-2005-1566

REFERENCES

url:	http://www.osvdb.org/16445	Trust: 1.7
url:	http://secunia.com/advisories/15343	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=111592452331677&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111592452331677&w=2	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=111592452331677&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5094/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/advisories/15343/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: VULHUB: VHN-12775 // BID: 89988 // PACKETSTORM: 37633 // CNNVD: CNNVD-200505-1015 // NVD: CVE-2005-1566

CREDITS

Unknown

Trust: 0.3

sources: BID: 89988

SOURCES

db:	VULHUB	id:	VHN-12775
db:	BID	id:	89988
db:	PACKETSTORM	id:	37633
db:	CNNVD	id:	CNNVD-200505-1015
db:	NVD	id:	CVE-2005-1566

LAST UPDATE DATE

2024-08-14T14:08:49.774000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12775	date:	2016-10-18T00:00:00
db:	BID	id:	89988	date:	2005-05-14T00:00:00
db:	CNNVD	id:	CNNVD-200505-1015	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-1566	date:	2016-10-18T03:21:03.223

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12775	date:	2005-05-14T00:00:00
db:	BID	id:	89988	date:	2005-05-14T00:00:00
db:	PACKETSTORM	id:	37633	date:	2005-05-29T20:22:44
db:	CNNVD	id:	CNNVD-200505-1015	date:	2005-05-14T00:00:00
db:	NVD	id:	CVE-2005-1566	date:	2005-05-14T04:00:00