Details of VAR-200508-0254

ID

VAR-200508-0254

CVE

CVE-2005-2424

TITLE

Siemens Santis 50 Wireless Router Web Interface Denial of Service Vulnerability

Trust: 1.1

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-2595 // BID: 14372

DESCRIPTION

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze. The Siemens Santis 50 wireless router is a wi-fi (802.11b) ADSL router for home and small business networks. Siemens Santis 50 provides a web management interface and a classic telnet CLI for management purposes. These services are only available through the local network by default, but can also be activated through the WAN interface. Siemens Santis 50 Wireless router Web interface is affected by a remote denial of service vulnerability. The attacker can also erase the FLASH contents. Information obtained may be used in further attacks against the vulnerable device or the network it operates on. This issue may also affect the Ericsson HN294dp and Dynalink RTA300W routers. Both devices are believed to use the same hardware as the Siemens Santis 50 Wireless router; this has not been confirmed by Symantec. ---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/ ---------------------------------------------------------------------- TITLE: Siemens Santis 50 Authentication Bypass Vulnerability SECUNIA ADVISORY ID: SA16215 VERIFY ADVISORY: http://secunia.com/advisories/16215/ CRITICAL: Moderately critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Siemens Santis 50 http://secunia.com/product/5440/ DESCRIPTION: Luca Carettoni has reported a vulnerability in Siemens Santis 50, which can be exploited by malicious people to bypass certain security restrictions. This can reportedly be exploited to view configuration information and potentially erase the device's flash memory. The vulnerability has been reported in firmware version 4.2.8.0. Other versions may also be affected. SOLUTION: Restrict access to the device. PROVIDED AND/OR DISCOVERED BY: Luca Carettoni, Secure Network. ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2005-2424 // CNVD: CNVD-2005-2595 // BID: 14372 // IVD: c62bae40-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-13633 // PACKETSTORM: 38873

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-2595

AFFECTED PRODUCTS

vendor:	siemens	model:	santis 50	scope:	eq	version:	4.2.8.0	Trust: 1.6
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	siemens	model:	santis wireless router	scope:	eq	version:	504.2.8.0	Trust: 0.3
vendor:	santis 50	model:	-	scope:	eq	version:	4.2.8.0	Trust: 0.2

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-2595 // BID: 14372 // CNNVD: CNNVD-200508-018 // NVD: CVE-2005-2424

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-2424
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200508-018
value:	HIGH
Trust: 0.6
IVD:	c62bae40-2355-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2
VULHUB:	VHN-13633
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2005-2424
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IVD:	c62bae40-2355-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-13633
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // VULHUB: VHN-13633 // CNNVD: CNNVD-200508-018 // NVD: CVE-2005-2424

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-2424

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200508-018

TYPE

Access verification error

Trust: 0.8

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200508-018

EXTERNAL IDS

db:	NVD	id:	CVE-2005-2424	Trust: 2.5
db:	BID	id:	14372	Trust: 2.0
db:	SECUNIA	id:	16215	Trust: 1.8
db:	OSVDB	id:	18294	Trust: 1.7
db:	CNNVD	id:	CNNVD-200508-018	Trust: 0.9
db:	CNVD	id:	CNVD-2005-2595	Trust: 0.8
db:	XF	id:	50	Trust: 0.6
db:	XF	id:	21552	Trust: 0.6
db:	BUGTRAQ	id:	20050725 SIEMENS SANTIS 50 AUTHENTICATION VULNERABILITY	Trust: 0.6
db:	IVD	id:	C62BAE40-2355-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-13633	Trust: 0.1
db:	PACKETSTORM	id:	38873	Trust: 0.1

sources: IVD: c62bae40-2355-11e6-abef-000c29c66e3d // CNVD: CNVD-2005-2595 // VULHUB: VHN-13633 // BID: 14372 // PACKETSTORM: 38873 // CNNVD: CNNVD-200508-018 // NVD: CVE-2005-2424

REFERENCES

url:	http://www.securityfocus.com/bid/14372	Trust: 1.7
url:	http://www.securenetwork.it/advisories/	Trust: 1.7
url:	http://www.osvdb.org/18294	Trust: 1.7
url:	http://secunia.com/advisories/16215	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/21552	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=112230914431638&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/21552	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=112230914431638&w=2	Trust: 0.6
url:	http://www.siemens.ch/index.jsp?sdc_p=d1093191po1092631f64c175l1s2mn1092631t4u1260&	Trust: 0.3
url:	/archive/1/406379	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=112230914431638&w=2	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/secunia_vacancies/	Trust: 0.1
url:	http://secunia.com/advisories/16215/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/5440/	Trust: 0.1

sources: VULHUB: VHN-13633 // BID: 14372 // PACKETSTORM: 38873 // CNNVD: CNNVD-200508-018 // NVD: CVE-2005-2424

CREDITS

Luca Carettoni luca.carettoni@securenetwork.it

Trust: 0.6

sources: CNNVD: CNNVD-200508-018

SOURCES

db:	IVD	id:	c62bae40-2355-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2005-2595
db:	VULHUB	id:	VHN-13633
db:	BID	id:	14372
db:	PACKETSTORM	id:	38873
db:	CNNVD	id:	CNNVD-200508-018
db:	NVD	id:	CVE-2005-2424

LAST UPDATE DATE

2024-08-14T13:59:51.539000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2005-2595	date:	2005-07-26T00:00:00
db:	VULHUB	id:	VHN-13633	date:	2017-07-11T00:00:00
db:	BID	id:	14372	date:	2005-07-25T00:00:00
db:	CNNVD	id:	CNNVD-200508-018	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2005-2424	date:	2017-07-11T01:32:50.127

SOURCES RELEASE DATE

db:	IVD	id:	c62bae40-2355-11e6-abef-000c29c66e3d	date:	2005-07-26T00:00:00
db:	CNVD	id:	CNVD-2005-2595	date:	2005-07-26T00:00:00
db:	VULHUB	id:	VHN-13633	date:	2005-08-03T00:00:00
db:	BID	id:	14372	date:	2005-07-25T00:00:00
db:	PACKETSTORM	id:	38873	date:	2005-07-27T16:08:40
db:	CNNVD	id:	CNNVD-200508-018	date:	2005-07-26T00:00:00
db:	NVD	id:	CVE-2005-2424	date:	2005-08-03T04:00:00