Sign-up

ID

VAR-200605-0268


CVE

CVE-2006-2562


TITLE

ZyXEL P-335WT Router UPnP Request Access Control Bypass Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2006-3383

DESCRIPTION

ZyXEL P-335WT router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. P-335Wt Router is prone to a security bypass vulnerability. TITLE: ZyXEL P-335WT UPnP Port Mapping Vulnerability SECUNIA ADVISORY ID: SA20184 VERIFY ADVISORY: http://secunia.com/advisories/20184/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: ZyXEL P-335WT http://secunia.com/product/10055/ DESCRIPTION: Armijn Hemel has reported a vulnerability in ZyXEL P-335WT, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is related to: SA20161 SOLUTION: Disable the UPnP functionality if it is not required. UPnP is reportedly disabled by default. PROVIDED AND/OR DISCOVERED BY: Armijn Hemel OTHER REFERENCES: SA20161: http://secunia.com/advisories/20161/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.89

sources: NVD: CVE-2006-2562 // CNVD: CNVD-2006-3383 // BID: 87572 // VULHUB: VHN-18670 // PACKETSTORM: 46539

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2006-3383

AFFECTED PRODUCTS

vendor:zyxelmodel:p-335wt routerscope:eqversion:*

Trust: 1.0

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:zyxelmodel:p-335wt routerscope: - version: -

Trust: 0.6

vendor:zyxelmodel:p-335wt routerscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2006-3383 // BID: 87572 // CNNVD: CNNVD-200605-434 // NVD: CVE-2006-2562

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-2562
value: HIGH

Trust: 1.0

CNVD: CNVD-2006-3383
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200605-434
value: HIGH

Trust: 0.6

VULHUB: VHN-18670
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-2562
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

CNVD: CNVD-2006-3383
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-18670
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2006-3383 // VULHUB: VHN-18670 // CNNVD: CNNVD-200605-434 // NVD: CVE-2006-2562

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

sources: VULHUB: VHN-18670 // NVD: CVE-2006-2562

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200605-434

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200605-434

EXTERNAL IDS

db:NVDid:CVE-2006-2562

Trust: 2.6

db:SECUNIAid:20184

Trust: 2.4

db:VUPENid:ADV-2006-1910

Trust: 1.7

db:XFid:26710

Trust: 0.9

db:CNNVDid:CNNVD-200605-434

Trust: 0.7

db:CNVDid:CNVD-2006-3383

Trust: 0.6

db:BIDid:87572

Trust: 0.4

db:VULHUBid:VHN-18670

Trust: 0.1

db:PACKETSTORMid:46539

Trust: 0.1

sources: CNVD: CNVD-2006-3383 // VULHUB: VHN-18670 // BID: 87572 // PACKETSTORM: 46539 // CNNVD: CNNVD-200605-434 // NVD: CVE-2006-2562

REFERENCES

url:http://secunia.com/advisories/20184

Trust: 2.3

url:http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html

Trust: 2.0

url:http://www.securityview.org/how-does-the-upnp-flaw-works.html

Trust: 2.0

url:http://www.vupen.com/english/advisories/2006/1910

Trust: 1.1

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/26710

Trust: 1.1

url:http://xforce.iss.net/xforce/xfdb/26710

Trust: 0.9

url:http://www.frsirt.com/english/advisories/2006/1910

Trust: 0.6

url:http://secunia.com/product/10055/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/advisories/20184/

Trust: 0.1

url:http://secunia.com/advisories/20161/

Trust: 0.1

sources: CNVD: CNVD-2006-3383 // VULHUB: VHN-18670 // BID: 87572 // PACKETSTORM: 46539 // CNNVD: CNNVD-200605-434 // NVD: CVE-2006-2562

CREDITS

Unknown

Trust: 0.3

sources: BID: 87572

SOURCES

db:CNVDid:CNVD-2006-3383
db:VULHUBid:VHN-18670
db:BIDid:87572
db:PACKETSTORMid:46539
db:CNNVDid:CNNVD-200605-434
db:NVDid:CVE-2006-2562

LAST UPDATE DATE

2024-08-14T14:35:33.288000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2006-3383date:2006-05-23T00:00:00
db:VULHUBid:VHN-18670date:2017-07-20T00:00:00
db:BIDid:87572date:2006-05-23T00:00:00
db:CNNVDid:CNNVD-200605-434date:2007-01-24T00:00:00
db:NVDid:CVE-2006-2562date:2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:CNVDid:CNVD-2006-3383date:2006-05-23T00:00:00
db:VULHUBid:VHN-18670date:2006-05-24T00:00:00
db:BIDid:87572date:2006-05-23T00:00:00
db:PACKETSTORMid:46539date:2006-05-23T05:09:34
db:CNNVDid:CNNVD-200605-434date:2006-05-23T00:00:00
db:NVDid:CVE-2006-2562date:2006-05-24T01:02:00