Sign-up

ID

VAR-200607-0083


CVE

CVE-2006-3344


TITLE

Siemens SpeedStream Wireless Router Universal Plug and Play UPnP Authentication Bypass Vulnerability

Trust: 1.4

sources: IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-4656 // CNNVD: CNNVD-200607-013

DESCRIPTION

Siemens Speedstream Wireless Router 2624 allows local users to bypass authentication and access protected files by using the Universal Plug and Play UPnP/1.0 component. Siemens' speedstream wireless router contains vulnerabilities related to authorization, privileges, and access control.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Siemens SpeedStream Wireless Router web interface is prone to an authentication-bypass vulnerability. This may permit an attacker to bypass the authentication mechanism and to gain access to the web interface. Version 2624 is vulnerable; other versions may be affected

Trust: 2.7

sources: NVD: CVE-2006-3344 // JVNDB: JVNDB-2006-004115 // CNVD: CNVD-2010-4656 // BID: 18843 // IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-19452

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-4656

AFFECTED PRODUCTS

vendor:siemensmodel:speedstream wireless routerscope:eqversion:2624

Trust: 1.9

vendor:シーメンスmodel:speedstream wireless routerscope:eqversion: -

Trust: 0.8

vendor:シーメンスmodel:speedstream wireless routerscope:eqversion:2624

Trust: 0.8

vendor:シーメンスmodel:speedstream wireless routerscope: - version: -

Trust: 0.8

vendor:nomodel: - scope: - version: -

Trust: 0.6

vendor:speedstream routermodel: - scope:eqversion:2624

Trust: 0.2

sources: IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-4656 // BID: 18843 // JVNDB: JVNDB-2006-004115 // CNNVD: CNNVD-200607-013 // NVD: CVE-2006-3344

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-3344
value: HIGH

Trust: 1.0

NVD: CVE-2006-3344
value: HIGH

Trust: 0.8

CNVD: CNVD-2010-4656
value: HIGH

Trust: 0.6

CNNVD: CNNVD-200607-013
value: HIGH

Trust: 0.6

IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d
value: HIGH

Trust: 0.2

VULHUB: VHN-19452
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2006-3344
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2010-4656
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

VULHUB: VHN-19452
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-4656 // VULHUB: VHN-19452 // JVNDB: JVNDB-2006-004115 // CNNVD: CNNVD-200607-013 // NVD: CVE-2006-3344

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.1

problemtype:Authorization / authority / access control (CWE-264) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-19452 // JVNDB: JVNDB-2006-004115 // NVD: CVE-2006-3344

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-013

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200607-013

EXTERNAL IDS

db:NVDid:CVE-2006-3344

Trust: 4.1

db:BIDid:18843

Trust: 3.4

db:SECTRACKid:1016412

Trust: 2.5

db:SECUNIAid:20896

Trust: 2.5

db:VUPENid:ADV-2006-2610

Trust: 2.5

db:SREASONid:1183

Trust: 2.5

db:CNNVDid:CNNVD-200607-013

Trust: 0.9

db:CNVDid:CNVD-2010-4656

Trust: 0.8

db:JVNDBid:JVNDB-2006-004115

Trust: 0.8

db:XFid:27582

Trust: 0.6

db:BUGTRAQid:20060629 DIGITAL ARMAMENTS SECURITY ADVISORY 29.06.2006: SIEMENS SPEEDSTREAM WIRELESS ROUTER PASSWORD PROTECTION BYPASS VULNERABILITY

Trust: 0.6

db:IVDid:4F2653E6-2354-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:VULHUBid:VHN-19452

Trust: 0.1

sources: IVD: 4f2653e6-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-4656 // VULHUB: VHN-19452 // BID: 18843 // JVNDB: JVNDB-2006-004115 // CNNVD: CNNVD-200607-013 // NVD: CVE-2006-3344

REFERENCES

url:http://www.securityfocus.com/bid/18843

Trust: 3.1

url:http://www.digitalarmaments.com/2006290674551938.html

Trust: 2.8

url:http://securitytracker.com/id?1016412

Trust: 2.5

url:http://secunia.com/advisories/20896

Trust: 2.5

url:http://securityreason.com/securityalert/1183

Trust: 2.5

url:http://www.securityfocus.com/archive/1/438708/100/0/threaded

Trust: 1.9

url:http://www.vupen.com/english/advisories/2006/2610

Trust: 1.9

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/27582

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2006-3344

Trust: 0.8

url:http://www.securityfocus.com/archive/1/archive/1/438708/100/0/threaded

Trust: 0.6

url:http://www.frsirt.com/english/advisories/2006/2610

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/27582

Trust: 0.6

url:http://www.siemens.com/

Trust: 0.3

sources: CNVD: CNVD-2010-4656 // VULHUB: VHN-19452 // BID: 18843 // JVNDB: JVNDB-2006-004115 // CNNVD: CNNVD-200607-013 // NVD: CVE-2006-3344

CREDITS

Digital Armaments is credited with discovering this vulnerability.

Trust: 0.9

sources: BID: 18843 // CNNVD: CNNVD-200607-013

SOURCES

db:IVDid:4f2653e6-2354-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2010-4656
db:VULHUBid:VHN-19452
db:BIDid:18843
db:JVNDBid:JVNDB-2006-004115
db:CNNVDid:CNNVD-200607-013
db:NVDid:CVE-2006-3344

LAST UPDATE DATE

2024-09-06T23:20:11.976000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-4656date:2010-05-04T00:00:00
db:VULHUBid:VHN-19452date:2018-10-18T00:00:00
db:BIDid:18843date:2006-07-07T19:09:00
db:JVNDBid:JVNDB-2006-004115date:2024-09-05T03:18:00
db:CNNVDid:CNNVD-200607-013date:2006-07-12T00:00:00
db:NVDid:CVE-2006-3344date:2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:IVDid:4f2653e6-2354-11e6-abef-000c29c66e3ddate:2010-05-04T00:00:00
db:CNVDid:CNVD-2010-4656date:2010-05-04T00:00:00
db:VULHUBid:VHN-19452date:2006-07-03T00:00:00
db:BIDid:18843date:2006-06-28T00:00:00
db:JVNDBid:JVNDB-2006-004115date:2024-09-05T00:00:00
db:CNNVDid:CNNVD-200607-013date:2006-07-03T00:00:00
db:NVDid:CVE-2006-3344date:2006-07-03T19:05:00