Details of VAR-200607-0468

ID

VAR-200607-0468

CVE

CVE-2006-3907

TITLE

Siemens SpeedStream Wireless Router web Management Interface Denial of Service Vulnerability

Trust: 1.4

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-5761 // CNNVD: CNNVD-200607-479

DESCRIPTION

Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. Siemens SpeedStream Wireless Routers are prone to a remote denial-of-service vulnerability. This may permit an attacker to crash affected devices, denying further network services to legitimate users. Firmware version 2624 is vulnerable; other versions may also be affected. ---------------------------------------------------------------------- Hardcore Disassembler / Reverse Engineer Wanted! Want to work with IDA and BinDiff? Want to write PoC's and Exploits? Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package. http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: Siemens SpeedStream 2624 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA21195 VERIFY ADVISORY: http://secunia.com/advisories/21195/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network OPERATING SYSTEM: Siemens Speedstream 2624 http://secunia.com/product/10741/ DESCRIPTION: Jaime Blasco has reported a vulnerability in Siemens Speedstream 2624, which can be exploited by malicious people to cause a DoS (Denial of Service). Successful exploitation causes the network device to stop responding. SOLUTION: Restrict access to affected devices. PROVIDED AND/OR DISCOVERED BY: Jaime Blasco ORIGINAL ADVISORY: http://www.digitalarmaments.com/2006310665340982.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.79

sources: NVD: CVE-2006-3907 // JVNDB: JVNDB-2006-002935 // CNVD: CNVD-2006-5761 // BID: 19132 // IVD: 367995b0-2354-11e6-abef-000c29c66e3d // VULHUB: VHN-20015 // PACKETSTORM: 48533

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-5761

AFFECTED PRODUCTS

vendor:	siemens	model:	speedstream wireless router	scope:	eq	version:	2624	Trust: 2.7
vendor:	speedstream	model:	wireless router siemens	scope:	eq	version:	2624	Trust: 0.6
vendor:	speedstream router	model:	-	scope:	eq	version:	2624	Trust: 0.2

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-5761 // BID: 19132 // JVNDB: JVNDB-2006-002935 // CNNVD: CNNVD-200607-479 // NVD: CVE-2006-3907

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2006-3907
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2006-3907
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2006-5761
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-200607-479
value:	MEDIUM
Trust: 0.6
IVD:	367995b0-2354-11e6-abef-000c29c66e3d
value:	MEDIUM
Trust: 0.2
VULHUB:	VHN-20015
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2006-3907
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2006-5761
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	367995b0-2354-11e6-abef-000c29c66e3d
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2
VULHUB:	VHN-20015
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-5761 // VULHUB: VHN-20015 // JVNDB: JVNDB-2006-002935 // CNNVD: CNNVD-200607-479 // NVD: CVE-2006-3907

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-3907

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200607-479

TYPE

other

Trust: 0.8

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200607-479

CONFIGURATIONS

sources: JVNDB: JVNDB-2006-002935

PATCH

title:

Top Page

url:

http://gigaset.com/

Trust: 0.8

sources: JVNDB: JVNDB-2006-002935

EXTERNAL IDS

db:	NVD	id:	CVE-2006-3907	Trust: 3.3
db:	BID	id:	19132	Trust: 2.6
db:	SECUNIA	id:	21195	Trust: 1.8
db:	SREASON	id:	1292	Trust: 1.7
db:	SECTRACK	id:	1016578	Trust: 1.7
db:	VUPEN	id:	ADV-2006-2969	Trust: 1.7
db:	CNNVD	id:	CNNVD-200607-479	Trust: 0.9
db:	CNVD	id:	CNVD-2006-5761	Trust: 0.8
db:	JVNDB	id:	JVNDB-2006-002935	Trust: 0.8
db:	XF	id:	27948	Trust: 0.6
db:	BUGTRAQ	id:	20060724 DIGITAL ARMAMENTS SECURITY ADVISORY 24.07.2006: SIEMENS SPEEDSTREAM WIRELESS/ROUTER DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	IVD	id:	367995B0-2354-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	VULHUB	id:	VHN-20015	Trust: 0.1
db:	PACKETSTORM	id:	48533	Trust: 0.1

sources: IVD: 367995b0-2354-11e6-abef-000c29c66e3d // CNVD: CNVD-2006-5761 // VULHUB: VHN-20015 // BID: 19132 // JVNDB: JVNDB-2006-002935 // PACKETSTORM: 48533 // CNNVD: CNNVD-200607-479 // NVD: CVE-2006-3907

REFERENCES

url:	http://www.securityfocus.com/bid/19132	Trust: 2.3
url:	http://www.digitalarmaments.com/2006310665340982.html	Trust: 1.8
url:	http://securitytracker.com/id?1016578	Trust: 1.7
url:	http://secunia.com/advisories/21195	Trust: 1.7
url:	http://securityreason.com/securityalert/1292	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/440985/100/0/threaded	Trust: 1.1
url:	http://www.vupen.com/english/advisories/2006/2969	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/27948	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3907	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3907	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/27948	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/440985/100/0/threaded	Trust: 0.6
url:	http://www.frsirt.com/english/advisories/2006/2969	Trust: 0.6
url:	http://www.siemens.com/	Trust: 0.3
url:	/archive/1/440985	Trust: 0.3
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/21195/	Trust: 0.1
url:	http://secunia.com/product/10741/	Trust: 0.1
url:	http://secunia.com/hardcore_disassembler_and_reverse_engineer/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2006-5761 // VULHUB: VHN-20015 // BID: 19132 // JVNDB: JVNDB-2006-002935 // PACKETSTORM: 48533 // CNNVD: CNNVD-200607-479 // NVD: CVE-2006-3907

CREDITS

Jaime Blasco

Trust: 0.6

sources: CNNVD: CNNVD-200607-479

SOURCES

db:	IVD	id:	367995b0-2354-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2006-5761
db:	VULHUB	id:	VHN-20015
db:	BID	id:	19132
db:	JVNDB	id:	JVNDB-2006-002935
db:	PACKETSTORM	id:	48533
db:	CNNVD	id:	CNNVD-200607-479
db:	NVD	id:	CVE-2006-3907

LAST UPDATE DATE

2024-08-14T14:22:39.001000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2006-5761	date:	2006-07-27T00:00:00
db:	VULHUB	id:	VHN-20015	date:	2018-10-17T00:00:00
db:	BID	id:	19132	date:	2006-07-25T16:42:00
db:	JVNDB	id:	JVNDB-2006-002935	date:	2012-12-20T00:00:00
db:	CNNVD	id:	CNNVD-200607-479	date:	2006-08-07T00:00:00
db:	NVD	id:	CVE-2006-3907	date:	2024-02-14T01:17:43.863

SOURCES RELEASE DATE

db:	IVD	id:	367995b0-2354-11e6-abef-000c29c66e3d	date:	2006-07-27T00:00:00
db:	CNVD	id:	CNVD-2006-5761	date:	2006-07-27T00:00:00
db:	VULHUB	id:	VHN-20015	date:	2006-07-27T00:00:00
db:	BID	id:	19132	date:	2006-07-24T00:00:00
db:	JVNDB	id:	JVNDB-2006-002935	date:	2012-12-20T00:00:00
db:	PACKETSTORM	id:	48533	date:	2006-07-26T05:33:34
db:	CNNVD	id:	CNNVD-200607-479	date:	2006-07-27T00:00:00
db:	NVD	id:	CVE-2006-3907	date:	2006-07-27T22:04:00