Sign-up

ID

VAR-200611-0057


CVE

CVE-2006-5711


TITLE

ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router Vulnerable to reading arbitrary files

Trust: 0.8

sources: JVNDB: JVNDB-2006-001483

DESCRIPTION

ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI. ECI Telecom's B-FOCuS ADSL2+ Combo332+ wireless router is prone to an information-disclosure vulnerability. The router's Web-Based Management interface fails to authenticate users before providing access to sensitive information. Exploiting this issue may allow an unauthenticated remote attacker to retrieve sensitive information from the affected device, which may aid in further attacks. B-Focus ADSL2+ does not properly configure the web management interface, attackers can list directories, read routers and configuration files by sending specially crafted requests. ---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: ECI B-FOCuS Wireless Router Information Disclosure SECUNIA ADVISORY ID: SA22667 VERIFY ADVISORY: http://secunia.com/advisories/22667/ CRITICAL: Moderately critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: B-FOCuS Router 332+ http://secunia.com/product/12485/ DESCRIPTION: Tal Argoni has reported a vulnerability in B-FOCuS Wireless router, which can be exploited by malicious people to disclose certain sensitive information. The problem is due to improper authentication in the web-based management, which can be exploited by an unauthenticated person to read the router's configuration files. PROVIDED AND/OR DISCOVERED BY: Tal Argoni ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2006-5711 // JVNDB: JVNDB-2006-001483 // BID: 20834 // VULHUB: VHN-21819 // PACKETSTORM: 51638

AFFECTED PRODUCTS

vendor:eci telecommodel:b-focus wireless 802.11bg adsl2\+ routerscope:eqversion:*

Trust: 1.0

vendor:eci telecommodel:b-focus wireless 802.11bg adsl2+ routerscope: - version: -

Trust: 0.8

vendor:eci telecommodel:b-focus wireless 802.11bg adsl2\+ routerscope: - version: -

Trust: 0.6

vendor:ecimodel:telecom b-focus adsl2+ combo wireless routerscope:eqversion:332+0

Trust: 0.3

sources: BID: 20834 // JVNDB: JVNDB-2006-001483 // CNNVD: CNNVD-200611-056 // NVD: CVE-2006-5711

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2006-5711
value: MEDIUM

Trust: 1.0

NVD: CVE-2006-5711
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200611-056
value: MEDIUM

Trust: 0.6

VULHUB: VHN-21819
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2006-5711
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-21819
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-21819 // JVNDB: JVNDB-2006-001483 // CNNVD: CNNVD-200611-056 // NVD: CVE-2006-5711

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2006-5711

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200611-056

TYPE

Design Error

Trust: 0.9

sources: BID: 20834 // CNNVD: CNNVD-200611-056

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2006-001483

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-21819

EXTERNAL IDS
db:NVDid:CVE-2006-5711
Trust: 2.8
db:BIDid:20834
Trust: 2.0
db:SECUNIAid:22667
Trust: 1.8
db:SREASONid:1817
Trust: 1.7
db:VUPENid:ADV-2006-4331
Trust: 1.7
db:SECTRACKid:1017145
Trust: 1.7
db:JVNDBid:JVNDB-2006-001483
Trust: 0.8
db:FULLDISCid:20061031 DIRECTORY LISTING ON B-FOCUS WIRELESS 802.11B/G ADSL2+ ROUTER BY "ECI TELECOM LTD"
Trust: 0.6
db:BUGTRAQid:20061031 DIRECTORY LISTING ON B-FOCUS WIRELESS 802.11B/G ADSL2+ ROUTER BY "ECI TELECOM LTD"
Trust: 0.6
db:XFid:29931
Trust: 0.6
db:CNNVDid:CNNVD-200611-056
Trust: 0.6
db:EXPLOIT-DBid:28888
Trust: 0.1
db:VULHUBid:VHN-21819
Trust: 0.1
db:PACKETSTORMid:51638
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21819 // 
            
            
            
            BID: 20834 // 
            
            
            
            JVNDB: JVNDB-2006-001483 // 
            
            
            
            PACKETSTORM: 51638 // 
            
            
            
            CNNVD: CNNVD-200611-056 // 
            
            
            
            NVD: CVE-2006-5711

REFERENCES
url:http://www.securityfocus.com/bid/20834
Trust: 1.7
url:http://lists.grok.org.uk/pipermail/full-disclosure/2006-october/050459.html
Trust: 1.7
url:http://securitytracker.com/id?1017145
Trust: 1.7
url:http://secunia.com/advisories/22667
Trust: 1.7
url:http://securityreason.com/securityalert/1817
Trust: 1.7
url:http://www.securityfocus.com/archive/1/450187/100/0/threaded
Trust: 1.1
url:http://www.vupen.com/english/advisories/2006/4331
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/29931
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5711
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5711
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/29931
Trust: 0.6
url:http://www.securityfocus.com/archive/1/archive/1/450187/100/0/threaded
Trust: 0.6
url:http://www.frsirt.com/english/advisories/2006/4331
Trust: 0.6
url:http://www.inoviatele.com/products_hi/hibfocus_332+.asp
Trust: 0.3
url:/archive/1/450187
Trust: 0.3
url:http://secunia.com/advisories/22667/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://corporate.secunia.com/products/48/?r=l
Trust: 0.1
url:http://secunia.com/product/12485/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://corporate.secunia.com/how_to_buy/15/?r=l
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-21819 // 
            
            
            
            BID: 20834 // 
            
            
            
            JVNDB: JVNDB-2006-001483 // 
            
            
            
            PACKETSTORM: 51638 // 
            
            
            
            CNNVD: CNNVD-200611-056 // 
            
            
            
            NVD: CVE-2006-5711

CREDITS
Tal Argoni, LegendaryZion talargoni@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200611-056

SOURCES
db:VULHUBid:VHN-21819
db:BIDid:20834
db:JVNDBid:JVNDB-2006-001483
db:PACKETSTORMid:51638
db:CNNVDid:CNNVD-200611-056
db:NVDid:CVE-2006-5711

LAST UPDATE DATE
2024-08-14T14:35:29.651000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-21819date:2018-10-17T00:00:00
db:BIDid:20834date:2007-07-06T20:07:00
db:JVNDBid:JVNDB-2006-001483date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200611-056date:2006-11-07T00:00:00
db:NVDid:CVE-2006-5711date:2018-10-17T21:44:14.283

SOURCES RELEASE DATE
db:VULHUBid:VHN-21819date:2006-11-04T00:00:00
db:BIDid:20834date:2006-10-31T00:00:00
db:JVNDBid:JVNDB-2006-001483date:2012-06-26T00:00:00
db:PACKETSTORMid:51638date:2006-11-03T22:27:13
db:CNNVDid:CNNVD-200611-056date:2006-10-31T00:00:00
db:NVDid:CVE-2006-5711date:2006-11-04T01:07:00