Sign-up

ID

VAR-201004-0415


CVE

CVE-2010-1544


TITLE

RCA DCM425 Modem micro_httpd Remote Denial of Service Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2010-4751 // CNNVD: CNNVD-201004-426

DESCRIPTION

micro_httpd on the RCA DCM425 cable modem allows remote attackers to cause a denial of service (device reboot) via a long string to TCP port 80. The RCA DCM425 is a broadband cable modem. Successful exploits will cause the device to crash, denying service to legitimate users. Due to the nature of this issue, it may be possible to leverage this vulnerability to execute arbitrary code but this has not been confirmed. SOLUTION: Use the device only in trusted networks. PROVIDED AND/OR DISCOVERED BY: ad0nis ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.61

sources: NVD: CVE-2010-1544 // JVNDB: JVNDB-2010-004003 // CNVD: CNVD-2010-4751 // BID: 38488 // VULHUB: VHN-44149 // PACKETSTORM: 86901

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-4751

AFFECTED PRODUCTS

vendor:rcamodel:digital cable modemscope:eqversion:dcm425

Trust: 1.8

vendor:acmemodel:micro httpdscope:eqversion:*

Trust: 1.0

vendor:rcamodel:digital cable modem dcm425scope: - version: -

Trust: 0.9

vendor:acme laboratoriesmodel:micro httpdscope: - version: -

Trust: 0.8

vendor:acmemodel:micro httpdscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2010-4751 // BID: 38488 // JVNDB: JVNDB-2010-004003 // CNNVD: CNNVD-201004-426 // NVD: CVE-2010-1544

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2010-1544
value: MEDIUM

Trust: 1.0

NVD: CVE-2010-1544
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2010-4751
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201004-426
value: MEDIUM

Trust: 0.6

VULHUB: VHN-44149
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2010-1544
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2010-4751
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-44149
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2010-4751 // VULHUB: VHN-44149 // JVNDB: JVNDB-2010-004003 // CNNVD: CNNVD-201004-426 // NVD: CVE-2010-1544

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-44149 // JVNDB: JVNDB-2010-004003 // NVD: CVE-2010-1544

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-426

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201004-426

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2010-004003

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-44149

PATCH
title:micro_httpdurl:http://www.acme.com/software/micro_httpd/
Trust: 0.8
title:Top Pageurl:http://www.rca.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2010-004003

EXTERNAL IDS
db:NVDid:CVE-2010-1544
Trust: 3.4
db:BIDid:38488
Trust: 2.6
db:SECUNIAid:38778
Trust: 1.8
db:JVNDBid:JVNDB-2010-004003
Trust: 0.8
db:CNNVDid:CNNVD-201004-426
Trust: 0.7
db:CNVDid:CNVD-2010-4751
Trust: 0.6
db:NSFOCUSid:14579
Trust: 0.6
db:EXPLOIT-DBid:11597
Trust: 0.1
db:VULHUBid:VHN-44149
Trust: 0.1
db:PACKETSTORMid:86901
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-4751 // 
            
            
            
            VULHUB: VHN-44149 // 
            
            
            
            BID: 38488 // 
            
            
            
            JVNDB: JVNDB-2010-004003 // 
            
            
            
            PACKETSTORM: 86901 // 
            
            
            
            CNNVD: CNNVD-201004-426 // 
            
            
            
            NVD: CVE-2010-1544

REFERENCES
url:http://www.securityfocus.com/bid/38488
Trust: 2.3
url:http://packetstormsecurity.org/1002-exploits/rcadcm425-dos.txt
Trust: 1.7
url:http://secunia.com/advisories/38778
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1544
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1544
Trust: 0.8
url:http://www.nsfocus.net/vulndb/14579
Trust: 0.6
url:http://home.rca.com/en-us/rcahome.html
Trust: 0.3
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/38778/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2010-4751 // 
            
            
            
            VULHUB: VHN-44149 // 
            
            
            
            BID: 38488 // 
            
            
            
            JVNDB: JVNDB-2010-004003 // 
            
            
            
            PACKETSTORM: 86901 // 
            
            
            
            CNNVD: CNNVD-201004-426 // 
            
            
            
            NVD: CVE-2010-1544

CREDITS
ad0nis  ad0nis@hackermail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201004-426

SOURCES
db:CNVDid:CNVD-2010-4751
db:VULHUBid:VHN-44149
db:BIDid:38488
db:JVNDBid:JVNDB-2010-004003
db:PACKETSTORMid:86901
db:CNNVDid:CNNVD-201004-426
db:NVDid:CVE-2010-1544

LAST UPDATE DATE
2024-11-23T22:14:23.603000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2010-4751date:2010-04-26T00:00:00
db:VULHUBid:VHN-44149date:2010-04-27T00:00:00
db:BIDid:38488date:2015-04-13T21:02:00
db:JVNDBid:JVNDB-2010-004003date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-201004-426date:2010-04-26T00:00:00
db:NVDid:CVE-2010-1544date:2024-11-21T01:14:40.183

SOURCES RELEASE DATE
db:CNVDid:CNVD-2010-4751date:2010-04-26T00:00:00
db:VULHUBid:VHN-44149date:2010-04-26T00:00:00
db:BIDid:38488date:2010-03-02T00:00:00
db:JVNDBid:JVNDB-2010-004003date:2012-06-26T00:00:00
db:PACKETSTORMid:86901date:2010-03-04T07:37:20
db:CNNVDid:CNNVD-201004-426date:2010-03-02T00:00:00
db:NVDid:CVE-2010-1544date:2010-04-26T19:30:00.910