cvelistv5 - CVE-2006-3561

CVE-2006-3561 (GCVE-0-2006-3561)

Vulnerability from cvelistv5 – Published: 2006-07-13 01:00 – Updated: 2024-08-07 18:30

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/489009/100…	mailing-listx_refsource_BUGTRAQ
	http://www.gnucitizen.org/projects/router-hacking…	x_refsource_MISC
	http://www.gnucitizen.org/blog/holes-in-embedded-…	x_refsource_MISC
	http://www.securityfocus.com/bid/19057	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/440405/100…	mailing-listx_refsource_BUGTRAQ
	http://lists.grok.org.uk/pipermail/full-disclosur…	mailing-listx_refsource_FULLDISC
	http://www.vupen.com/english/advisories/2006/2734	vdb-entryx_refsource_VUPEN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://secunia.com/advisories/20982	third-party-advisoryx_refsource_SECUNIA
	http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:30:34.403Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20080301 The Router Hacking Challenge is Over!",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
          },
          {
            "name": "19057",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/19057"
          },
          {
            "name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
          },
          {
            "name": "20060708 Unauthenticated access to BT Voyager config file",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
          },
          {
            "name": "ADV-2006-2734",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/2734"
          },
          {
            "name": "btvoyager-config-information-disclosure(27652)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
          },
          {
            "name": "20982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/20982"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-07-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20080301 The Router Hacking Challenge is Over!",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
        },
        {
          "name": "19057",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/19057"
        },
        {
          "name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
        },
        {
          "name": "20060708 Unauthenticated access to BT Voyager config file",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
        },
        {
          "name": "ADV-2006-2734",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/2734"
        },
        {
          "name": "btvoyager-config-information-disclosure(27652)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
        },
        {
          "name": "20982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/20982"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3561",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/",
              "refsource": "MISC",
              "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
            },
            {
              "name": "19057",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/19057"
            },
            {
              "name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
            },
            {
              "name": "20060708 Unauthenticated access to BT Voyager config file",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
            },
            {
              "name": "ADV-2006-2734",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2006/2734"
            },
            {
              "name": "btvoyager-config-information-disclosure(27652)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
            },
            {
              "name": "20982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/20982"
            },
            {
              "name": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt",
              "refsource": "MISC",
              "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3561",
    "datePublished": "2006-07-13T01:00:00",
    "dateReserved": "2006-07-12T00:00:00",
    "dateUpdated": "2024-08-07T18:30:34.403Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.21.05.08m_a2pb018c1.d16d\", \"matchCriteriaId\": \"7C261D5B-7660-4D1A-B530-77E7A92D5C71\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.01m\", \"matchCriteriaId\": \"C411B8FB-3E0C-4709-A7A1-802D069909AD\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.\"}, {\"lang\": \"es\", \"value\": \"El firmware BT Voyager 2091 Wireless 2.21.05.08m_A2pB018c1.d16d y anteriores, y 3.01m y anteriores, permite a atacantes remotos evitar el proceso de autenticaci\\u00f3n y obtener informaci\\u00f3n sensible, por ejemplo informaci\\u00f3n de configuraci\\u00f3n, mediante (1) /btvoyager_getconfig.sh, credenciales PPP mediante (2) btvoyager_getpppcreds.sh, y decodificar credenciales de configuraci\\u00f3n mediante btvoyager_decoder.c.\"}]",
      "id": "CVE-2006-3561",
      "lastModified": "2024-11-21T00:13:54.023",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2006-07-13T01:05:00.000",
      "references": "[{\"url\": \"http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/20982\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/440405/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489009/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/19057\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2734\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27652\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/20982\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gnucitizen.org/projects/router-hacking-challenge/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/440405/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/489009/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/19057\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.vupen.com/english/advisories/2006/2734\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/27652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}, {\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3561\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-07-13T01:05:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.\"},{\"lang\":\"es\",\"value\":\"El firmware BT Voyager 2091 Wireless 2.21.05.08m_A2pB018c1.d16d y anteriores, y 3.01m y anteriores, permite a atacantes remotos evitar el proceso de autenticaci\u00f3n y obtener informaci\u00f3n sensible, por ejemplo informaci\u00f3n de configuraci\u00f3n, mediante (1) /btvoyager_getconfig.sh, credenciales PPP mediante (2) btvoyager_getpppcreds.sh, y decodificar credenciales de configuraci\u00f3n mediante btvoyager_decoder.c.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"},{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.21.05.08m_a2pb018c1.d16d\",\"matchCriteriaId\":\"7C261D5B-7660-4D1A-B530-77E7A92D5C71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.01m\",\"matchCriteriaId\":\"C411B8FB-3E0C-4709-A7A1-802D069909AD\"}]}]}],\"references\":[{\"url\":\"http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/20982\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gnucitizen.org/projects/router-hacking-challenge/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/440405/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/489009/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/19057\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2734\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27652\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/20982\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gnucitizen.org/projects/router-hacking-challenge/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/440405/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/489009/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/19057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2006/2734\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200607-0446

Vulnerability from variot - Updated: 2023-12-18 11:51

BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. BT Voyager is prone to authentication-bypass vulnerabilities. These issues are due to a flaw in the authentication process of the affected application. Exploiting these issues may allow attackers to gain unauthorized, remote access to the application's administrative functions. BT Voyager 2091 Wireless ADSL, Firmware 2.21.05.08m_A2pB018c1.d16d, and Firmware 3.01m are reported vulnerable; other versions may also be affected. NOTE: Other precise reports have related to the \"psiBackupInfo\" and \"connect.html\" files, but these vectors were not clear in the original disclosure.

Hardcore Disassembler / Reverse Engineer

Reversing must be a passion as your skills will be challenged on a daily basis and you will be working several hours everyday in IDA, Ollydbg, and with BinDiff. Often, it is also required that you write a PoC or even a working exploit to prove that an issue is exploitable.

The problem is caused due to missing authentication checks when accessing the "psiBackupInfo" and "connect.html" files. Other versions may also be affected.

SOLUTION: Filter traffic to affected devices.

PROVIDED AND/OR DISCOVERED BY: pagvac

ORIGINAL ADVISORY: http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200607-0446",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "voyager 2091 wireless adsl router",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "bt",
        "version": "2.21.05.08m_a2pb018c1.d16d"
      },
      {
        "model": "voyager 2091 wireless adsl router",
        "scope": "lte",
        "trust": 1.8,
        "vendor": "bt",
        "version": "3.01m"
      },
      {
        "model": "voyager 2091 wireless adsl router",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "bt",
        "version": "3.01m"
      },
      {
        "model": "voyager 2091 wireless adsl router",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "bt",
        "version": "2.21.05.08m_a2pb018c1.d16d"
      },
      {
        "model": "voyager wireless adsl router",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "20910"
      },
      {
        "model": "3.01m",
        "scope": null,
        "trust": 0.3,
        "vendor": "bt",
        "version": null
      },
      {
        "model": "2.21.05.08m a2pb018c",
        "scope": null,
        "trust": 0.3,
        "vendor": "bt",
        "version": null
      },
      {
        "model": "voyager wireless adsl router 3.01m",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "2091"
      },
      {
        "model": "voyager wireless adsl router 2.21.05.08m a2pb018c",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "bt",
        "version": "2091"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01m",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.21.05.08m_a2pb018c1.d16d",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "pagvacito \u003cunknown.pentester@gmail.com\u003e reported these vulnerabilities.",
    "sources": [
      {
        "db": "BID",
        "id": "19057"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2006-3561",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2006-3561",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-19669",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2006-3561",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200607-199",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-19669",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c. BT Voyager is prone to authentication-bypass vulnerabilities. These issues are due to a flaw in the authentication process of the affected application. \nExploiting these issues may allow attackers to gain unauthorized, remote access to the application\u0027s administrative functions. \nBT Voyager 2091 Wireless ADSL, Firmware 2.21.05.08m_A2pB018c1.d16d, and Firmware 3.01m are reported vulnerable; other versions may also be affected. NOTE: Other precise reports have related to the \\\"psiBackupInfo\\\" and \\\"connect.html\\\" files, but these vectors were not clear in the original disclosure. \n\n----------------------------------------------------------------------\n\nHardcore Disassembler / Reverse Engineer\n\nReversing must be a passion as your skills will be challenged\non a daily basis and you will be working several hours\neveryday in IDA, Ollydbg, and with BinDiff. Often, it is also\nrequired that you write a PoC or even a working exploit to\nprove that an issue is exploitable. \n\nThe problem is caused due to missing authentication checks when\naccessing the \"psiBackupInfo\" and \"connect.html\" files. Other versions may also be\naffected. \n\nSOLUTION:\nFilter traffic to affected devices. \n\nPROVIDED AND/OR DISCOVERED BY:\npagvac\n\nORIGINAL ADVISORY:\nhttp://ikwt.dyndns.org/projects/btvoyager-getconfig.txt\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      },
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "PACKETSTORM",
        "id": "48132"
      }
    ],
    "trust": 2.34
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-19669",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2006-3561",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "19057",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "20982",
        "trust": 1.8
      },
      {
        "db": "VUPEN",
        "id": "ADV-2006-2734",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199",
        "trust": 0.7
      },
      {
        "db": "BUGTRAQ",
        "id": "20080301 THE ROUTER HACKING CHALLENGE IS OVER!",
        "trust": 0.6
      },
      {
        "db": "BUGTRAQ",
        "id": "20060716 UNAUTHENTICATED ACCESS TO BT VOYAGER CONFIG FILE AND PPP CREDENTIALS EMBEDDED IN HTML FORM",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20060708 UNAUTHENTICATED ACCESS TO BT VOYAGER CONFIG FILE",
        "trust": 0.6
      },
      {
        "db": "XF",
        "id": "27652",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "82222",
        "trust": 0.4
      },
      {
        "db": "EXPLOIT-DB",
        "id": "2034",
        "trust": 0.1
      },
      {
        "db": "VULHUB",
        "id": "VHN-19669",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "48132",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "PACKETSTORM",
        "id": "48132"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "id": "VAR-200607-0446",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:51:13.895000Z",
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      },
      {
        "problemtype": "CWE-264",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-july/047733.html"
      },
      {
        "trust": 1.8,
        "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/19057"
      },
      {
        "trust": 1.7,
        "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
      },
      {
        "trust": 1.7,
        "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/20982"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
      },
      {
        "trust": 1.1,
        "url": "http://www.vupen.com/english/advisories/2006/2734"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/489009/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://www.securityfocus.com/archive/1/archive/1/440405/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3561"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3561"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/27652"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2006/2734"
      },
      {
        "trust": 0.3,
        "url": "http://www.voyager.bt.com/"
      },
      {
        "trust": 0.3,
        "url": "/archive/1/440405"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/hardcore_disassembler_and_reverse_engineer/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/10969/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/20982/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "PACKETSTORM",
        "id": "48132"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "db": "PACKETSTORM",
        "id": "48132"
      },
      {
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2006-07-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "date": "2006-07-18T00:00:00",
        "db": "BID",
        "id": "19057"
      },
      {
        "date": "2006-07-12T00:00:00",
        "db": "BID",
        "id": "82222"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "date": "2006-07-12T07:20:23",
        "db": "PACKETSTORM",
        "id": "48132"
      },
      {
        "date": "2006-07-13T01:05:00",
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "date": "2006-07-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2018-10-18T00:00:00",
        "db": "VULHUB",
        "id": "VHN-19669"
      },
      {
        "date": "2006-07-19T22:27:00",
        "db": "BID",
        "id": "19057"
      },
      {
        "date": "2006-07-12T00:00:00",
        "db": "BID",
        "id": "82222"
      },
      {
        "date": "2014-03-11T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      },
      {
        "date": "2018-10-18T16:47:59.863000",
        "db": "NVD",
        "id": "CVE-2006-3561"
      },
      {
        "date": "2006-07-19T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "19057"
      },
      {
        "db": "BID",
        "id": "82222"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "BT Voyager 2091 Wireless Vulnerabilities that bypass the authentication process in firmware",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-004062"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200607-199"
      }
    ],
    "trust": 0.6
  }
}

GSD-2006-3561

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2006-3561

Aliases

CVE-2006-3561

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3561",
    "description": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.",
    "id": "GSD-2006-3561"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3561"
      ],
      "details": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.",
      "id": "GSD-2006-3561",
      "modified": "2023-12-13T01:19:57.776815Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3561",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20080301 The Router Hacking Challenge is Over!",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
          },
          {
            "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
          },
          {
            "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/",
            "refsource": "MISC",
            "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
          },
          {
            "name": "19057",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/19057"
          },
          {
            "name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
          },
          {
            "name": "20060708 Unauthenticated access to BT Voyager config file",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
          },
          {
            "name": "ADV-2006-2734",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2006/2734"
          },
          {
            "name": "btvoyager-config-information-disclosure(27652)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
          },
          {
            "name": "20982",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/20982"
          },
          {
            "name": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt",
            "refsource": "MISC",
            "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.01m",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.21.05.08m_a2pb018c1.d16d",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3561"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                },
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt",
              "refsource": "MISC",
              "tags": [
                "Exploit"
              ],
              "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
            },
            {
              "name": "20982",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/20982"
            },
            {
              "name": "20060708 Unauthenticated access to BT Voyager config file",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
            },
            {
              "name": "19057",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/19057"
            },
            {
              "name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
            },
            {
              "name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
              "refsource": "MISC",
              "tags": [],
              "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
            },
            {
              "name": "ADV-2006-2734",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2006/2734"
            },
            {
              "name": "btvoyager-config-information-disclosure(27652)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
            },
            {
              "name": "20080301 The Router Hacking Challenge is Over!",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
            },
            {
              "name": "20060716 Unauthenticated access to BT Voyager config file and PPP credentials embedded in HTML form",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-18T16:47Z",
      "publishedDate": "2006-07-13T01:05Z"
    }
  }
}

FKIE_CVE-2006-3561

Vulnerability from fkie_nvd - Published: 2006-07-13 01:05 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt	Exploit
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html
cve@mitre.org	http://secunia.com/advisories/20982	Vendor Advisory
cve@mitre.org	http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/
cve@mitre.org	http://www.gnucitizen.org/projects/router-hacking-challenge/
cve@mitre.org	http://www.securityfocus.com/archive/1/440405/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/489009/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/19057
cve@mitre.org	http://www.vupen.com/english/advisories/2006/2734
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27652
af854a3a-2127-422b-91ae-364da2661108	http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/20982	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/
af854a3a-2127-422b-91ae-364da2661108	http://www.gnucitizen.org/projects/router-hacking-challenge/
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/440405/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/489009/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/19057
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2006/2734
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27652

Impacted products

	Vendor	Product	Version
	bt	voyager_2091_wireless_adsl_router	*
	bt	voyager_2091_wireless_adsl_router	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C261D5B-7660-4D1A-B530-77E7A92D5C71",
              "versionEndIncluding": "2.21.05.08m_a2pb018c1.d16d",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:bt:voyager_2091_wireless_adsl_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C411B8FB-3E0C-4709-A7A1-802D069909AD",
              "versionEndIncluding": "3.01m",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c."
    },
    {
      "lang": "es",
      "value": "El firmware BT Voyager 2091 Wireless 2.21.05.08m_A2pB018c1.d16d y anteriores, y 3.01m y anteriores, permite a atacantes remotos evitar el proceso de autenticaci\u00f3n y obtener informaci\u00f3n sensible, por ejemplo informaci\u00f3n de configuraci\u00f3n, mediante (1) /btvoyager_getconfig.sh, credenciales PPP mediante (2) btvoyager_getpppcreds.sh, y decodificar credenciales de configuraci\u00f3n mediante btvoyager_decoder.c."
    }
  ],
  "id": "CVE-2006-3561",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-07-13T01:05:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20982"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/19057"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2006/2734"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/20982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/19057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2006/2734"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-5GPW-GJ4X-9W63

Vulnerability from github – Published: 2022-05-01 07:10 – Updated: 2025-04-03 04:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3561"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-07-13T01:05:00Z",
    "severity": "MODERATE"
  },
  "details": "BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and earlier, and 3.01m and earlier, allow remote attackers to bypass the authentication process and gain sensitive information, such as configuration information via (1) /btvoyager_getconfig.sh, PPP credentials via (2) btvoyager_getpppcreds.sh, and decode configuration credentials via (3) btvoyager_decoder.c.",
  "id": "GHSA-5gpw-gj4x-9w63",
  "modified": "2025-04-03T04:36:29Z",
  "published": "2022-05-01T07:10:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3561"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27652"
    },
    {
      "type": "WEB",
      "url": "http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-July/047733.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/20982"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-3"
    },
    {
      "type": "WEB",
      "url": "http://www.gnucitizen.org/projects/router-hacking-challenge"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/440405/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/19057"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2006/2734"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-3561 (GCVE-0-2006-3561)

VAR-200607-0446

GSD-2006-3561

FKIE_CVE-2006-3561

GHSA-5GPW-GJ4X-9W63

Tags

Sightings

Nomenclature