VAR-200005-0008
Vulnerability from variot - Updated: 2023-12-18 13:21The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the "#" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. The following devices are confirmed as vulnerable: R2020 Dual Analog Router R3100 ISDN Router R3100-I ISDL Router R3100-T IDSL router for Covad R3232-I IDSL 4-IMUX router R5100 Serial router R5200 DDS router R5220 DDS router w/ V.90 backup R5300 T1 router R5320 T1 router w/ V.90 backup R5331 T1 router w/ ISDN backup R7100-C SDSL router R7120 SDSL Router w/int V.90 R7131 SDSL router w/int ISDN R7171 SDSL 2x IMUX router R7200-T SDSL router for Covad R7220 SDSL router w/int.V.90 R7231 SDSL router w/int ISDN R9100 Ethernet-to-ethernet Router
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200005-0008",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "r-series routers",
"scope": "eq",
"trust": 1.9,
"vendor": "netopia",
"version": "4.6.2"
}
],
"sources": [
{
"db": "BID",
"id": "1177"
},
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:netopia:r-series_routers:4.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0379"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was posted by Stephen Friedl \u003cfriedl@mtndew.com\u003e to the Bugtraq mailing list on Mon, 8 May 2000.",
"sources": [
{
"db": "BID",
"id": "1177"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
],
"trust": 0.9
},
"cve": "CVE-2000-0379",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-1958",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2000-0379",
"trust": 1.0,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-200005-056",
"trust": 0.6,
"value": "LOW"
},
{
"author": "VULHUB",
"id": "VHN-1958",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1958"
},
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so. The router has a command-line mode that is reached by typing control-N after the user has passed the intial login test. At the \"#\" prompt one can then do most management of the device. This includes the setting of SNMP community strings in spite of the limitation imposed by the administrator. \nThe following devices are confirmed as vulnerable:\nR2020 Dual Analog Router\nR3100 ISDN Router\nR3100-I ISDL Router\nR3100-T IDSL router for Covad\nR3232-I IDSL 4-IMUX router\nR5100 Serial router\nR5200 DDS router\nR5220 DDS router w/ V.90 backup\nR5300 T1 router\nR5320 T1 router w/ V.90 backup\nR5331 T1 router w/ ISDN backup\nR7100-C SDSL router\nR7120 SDSL Router w/int V.90\nR7131 SDSL router w/int ISDN\nR7171 SDSL 2x IMUX router\nR7200-T SDSL router for Covad\nR7220 SDSL router w/int.V.90\nR7231 SDSL router w/int ISDN\nR9100 Ethernet-to-ethernet Router",
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "BID",
"id": "1177"
},
{
"db": "VULHUB",
"id": "VHN-1958"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-1958",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1958"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "1177",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2000-0379",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20000507 ADVISORY: NETOPIA R9100 ROUTER VULNERABILITY",
"trust": 0.6
},
{
"db": "SEEBUG",
"id": "SSVID-73809",
"trust": 0.1
},
{
"db": "EXPLOIT-DB",
"id": "19901",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-1958",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1958"
},
{
"db": "BID",
"id": "1177"
},
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"id": "VAR-200005-0008",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-1958"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:21:24.465000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2000-0379"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/1177"
},
{
"trust": 1.7,
"url": "http://www.netopia.com/equipment/purchase/fmw_update.html"
},
{
"trust": 1.0,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=200005082054.naa32590%40linux.mtndew.com"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/templates/archive.pike?list=1\u0026msg=200005082054.naa32590@linux.mtndew.com"
},
{
"trust": 0.3,
"url": "http://www.netopia.com/equipment/routers/r9100/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-1958"
},
{
"db": "BID",
"id": "1177"
},
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-1958"
},
{
"db": "BID",
"id": "1177"
},
{
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2000-05-16T00:00:00",
"db": "VULHUB",
"id": "VHN-1958"
},
{
"date": "2000-05-16T00:00:00",
"db": "BID",
"id": "1177"
},
{
"date": "2000-05-16T04:00:00",
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"date": "2000-05-16T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-10T00:00:00",
"db": "VULHUB",
"id": "VHN-1958"
},
{
"date": "2000-05-16T00:00:00",
"db": "BID",
"id": "1177"
},
{
"date": "2023-11-07T01:55:17.863000",
"db": "NVD",
"id": "CVE-2000-0379"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Netopia DSL Router Vulnerability",
"sources": [
{
"db": "BID",
"id": "1177"
},
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200005-056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…