VAR-200108-0036
Vulnerability from variot - Updated: 2023-12-18 14:07LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. Linksys EtherFast routers are small four port routers designed to optimize the use of DSL or Cable connections. EtherFast routers provide advanced features such as Network Address Translation, and DHCP Serving. EtherFast routers store the ISP and router login passwords in HTML configuration files. Additionally, when accessed by the administrator, the information is sent over the network in plain text. This makes it possible to sniff the passwords during transit. A vulnerability exists in the LinkSys EtherFast BEFSR41 Cable/DSL router running firmware prior to 1.39.3 Beta
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200108-0036",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.38.5"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.38"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.37"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.36"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.35"
},
{
"model": "etherfast befsr41 router",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "1.39"
}
],
"sources": [
{
"db": "BID",
"id": "3141"
},
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.35:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.38.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.36:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.37:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1117"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced via the Vulnwatch Security List by hypoclear \u003chypoclear@jungle.net\u003e on August 2, 2001.",
"sources": [
{
"db": "BID",
"id": "3141"
}
],
"trust": 0.3
},
"cve": "CVE-2001-1117",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-3922",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2001-1117",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200108-037",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-3922",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3922"
},
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm. Linksys EtherFast routers are small four port routers designed to optimize the use of DSL or Cable connections. EtherFast routers provide advanced features such as Network Address Translation, and DHCP Serving. \nEtherFast routers store the ISP and router login passwords in HTML configuration files. Additionally, when accessed by the administrator, the information is sent over the network in plain text. This makes it possible to sniff the passwords during transit. A vulnerability exists in the LinkSys EtherFast BEFSR41 Cable/DSL router running firmware prior to 1.39.3 Beta",
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "BID",
"id": "3141"
},
{
"db": "VULHUB",
"id": "VHN-3922"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "3141",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "1920",
"trust": 1.7
},
{
"db": "OSVDB",
"id": "5467",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2001-1117",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20010802 ADVISORY UPDATE: DESIGN FLAW IN LINKSYS ETHERFAST 4-PORT",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20010810 LINKSYS ROUTER SECURITY FIX",
"trust": 0.6
},
{
"db": "XF",
"id": "6949",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-3922",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3922"
},
{
"db": "BID",
"id": "3141"
},
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"id": "VAR-200108-0036",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-3922"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:07:09.116000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2001-1117"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3141"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/201390"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/archive/1/203302"
},
{
"trust": 1.7,
"url": "ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/1920"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/5467"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6949"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/static/6949.php"
},
{
"trust": 0.3,
"url": "http://hypoclear.cjb.net/hypo_linksys_advisory.txt"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-3922"
},
{
"db": "BID",
"id": "3141"
},
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-3922"
},
{
"db": "BID",
"id": "3141"
},
{
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2001-08-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3922"
},
{
"date": "2001-08-02T00:00:00",
"db": "BID",
"id": "3141"
},
{
"date": "2001-08-10T04:00:00",
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"date": "2001-08-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-10-10T00:00:00",
"db": "VULHUB",
"id": "VHN-3922"
},
{
"date": "2001-08-02T00:00:00",
"db": "BID",
"id": "3141"
},
{
"date": "2017-10-10T01:30:00.673000",
"db": "NVD",
"id": "CVE-2001-1117"
},
{
"date": "2005-05-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "LinkSys EtherFast BEFSR41 Cable/DSL Router View Management and User Password Vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200108-037"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…