VAR-200203-0057
Vulnerability from variot - Updated: 2023-12-18 12:14Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. Linksys DSL router is a high-speed internet access solution provided by Linksys Group. Linksys DSL routers provide features including high-speed internet access, built-in switching capabilities in the router, and Voice-over-IP.
Linksys routers send SNMP traps to arbitrary addresses. This will leak network traffic information handled by the router. Because SNMP uses UDP as a means of transmitting information, this may result in a number of routers being used to create a network of distributed denial of service attacks. The problem is in the use of a default community string. The problem affects Linksys routers which may work with either Microsoft or Unix and Linux systems
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200203-0057",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "0.0"
},
{
"model": "befn2ps4",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "0.0"
},
{
"model": "befsr81",
"scope": "eq",
"trust": 1.0,
"vendor": "linksys",
"version": "*"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "etherfast befsr81 router",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "etherfast befn2ps4 router",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
},
{
"model": "befsr81",
"scope": null,
"trust": 0.6,
"vendor": "linksys",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
},
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befn2ps4:0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr81:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0109"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This vulnerability was announced by Matthew S. Hallacy \u003cpoptix@techmonkeys.org\u003e via Bugtraq on January 6, 2002.",
"sources": [
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0109",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4504",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0109",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200203-048",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4504",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4504"
},
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string \"public,\" which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. Linksys DSL router is a high-speed internet access solution provided by Linksys Group. Linksys DSL routers provide features including high-speed internet access, built-in switching capabilities in the router, and Voice-over-IP. \n\n\u00a0Linksys routers send SNMP traps to arbitrary addresses. This will leak network traffic information handled by the router. Because SNMP uses UDP as a means of transmitting information, this may result in a number of routers being used to create a network of distributed denial of service attacks. The problem is in the use of a default community string. The problem affects Linksys routers which may work with either Microsoft or Unix and Linux systems",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
},
{
"db": "VULHUB",
"id": "VHN-4504"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-0109",
"trust": 2.9
},
{
"db": "BID",
"id": "3795",
"trust": 2.0
},
{
"db": "BID",
"id": "3797",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-0013",
"trust": 0.6
},
{
"db": "XF",
"id": "7827",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020106 LINKSYS \u0027ROUTERS\u0027, SNMP ISSUES",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-4504",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"db": "VULHUB",
"id": "VHN-4504"
},
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
},
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"id": "VAR-200203-0057",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4504"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:14:07.449000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0109"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3795"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/3797"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/7827.php"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=101039288111680\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101039288111680\u0026w=2"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=101039288111680\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4504"
},
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"db": "VULHUB",
"id": "VHN-4504"
},
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
},
{
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-01-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"date": "2002-03-25T00:00:00",
"db": "VULHUB",
"id": "VHN-4504"
},
{
"date": "2002-01-06T00:00:00",
"db": "BID",
"id": "3797"
},
{
"date": "2002-01-06T00:00:00",
"db": "BID",
"id": "3795"
},
{
"date": "2002-03-25T05:00:00",
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"date": "2002-01-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-01-11T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-0013"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4504"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3797"
},
{
"date": "2009-07-11T09:56:00",
"db": "BID",
"id": "3795"
},
{
"date": "2016-10-18T02:16:15.937000",
"db": "NVD",
"id": "CVE-2002-0109"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys DSL Router Arbitrarily Sets SNMP Trap System Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-0013"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "3797"
},
{
"db": "BID",
"id": "3795"
},
{
"db": "CNNVD",
"id": "CNNVD-200203-048"
}
],
"trust": 1.2
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…