VAR-200211-0010
Vulnerability from variot - Updated: 2023-12-18 12:13The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Linksys EtherFast Cable / DSL routers is a small four-port router designed to optimize the use of DSL or Cable connections.
BEFSR41 contains a WEB interface that can be used to manage the configuration, which includes the Gozila.cgi script, but if the Gozila.cgi script is requested without submitting any parameters, it can cause BEFSR41 to crash and stop responding to normal requests. Linksys BEFSR41 is vulnerable to a denial of service condition. The denial of service condition will be triggered when the device receives a request for the script file 'Gozila.cgi' without any parameters
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200211-0010",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "befsr41",
"scope": "eq",
"trust": 1.6,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.7"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.42.3"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.41"
},
{
"model": "etherfast befsr41 router",
"scope": "eq",
"trust": 0.3,
"vendor": "linksys",
"version": "1.40.2"
},
{
"model": "etherfast befsr41 router",
"scope": "ne",
"trust": 0.3,
"vendor": "linksys",
"version": "1.43"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"db": "BID",
"id": "6086"
},
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.40.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.42.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:h:linksys:befsr41:1.42.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1236"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jeep 94\u203b lowjeep94@hotmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
],
"trust": 0.6
},
"cve": "CVE-2002-1236",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-5621",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1236",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200211-014",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-5621",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5621"
},
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments. Linksys EtherFast Cable / DSL routers is a small four-port router designed to optimize the use of DSL or Cable connections. \n\n\u00a0BEFSR41 contains a WEB interface that can be used to manage the configuration, which includes the Gozila.cgi script, but if the Gozila.cgi script is requested without submitting any parameters, it can cause BEFSR41 to crash and stop responding to normal requests. Linksys BEFSR41 is vulnerable to a denial of service condition. \nThe denial of service condition will be triggered when the device receives a request for the script file \u0027Gozila.cgi\u0027 without any parameters",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"db": "BID",
"id": "6086"
},
{
"db": "VULHUB",
"id": "VHN-5621"
}
],
"trust": 1.8
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-5621",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5621"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1236",
"trust": 2.6
},
{
"db": "BID",
"id": "6086",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-3969",
"trust": 0.6
},
{
"db": "VULNWATCH",
"id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02A: DENIAL OF SERVICE VULNERABILITY IN LINKSYS BEFSR41 ETHERFAST CABLE/DSL ROUTER",
"trust": 0.6
},
{
"db": "XF",
"id": "10514",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021101 IDEFENSE SECURITY ADVISORY 10.31.02A: DENIAL OF SERVICE VULNERABILITY IN LINKSYS BEFSR41 ETHERFAST CABLE/DSL ROUTER",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21975",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-5621",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"db": "VULHUB",
"id": "VHN-5621"
},
{
"db": "BID",
"id": "6086"
},
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"id": "VAR-200211-0010",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-5621"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:13:59.558000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1236"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6086"
},
{
"trust": 1.7,
"url": "http://www.idefense.com/advisory/10.31.02a.txt"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10514.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=103616324103171\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=103616324103171\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.linksys.com/products/group.asp?grid=23"
},
{
"trust": 0.3,
"url": "/archive/1/298188"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-5621"
},
{
"db": "BID",
"id": "6086"
},
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"db": "VULHUB",
"id": "VHN-5621"
},
{
"db": "BID",
"id": "6086"
},
{
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"date": "2002-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-5621"
},
{
"date": "2002-11-01T00:00:00",
"db": "BID",
"id": "6086"
},
{
"date": "2002-11-12T05:00:00",
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"date": "2002-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-31T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3969"
},
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-5621"
},
{
"date": "2009-07-11T18:06:00",
"db": "BID",
"id": "6086"
},
{
"date": "2016-10-18T02:25:06.133000",
"db": "NVD",
"id": "CVE-2002-1236"
},
{
"date": "2005-05-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Linksys BEFSR41 EtherFast Cable / DSL Router Remote Denial of Service Attack Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3969"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200211-014"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…