VAR-200212-0082
Vulnerability from variot - Updated: 2023-12-18 13:21Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. A weakness has been discovered in the encryption algorithm used by Telindus ADSL routers. Due to the use of a weak algorithm, as well as various static values within an encrypted packet, it may be possible for a remote attacker to decipher sensitive router information. By sniffing sensitive network traffic sent by the router, it may be possible for an attacker to deduce the administrator password. It should be noted that this issue is partially derived from the vulnerability described in BID 4946. TELINDUS ADSL router can be used for ADSL network connection
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "1120 adsl router",
"scope": "eq",
"trust": 1.6,
"vendor": "telindus",
"version": "6.0.21b_firmware"
},
{
"model": "adsl router .21b",
"scope": "eq",
"trust": 0.3,
"vendor": "telindus",
"version": "11206.0"
}
],
"sources": [
{
"db": "BID",
"id": "6919"
},
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:telindus:1120_adsl_router:6.0.21b_firmware:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2133"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "eflorio\u203b eflorio@edmaster.it",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2133",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-6516",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-2133",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-635",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-6516",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6516"
},
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption for UDP session traffic, which allows remote attackers to gain unauthorized access by sniffing and decrypting the administrative password. A weakness has been discovered in the encryption algorithm used by Telindus ADSL routers. Due to the use of a weak algorithm, as well as various static values within an encrypted packet, it may be possible for a remote attacker to decipher sensitive router information. \nBy sniffing sensitive network traffic sent by the router, it may be possible for an attacker to deduce the administrator password. \nIt should be noted that this issue is partially derived from the vulnerability described in BID 4946. TELINDUS ADSL router can be used for ADSL network connection",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "BID",
"id": "6919"
},
{
"db": "VULHUB",
"id": "VHN-6516"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6919",
"trust": 2.0
},
{
"db": "OSVDB",
"id": "4762",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2002-2133",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20021228 TELINDUS 112X ADSL ROUTER - WEAK PASSWORD ENCRYPTION",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20030223 WEAK ENCRYPTION SCHEME IN TELINDUS 112X",
"trust": 0.6
},
{
"db": "XF",
"id": "10951",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "4446",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6516",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6516"
},
{
"db": "BID",
"id": "6919"
},
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"id": "VAR-200212-0082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6516"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:21:20.872000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2133"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6919"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-12/0262.html"
},
{
"trust": 1.7,
"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0277.html"
},
{
"trust": 1.7,
"url": "http://www.osvdb.org/4762"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10951.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/4446"
},
{
"trust": 0.3,
"url": "/archive/1/312881"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6516"
},
{
"db": "BID",
"id": "6919"
},
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6516"
},
{
"db": "BID",
"id": "6919"
},
{
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6516"
},
{
"date": "2003-02-23T00:00:00",
"db": "BID",
"id": "6919"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6516"
},
{
"date": "2003-02-23T00:00:00",
"db": "BID",
"id": "6919"
},
{
"date": "2008-09-05T20:32:25.087000",
"db": "NVD",
"id": "CVE-2002-2133"
},
{
"date": "2006-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Telindus ADSL Router Encryption mechanism is not strong vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "6919"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-635"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…