VAR-200212-0510
Vulnerability from variot - Updated: 2024-02-15 23:01D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link.
DWL-900AP + contains an undisclosed TFTP service program.
-WEP encryption key.
-Network configuration data (address, SSID, etc.).
This data exists in clear text, and through this data, an attacker may be able to control the entire device.
In addition, you can obtain other configuration files by accessing the request TFTP server:
-eeprom.dat
-mac.dat
-wtune.dat
-rom.img
-normal.img. This could lead to the disclosure of sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0510",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.1"
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 1.0,
"vendor": "dlink",
"version": "2.2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.1"
},
{
"model": "dwl-900ap\\+",
"scope": "eq",
"trust": 0.6,
"vendor": "d link",
"version": "2.2"
},
{
"model": "dwl-900ap+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.2"
},
{
"model": "dwl-900ap+",
"scope": "eq",
"trust": 0.3,
"vendor": "d link",
"version": "2.1"
},
{
"model": "dwl-900ap+",
"scope": "ne",
"trust": 0.3,
"vendor": "d link",
"version": "2.3"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:dlink:dwl-900ap\\+_firmware:2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:dlink:dwl-900ap\\+_firmware:2.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:dlink:dwl-900ap\\+:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerability discovery credited to \u003csecurity@rionero.com\u003e.",
"sources": [
{
"db": "BID",
"id": "6015"
}
],
"trust": 0.3
},
"cve": "CVE-2002-1810",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6193",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-1810",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-717",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-6193",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information. DWL-900AP + is a WiFi / 802.11b wireless access point system developed by D-Link. \n\n\u00a0DWL-900AP + contains an undisclosed TFTP service program. \n\n\u00a0-WEP encryption key. \n\n\u00a0-Network configuration data (address, SSID, etc.). \n\n\u00a0This data exists in clear text, and through this data, an attacker may be able to control the entire device. \n\n\u00a0In addition, you can obtain other configuration files by accessing the request TFTP server:\n\n\u00a0-eeprom.dat\n\n\u00a0-mac.dat\n\n\u00a0-wtune.dat\n\n\u00a0-rom.img\n\n\u00a0-normal.img. This could lead to the disclosure of sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
},
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "VULHUB",
"id": "VHN-6193"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2002-1810",
"trust": 2.3
},
{
"db": "BID",
"id": "6015",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2002-3891",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3707",
"trust": 0.6
},
{
"db": "XF",
"id": "10424",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6193",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"id": "VAR-200212-0510",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
}
],
"trust": 0.06999999999999999
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"IoT"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
}
]
},
"last_update_date": "2024-02-15T23:01:07.925000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6015"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10424.php"
},
{
"trust": 1.1,
"url": "http://online.securityfocus.com/archive/1/296374"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3707"
},
{
"trust": 0.3,
"url": "http://www.dlink.com/products/digitalhome/wireless/11b+/dwl900ap+/"
},
{
"trust": 0.3,
"url": "http://support.dlink.com/products/view.asp?productid=dwl-900ap+"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"db": "VULHUB",
"id": "VHN-6193"
},
{
"db": "BID",
"id": "6015"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-21T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6193"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6015"
},
{
"date": "2002-10-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-10-25T00:00:00",
"db": "CNVD",
"id": "CNVD-2002-3891"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6193"
},
{
"date": "2002-10-21T00:00:00",
"db": "BID",
"id": "6015"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-717"
},
{
"date": "2024-02-14T17:25:43.527000",
"db": "NVD",
"id": "CVE-2002-1810"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "D-Link DWL-900AP + TFTP Server Arbitrary File Acquisition Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2002-3891"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "access verification error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-717"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…