VAR-200412-0769
Vulnerability from variot - Updated: 2024-02-13 22:33The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. A vulnerability has been reported to affect the implementation of NAT for the ZSR1104WE model Zonet Wireless Router. NAT for the wireless interface on the ZSR1104WE appliance is reported to modify IP data so that on the internal network, the origin address of forwarded traffic is that of the affected appliance. This issue may render the implementation of access controls on an internal host impossible. Zonet Wireless Router is a wireless access device. No detailed vulnerability details are currently available
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0769",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "zsr1104we wireless router runtime code",
"scope": "eq",
"trust": 1.6,
"vendor": "zonet",
"version": "2.41"
},
{
"model": "zsr1104we",
"scope": "eq",
"trust": 0.3,
"vendor": "zonet",
"version": "2.41"
}
],
"sources": [
{
"db": "BID",
"id": "10225"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:zonet:zsr1104we_wireless_router_runtime_code:2.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jason Wachtel\u203b jwachtel@homelogic.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2637",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-11065",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2637",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2004-2637",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1182",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-11065",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2004-2637",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11065"
},
{
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions. A vulnerability has been reported to affect the implementation of NAT for the ZSR1104WE model Zonet Wireless Router. NAT for the wireless interface on the ZSR1104WE appliance is reported to modify IP data so that on the internal network, the origin address of forwarded traffic is that of the affected appliance. This issue may render the implementation of access controls on an internal host impossible. Zonet Wireless Router is a wireless access device. No detailed vulnerability details are currently available",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2637"
},
{
"db": "BID",
"id": "10225"
},
{
"db": "VULHUB",
"id": "VHN-11065"
},
{
"db": "VULMON",
"id": "CVE-2004-2637"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10225",
"trust": 2.1
},
{
"db": "SECUNIA",
"id": "11499",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "5716",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1009967",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-2637",
"trust": 1.8
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182",
"trust": 0.7
},
{
"db": "XF",
"id": "16005",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20040429 ZONET ZSR1104WE ROUTER PROBLEM",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6392",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-11065",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2004-2637",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11065"
},
{
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"db": "BID",
"id": "10225"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"id": "VAR-200412-0769",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-11065"
}
],
"trust": 0.01
},
"last_update_date": "2024-02-13T22:33:11.130000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://www.securityfocus.com/bid/10225"
},
{
"trust": 1.8,
"url": "http://www.osvdb.org/5716"
},
{
"trust": 1.8,
"url": "http://securitytracker.com/id?1009967"
},
{
"trust": 1.8,
"url": "http://secunia.com/advisories/11499"
},
{
"trust": 1.2,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16005"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=full-disclosure\u0026m=108324905314026\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16005"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=full-disclosure\u0026m=108324905314026\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6392"
},
{
"trust": 0.3,
"url": "http://www.zonetusa.com/"
},
{
"trust": 0.3,
"url": "http://www.zonetusa.com/zsr1104we03.htm"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=full-disclosure\u0026amp;m=108324905314026\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-11065"
},
{
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"db": "BID",
"id": "10225"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-11065"
},
{
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"db": "BID",
"id": "10225"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-11065"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"date": "2004-04-23T00:00:00",
"db": "BID",
"id": "10225"
},
{
"date": "2004-04-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-20T00:00:00",
"db": "VULHUB",
"id": "VHN-11065"
},
{
"date": "2017-07-20T00:00:00",
"db": "VULMON",
"id": "CVE-2004-2637"
},
{
"date": "2004-04-23T00:00:00",
"db": "BID",
"id": "10225"
},
{
"date": "2005-12-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1182"
},
{
"date": "2017-07-20T01:29:03.347000",
"db": "NVD",
"id": "CVE-2004-2637"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Zonet Wireless Router NAT Implement design flaws",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "10225"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1182"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…