VAR-200505-0466
Vulnerability from variot - Updated: 2024-01-18 22:41The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. Multiple vulnerabilities are reported to exist in Samsung DSL modems. The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files. The second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem. These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device. Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected. Samsung's DSL modem is a communication device used in broadband networks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200505-0466",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "samsung adsl modem",
"scope": "eq",
"trust": 1.6,
"vendor": "securecomputing",
"version": "smdk8947v1.2"
},
{
"model": "dsl modem smdk8947v1.2",
"scope": null,
"trust": 0.3,
"vendor": "samsung",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "12864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:securecomputing:samsung_adsl_modem:smdk8947v1.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Morning Wood se_cur_ity@hotmail.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
}
],
"trust": 0.6
},
"cve": "CVE-2005-0864",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-12073",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2005-0864",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2005-0864",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200505-418",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-12073",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2005-0864",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12073"
},
{
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request. Multiple vulnerabilities are reported to exist in Samsung DSL modems. \nThe first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files. \nThe second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem. \nThese vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device. \nSamsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected. Samsung\u0027s DSL modem is a communication device used in broadband networks",
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0864"
},
{
"db": "BID",
"id": "12864"
},
{
"db": "VULHUB",
"id": "VHN-12073"
},
{
"db": "VULMON",
"id": "CVE-2005-0864"
}
],
"trust": 1.35
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "12864",
"trust": 2.1
},
{
"db": "NVD",
"id": "CVE-2005-0864",
"trust": 2.1
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-12073",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2005-0864",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12073"
},
{
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"db": "BID",
"id": "12864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"id": "VAR-200505-0466",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-12073"
}
],
"trust": 0.01
},
"last_update_date": "2024-01-18T22:41:10.758000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "YABWF - Yet Another Boa Webserver Fork\n\u4ee5\u4e0b\u662f\u539fBoa Webserver\u7684README\u539f\u6587\uff0c\u7528\u4e8e\u53c2\u8003",
"trust": 0.1,
"url": "https://github.com/knighthana/yabwf "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2005-0864"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://exploitlabs.com/files/advisories/expl-a-2005-002-samsung-adsl.txt"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/12864"
},
{
"trust": 1.8,
"url": "http://zone-h.org/en/advisories/read/id=7339/"
},
{
"trust": 0.3,
"url": "http://www.samsung.com/"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/knighthana/yabwf"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-12073"
},
{
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"db": "BID",
"id": "12864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-12073"
},
{
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"db": "BID",
"id": "12864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2005-05-02T00:00:00",
"db": "VULHUB",
"id": "VHN-12073"
},
{
"date": "2005-05-02T00:00:00",
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"date": "2005-03-21T00:00:00",
"db": "BID",
"id": "12864"
},
{
"date": "2005-03-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"date": "2005-05-02T04:00:00",
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-12073"
},
{
"date": "2008-09-05T00:00:00",
"db": "VULMON",
"id": "CVE-2005-0864"
},
{
"date": "2009-07-12T10:56:00",
"db": "BID",
"id": "12864"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200505-418"
},
{
"date": "2008-09-05T20:47:32.457000",
"db": "NVD",
"id": "CVE-2005-0864"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DSL Modem multiple remote security vulnerabilities",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "12864"
},
{
"db": "CNNVD",
"id": "CNNVD-200505-418"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…