VAR-200811-0218
Vulnerability from variot - Updated: 2023-12-18 13:53Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Successful exploitation will allow attackers to gain access to the router's web configuration interface. RO002 Router with firmware Ts03-072 is vulnerable; other versions may be affected as well. Sweex RO002 is a broadband router mainly used in Europe. ----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/
TITLE: Sweex RO002 Router Undocumented Account Security Issue
SECUNIA ADVISORY ID: SA32623
VERIFY ADVISORY: http://secunia.com/advisories/32623/
CRITICAL: Less critical
IMPACT: Security Bypass
WHERE:
From local network
OPERATING SYSTEM: Sweex RO002 Router http://secunia.com/advisories/product/20462/
DESCRIPTION: Rob Stout has reported a security issue in the Sweex RO002 Router, which can be exploited by malicious people to bypass certain security restrictions. modify the configuration.
The security issue is reported in firmware version Ts03-072.
Reportedly, the vendor is working on a fix.
PROVIDED AND/OR DISCOVERED BY: Rob Stout
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200811-0218",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ro002 router",
"scope": "eq",
"trust": 2.4,
"vendor": "sweex",
"version": "ts03-072"
},
{
"model": "ro002 router ts03-072",
"scope": null,
"trust": 0.3,
"vendor": "sweex",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "32249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sweex:ro002_router:ts03-072:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5041"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Rob Stout",
"sources": [
{
"db": "BID",
"id": "32249"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
],
"trust": 0.9
},
"cve": "CVE-2008-5041",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2008-5041",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-35166",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-5041",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200811-183",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-35166",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sweex RO002 Router with firmware Ts03-072 has \"rdc123\" as its default password for the \"rdc123\" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. \nSuccessful exploitation will allow attackers to gain access to the router\u0027s web configuration interface. \nRO002 Router with firmware Ts03-072 is vulnerable; other versions may be affected as well. Sweex RO002 is a broadband router mainly used in Europe. ----------------------------------------------------------------------\n\nDo you need accurate and reliable IDS / IPS / AV detection rules?\n\nGet in-depth vulnerability details:\nhttp://secunia.com/binary_analysis/sample_analysis/\n\n----------------------------------------------------------------------\n\nTITLE:\nSweex RO002 Router Undocumented Account Security Issue\n\nSECUNIA ADVISORY ID:\nSA32623\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/32623/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nSweex RO002 Router\nhttp://secunia.com/advisories/product/20462/\n\nDESCRIPTION:\nRob Stout has reported a security issue in the Sweex RO002 Router,\nwhich can be exploited by malicious people to bypass certain security\nrestrictions. modify the configuration. \n\nThe security issue is reported in firmware version Ts03-072. \n\nReportedly, the vendor is working on a fix. \n\nPROVIDED AND/OR DISCOVERED BY:\nRob Stout\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "BID",
"id": "32249"
},
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "PACKETSTORM",
"id": "71844"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-5041",
"trust": 2.8
},
{
"db": "BID",
"id": "32249",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "32623",
"trust": 1.8
},
{
"db": "OSVDB",
"id": "49865",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438",
"trust": 0.8
},
{
"db": "XF",
"id": "46517",
"trust": 0.6
},
{
"db": "XF",
"id": "002",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-35166",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "71844",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "BID",
"id": "32249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "PACKETSTORM",
"id": "71844"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"id": "VAR-200811-0218",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-35166"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:53:50.339000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.sweex.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-264",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/32249"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/32623"
},
{
"trust": 1.1,
"url": "http://osvdb.org/49865"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46517"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5041"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5041"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/46517"
},
{
"trust": 0.3,
"url": "http://www.sweex.com/producten.php?sectie=\u0026subsectie=\u0026item=80\u0026artikel=858\u0026detail=h"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/product/20462/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/32623/"
},
{
"trust": 0.1,
"url": "http://secunia.com/binary_analysis/sample_analysis/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "BID",
"id": "32249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "PACKETSTORM",
"id": "71844"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-35166"
},
{
"db": "BID",
"id": "32249"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"db": "PACKETSTORM",
"id": "71844"
},
{
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-35166"
},
{
"date": "2008-11-11T00:00:00",
"db": "BID",
"id": "32249"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"date": "2008-11-12T22:55:13",
"db": "PACKETSTORM",
"id": "71844"
},
{
"date": "2008-11-12T21:11:06.867000",
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"date": "2008-11-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-08T00:00:00",
"db": "VULHUB",
"id": "VHN-35166"
},
{
"date": "2015-04-16T17:51:00",
"db": "BID",
"id": "32249"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-006438"
},
{
"date": "2017-08-08T01:33:04.390000",
"db": "NVD",
"id": "CVE-2008-5041"
},
{
"date": "2008-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Sweex RO002 Router Vulnerabilities that gain access",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-006438"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200811-183"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…