发布时间 :1998-07-20 00:00:00
修订时间 :2016-10-17 22:04:19

[原文]NBase switches NH208 and NH215 run a TFTP server which allows remote attackers to send software updates to modify the switch or cause a denial of service (crash) by guessing the target filenames, which have default names.


        Nbase交换机 NH208和NH215运行一个TFTP服务器,远程攻击者通过推测含默认名称的目标文件名,发送软件升级来修改交换机或者导致服务拒绝(崩溃)。

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  19980720 N-Base Vulnerability Advisory
(UNKNOWN)  BUGTRAQ  19980722 N-Base Vulnerability Advisory Followup

- 漏洞信息

中危 其他
1998-07-20 00:00:00 2005-10-20 00:00:00
        Nbase交换机 NH208和NH215运行一个TFTP服务器,远程攻击者通过推测含默认名称的目标文件名,发送软件升级来修改交换机或者导致服务拒绝(崩溃)。

- 公告与补丁

        Upgrading to a newer software revision is the only effective way to solve these security problems. Updated software is available from A post was sent to the Bugtraq mailing list by Geoff Cummins detailing the additional security features found in the updated software. They are as follows.
        set-full-sec enable (this disables the backdoor passwords)
        set-sw-file XXX (where XXX is the name you want to call your SNMP software update file)
        set-par-file XXX (where XXX is the name you want to call your parameters file)
        set-passwd (this will display a prompt to enter a new password)
        set-comm read XXX (where XXX is the new read community)
        set-comm write XXX (where XXX is the new write community)
        These steps should secure the mentioned MegaSwitch II configurations.
        For GigaFrame Switch NH3012 2.1
        set-full-sec enabled
        set-sw-file XXX
        set-par-file XXX
        set-comm read XXX
        set-comm write XXX
        del-user user (By default there are two users "super", and "user". "super" has supervisor priveldges, "user" is just a default. To secure the system, you should delete the "user" account.)

- 漏洞信息

NBase NH Series Switches TFTP Remote File Modification
Remote / Network Access
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

1998-07-20 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete