发布时间 :2001-08-10 00:00:00
修订时间 :2017-10-09 21:30:00

[原文]LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.

[CNNVD]LinkSys EtherFast BEFSR41 Cable/DSL路由器查看管理和用户密码漏洞的(CNNVD-200108-037)

        LinkSys EtherFast BEFSR41 Cable/DSL路由器运行固件1.39.3 Beta之前的版本时存在漏洞。远程攻击者通过连接到路由器且查看(1) index.htm和(2)Password.htm的HTML源从而查看管理和用户密码。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:linksys:befsr41:1.35Linksys EtherFast BEFSR41 Router 1.35
cpe:/h:linksys:befsr41:1.36Linksys EtherFast BEFSR41 Router 1.36
cpe:/h:linksys:befsr41:1.37Linksys EtherFast BEFSR41 Router 1.37
cpe:/h:linksys:befsr41:1.38.5Linksys EtherFast BEFSR41 Router 1.38

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port
(VENDOR_ADVISORY)  BUGTRAQ  20010810 Linksys router security fix
(UNKNOWN)  XF  linksys-etherfast-reveal-passwords(6949)

- 漏洞信息

LinkSys EtherFast BEFSR41 Cable/DSL路由器查看管理和用户密码漏洞的
中危 未知
2001-08-10 00:00:00 2005-05-02 00:00:00
        LinkSys EtherFast BEFSR41 Cable/DSL路由器运行固件1.39.3 Beta之前的版本时存在漏洞。远程攻击者通过连接到路由器且查看(1) index.htm和(2)Password.htm的HTML源从而查看管理和用户密码。

- 公告与补丁


- 漏洞信息

Linksys EtherFast index.htm DSL Username/Password Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

Linksys Etherfast BEFSR41 routers contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext ISP account username/password combinations when accessing the index.htm page from the hardware management interface. This may lead to a loss of confidentiality, integrity and/or availability.

- 时间线

2001-08-02 2001-07-23
2001-08-02 Unknow

- 解决方案

Upgrade to firmware version 1.39.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者