CVE-2002-0109
CVSS6.4
发布时间 :2002-03-25 00:00:00
修订时间 :2016-10-17 22:16:15
NMCOS    

[原文]Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query.


[CNNVD]Linksys DSL路由器默认SNMP口令漏洞(CNNVD-200203-048)

        
        Linksys DSL路由器是Linksys Group提供的internet高速访问解决方案。Linksys DSL路由器提供的功能包括高速internet访问,在路由器中的内置交换功能和Voice-over-IP等。
        Linksys DSL路由器存在设计问题,可以使远程攻击者从路由器得到网络流量等敏感信息。
        Linksys DSL路由器包含了一个名为"public"的口令。用这个口令访问系统,一个远程攻击者可以从路由器得到网络流量等敏感信息。
        

- CVSS (基础分值)

CVSS分值: 6.4 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/h:linksys:befsr81Linksys BEFSR81
cpe:/h:linksys:befsr41:0.0Linksys EtherFast BEFSR41 Router 0.0
cpe:/h:linksys:befn2ps4:0.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0109
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0109
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200203-048
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=101039288111680&w=2
(UNKNOWN)  BUGTRAQ  20020106 Linksys 'routers', SNMP issues
http://www.iss.net/security_center/static/7827.php
(VENDOR_ADVISORY)  XF  linksys-etherfast-default-snmp(7827)
http://www.securityfocus.com/bid/3795
(UNKNOWN)  BID  3795
http://www.securityfocus.com/bid/3797
(UNKNOWN)  BID  3797

- 漏洞信息

Linksys DSL路由器默认SNMP口令漏洞
中危 设计错误
2002-03-25 00:00:00 2005-10-20 00:00:00
远程  
        
        Linksys DSL路由器是Linksys Group提供的internet高速访问解决方案。Linksys DSL路由器提供的功能包括高速internet访问,在路由器中的内置交换功能和Voice-over-IP等。
        Linksys DSL路由器存在设计问题,可以使远程攻击者从路由器得到网络流量等敏感信息。
        Linksys DSL路由器包含了一个名为"public"的口令。用这个口令访问系统,一个远程攻击者可以从路由器得到网络流量等敏感信息。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 设置防火墙规则,禁止外网访问设备的SNMP服务。
        厂商补丁:
        Linksys
        -------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.linksys.com/

- 漏洞信息

6738
Linksys EtherFast SNMP Query Information Disclosure
Information Disclosure
Loss of Confidentiality

- 漏洞描述

Unknown or Incomplete

- 时间线

2002-01-06 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Linksys DSL Router Default SNMP Community String Vulnerability
Design Error 3797
Yes No
2002-01-06 12:00:00 2009-07-11 09:56:00
This vulnerability was announced by Matthew S. Hallacy <poptix@techmonkeys.org> via Bugtraq on January 6, 2002.

- 受影响的程序版本

Linksys EtherFast BEFSR81 Router
Linksys EtherFast BEFN2PS4 Router

- 漏洞讨论

Linksys DSL routers are high-speed internet access solutions distributed by the Linksys Group. Linksys DSL routers offer features such as high-speed internet access, switching built into some routers, and Voice-over-IP.

A problem with Linksys routers could make it possible for a remote user to gain sensitive information from a Linksys router. The problem is in the use of a default community string.

Linksys routers include a default community string of "public." By accessing a system using this string, a remote user may be able to gain sensitive information about a network managed by a vulnerable Linksys router.

- 漏洞利用

This vulnerability may be exploited by one of several available SNMP query tools.

- 解决方案

Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站