CVE-2004-1591
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:57:11
NMCO    

[原文]The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.


[CNNVD]Micronet Wireless Broadband路由器SP916BM firmware重置密码漏洞(CNNVD-200412-361)

        运行firmware的Micronet Wireless Broadband路由器SP916BM web界面关闭路由时将密码重置为默认密码。远程攻击者可以利用该漏洞访问根目录。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1591
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1591
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-361
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=109759963126161&w=2
(UNKNOWN)  BUGTRAQ  20041012 Micronet wireless broadband router SP916BM admin password reset when power off
http://xforce.iss.net/xforce/xfdb/17697
(PATCH)  XF  micronet-router-password-reset(17697)

- 漏洞信息

Micronet Wireless Broadband路由器SP916BM firmware重置密码漏洞
高危 未知
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        运行firmware的Micronet Wireless Broadband路由器SP916BM web界面关闭路由时将密码重置为默认密码。远程攻击者可以利用该漏洞访问根目录。

- 公告与补丁

        

- 漏洞信息

10713
Micronet SP916BM Router Admin Password Reset
Physical Access Required Authentication Management
Loss of Integrity
Exploit Public

- 漏洞描述

Micronet SP916BM routers contain a flaw that may allow a local attacker gain access. When the device is powered off, the password for the account "admin" is reset to its default, "admin". It is possible to power cycle the device and then log into the web management interface (which is only accessible via the same subnet as the router, unless the administrator has explicitly enabled logins from other subnets) with administrative privileges.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to firmware version 1.9 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Change the default password upon installation. This would require the attacker to know the previously used admin password.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站