发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:57:11

[原文]The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.

[CNNVD]Micronet Wireless Broadband路由器SP916BM firmware重置密码漏洞(CNNVD-200412-361)

        运行firmware的Micronet Wireless Broadband路由器SP916BM web界面关闭路由时将密码重置为默认密码。远程攻击者可以利用该漏洞访问根目录。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20041012 Micronet wireless broadband router SP916BM admin password reset when power off
(PATCH)  XF  micronet-router-password-reset(17697)

- 漏洞信息

Micronet Wireless Broadband路由器SP916BM firmware重置密码漏洞
高危 未知
2004-12-31 00:00:00 2005-10-20 00:00:00
        运行firmware的Micronet Wireless Broadband路由器SP916BM web界面关闭路由时将密码重置为默认密码。远程攻击者可以利用该漏洞访问根目录。

- 公告与补丁


- 漏洞信息

Micronet SP916BM Router Admin Password Reset
Physical Access Required Authentication Management
Loss of Integrity
Exploit Public

- 漏洞描述

Micronet SP916BM routers contain a flaw that may allow a local attacker gain access. When the device is powered off, the password for the account "admin" is reset to its default, "admin". It is possible to power cycle the device and then log into the web management interface (which is only accessible via the same subnet as the router, unless the administrator has explicitly enabled logins from other subnets) with administrative privileges.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to firmware version 1.9 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Change the default password upon installation. This would require the attacker to know the previously used admin password.

- 相关参考

- 漏洞作者