Details of VAR-200112-0191

ID

VAR-200112-0191

CVE

CVE-2001-1538

TITLE

SpeedXess HA-120 Router default management password vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200112-234

DESCRIPTION

SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access. The SpeedXess HA-120 router is a home-grade hardware solution used to route DSL connections. It is manufactured by Hyundai Networks. When installed, the router does not prompt the user to change the password. Added to this problem is the fact that the factory sets the password to a known default for every router. A remote attacker can use this vulnerability to gain root directory permissions

Trust: 1.26

sources: NVD: CVE-2001-1538 // BID: 3617 // VULHUB: VHN-4339

AFFECTED PRODUCTS

vendor:	speedxess	model:	ha-120 dsl router	scope:	eq	version:	*	Trust: 1.0
vendor:	speedxess	model:	ha-120 dsl router	scope:	-	version:	-	Trust: 0.6
vendor:	hyundai	model:	ha-120 hase-120-1101	scope:	-	version:	-	Trust: 0.3

sources: BID: 3617 // CNNVD: CNNVD-200112-234 // NVD: CVE-2001-1538

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1538
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200112-234
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4339
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2001-1538
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4339
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4339 // CNNVD: CNNVD-200112-234 // NVD: CVE-2001-1538

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1538

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200112-234

TYPE

Configuration Error

Trust: 0.9

sources: BID: 3617 // CNNVD: CNNVD-200112-234

EXTERNAL IDS

db:	BID	id:	3617	Trust: 2.0
db:	NVD	id:	CVE-2001-1538	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-234	Trust: 0.7
db:	BUGTRAQ	id:	20011203 SPEEDXESS HASE-120 ROUTER DEFAULT PASSWORD	Trust: 0.6
db:	XF	id:	7655	Trust: 0.6
db:	VULHUB	id:	VHN-4339	Trust: 0.1

sources: VULHUB: VHN-4339 // BID: 3617 // CNNVD: CNNVD-200112-234 // NVD: CVE-2001-1538

REFERENCES

url:	http://www.securityfocus.com/bid/3617	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-12/0032.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/7655.php	Trust: 1.7

sources: VULHUB: VHN-4339 // CNNVD: CNNVD-200112-234 // NVD: CVE-2001-1538

CREDITS

This vulnerability was announced in a WOWHACKER Security Advisory on December 04, 2001.

Trust: 0.9

sources: BID: 3617 // CNNVD: CNNVD-200112-234

SOURCES

db:	VULHUB	id:	VHN-4339
db:	BID	id:	3617
db:	CNNVD	id:	CNNVD-200112-234
db:	NVD	id:	CVE-2001-1538

LAST UPDATE DATE

2025-04-03T22:39:10.362000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4339	date:	2008-09-05T00:00:00
db:	BID	id:	3617	date:	2001-12-04T00:00:00
db:	CNNVD	id:	CNNVD-200112-234	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2001-1538	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4339	date:	2001-12-31T00:00:00
db:	BID	id:	3617	date:	2001-12-04T00:00:00
db:	CNNVD	id:	CNNVD-200112-234	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1538	date:	2001-12-31T05:00:00