Details of VAR-200112-0256

ID

VAR-200112-0256

CVE

CVE-2001-1520

TITLE

Xircom Rex 6000 Password Retrieval Vulnerability

Trust: 0.9

sources: BID: 3574 // CNNVD: CNNVD-200112-172

DESCRIPTION

Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN. Xircom Rex 6000 PDA users can install Rextools on their desktop in order to manage the content on their MicroPDA device. A flaw exists in the transfer of the pin code information from the PDA to the Rextools application. The Rex 6000 sends the authentication information in plain text. The Xircom REX 6000 version is vulnerable

Trust: 1.26

sources: NVD: CVE-2001-1520 // BID: 3574 // VULHUB: VHN-4321

AFFECTED PRODUCTS

vendor:	intel	model:	xircom rex 6000	scope:	eq	version:	1	Trust: 1.6
vendor:	intel	model:	xircom rex 6000	scope:	eq	version:	*	Trust: 1.0
vendor:	intel	model:	xircom rex 6000	scope:	-	version:	-	Trust: 0.6
vendor:	xircom	model:	rex	scope:	eq	version:	6000	Trust: 0.3

sources: BID: 3574 // CNNVD: CNNVD-200112-172 // NVD: CVE-2001-1520

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2001-1520
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200112-172
value:	LOW
Trust: 0.6
VULHUB:	VHN-4321
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2001-1520
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4321
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4321 // CNNVD: CNNVD-200112-172 // NVD: CVE-2001-1520

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2001-1520

THREAT TYPE

local

Trust: 0.9

sources: BID: 3574 // CNNVD: CNNVD-200112-172

TYPE

Design Error

Trust: 0.9

sources: BID: 3574 // CNNVD: CNNVD-200112-172

EXTERNAL IDS

db:	BID	id:	3574	Trust: 2.0
db:	NVD	id:	CVE-2001-1520	Trust: 1.7
db:	CNNVD	id:	CNNVD-200112-172	Trust: 0.7
db:	XF	id:	6000	Trust: 0.6
db:	BUGTRAQ	id:	20011123 XIRCOM REX6000 PDA PASSWORD RETRIEVAL	Trust: 0.6
db:	VULHUB	id:	VHN-4321	Trust: 0.1

sources: VULHUB: VHN-4321 // BID: 3574 // CNNVD: CNNVD-200112-172 // NVD: CVE-2001-1520

REFERENCES

url:	http://www.securityfocus.com/bid/3574	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2001-11/0187.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/7584.php	Trust: 1.7
url:	http://www.rex.net/	Trust: 0.3

sources: VULHUB: VHN-4321 // BID: 3574 // CNNVD: CNNVD-200112-172 // NVD: CVE-2001-1520

CREDITS

Discovered and posted to Bugtraq by Daniel Jonsson <daniel2@algonet.se> on November 23, 2001.

Trust: 0.9

sources: BID: 3574 // CNNVD: CNNVD-200112-172

SOURCES

db:	VULHUB	id:	VHN-4321
db:	BID	id:	3574
db:	CNNVD	id:	CNNVD-200112-172
db:	NVD	id:	CVE-2001-1520

LAST UPDATE DATE

2025-04-03T22:39:10.290000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4321	date:	2008-09-05T00:00:00
db:	BID	id:	3574	date:	2001-11-23T00:00:00
db:	CNNVD	id:	CNNVD-200112-172	date:	2006-01-27T00:00:00
db:	NVD	id:	CVE-2001-1520	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4321	date:	2001-12-31T00:00:00
db:	BID	id:	3574	date:	2001-11-23T00:00:00
db:	CNNVD	id:	CNNVD-200112-172	date:	2001-12-31T00:00:00
db:	NVD	id:	CVE-2001-1520	date:	2001-12-31T05:00:00