Details of VAR-200203-0057

ID

VAR-200203-0057

CVE

CVE-2002-0109

TITLE

Linksys DSL Router Arbitrarily Sets SNMP Trap System Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-0013

DESCRIPTION

Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly other products, allow remote attackers to gain sensitive information and cause a denial of service via an SNMP query for the default community string "public," which causes the router to change its configuration and send SNMP trap information back to the system that initiated the query. Linksys DSL router is a high-speed internet access solution provided by Linksys Group. Linksys DSL routers provide features including high-speed internet access, built-in switching capabilities in the router, and Voice-over-IP. Linksys routers send SNMP traps to arbitrary addresses. This will leak network traffic information handled by the router. Because SNMP uses UDP as a means of transmitting information, this may result in a number of routers being used to create a network of distributed denial of service attacks. The problem is in the use of a default community string. The problem affects Linksys routers which may work with either Microsoft or Unix and Linux systems

Trust: 2.07

sources: NVD: CVE-2002-0109 // CNVD: CNVD-2002-0013 // BID: 3797 // BID: 3795 // VULHUB: VHN-4504

AFFECTED PRODUCTS

vendor:	linksys	model:	befsr41	scope:	eq	version:	0.0	Trust: 1.6
vendor:	linksys	model:	befn2ps4	scope:	eq	version:	0.0	Trust: 1.6
vendor:	linksys	model:	befsr81	scope:	eq	version:	*	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	etherfast befsr81 router	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	etherfast befn2ps4 router	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	befsr81	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2002-0013 // BID: 3797 // BID: 3795 // CNNVD: CNNVD-200203-048 // NVD: CVE-2002-0109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0109
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200203-048
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-4504
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-0109
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4504
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4504 // CNNVD: CNNVD-200203-048 // NVD: CVE-2002-0109

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0109

THREAT TYPE

network

Trust: 0.6

sources: BID: 3797 // BID: 3795

TYPE

Design Error

Trust: 1.2

sources: BID: 3797 // BID: 3795 // CNNVD: CNNVD-200203-048

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0109	Trust: 2.9
db:	BID	id:	3795	Trust: 2.0
db:	BID	id:	3797	Trust: 2.0
db:	CNNVD	id:	CNNVD-200203-048	Trust: 0.7
db:	CNVD	id:	CNVD-2002-0013	Trust: 0.6
db:	XF	id:	7827	Trust: 0.6
db:	BUGTRAQ	id:	20020106 LINKSYS 'ROUTERS', SNMP ISSUES	Trust: 0.6
db:	VULHUB	id:	VHN-4504	Trust: 0.1

sources: CNVD: CNVD-2002-0013 // VULHUB: VHN-4504 // BID: 3797 // BID: 3795 // CNNVD: CNNVD-200203-048 // NVD: CVE-2002-0109

REFERENCES

url:	http://www.securityfocus.com/bid/3795	Trust: 1.7
url:	http://www.securityfocus.com/bid/3797	Trust: 1.7
url:	http://www.iss.net/security_center/static/7827.php	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=101039288111680&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=101039288111680&w=2	Trust: 0.6
url:	http://marc.info/?l=bugtraq&m=101039288111680&w=2	Trust: 0.1

sources: VULHUB: VHN-4504 // CNNVD: CNNVD-200203-048 // NVD: CVE-2002-0109

CREDITS

This vulnerability was announced by Matthew S. Hallacy <poptix@techmonkeys.org> via Bugtraq on January 6, 2002.

Trust: 0.6

sources: BID: 3797 // BID: 3795

SOURCES

db:	CNVD	id:	CNVD-2002-0013
db:	VULHUB	id:	VHN-4504
db:	BID	id:	3797
db:	BID	id:	3795
db:	CNNVD	id:	CNNVD-200203-048
db:	NVD	id:	CVE-2002-0109

LAST UPDATE DATE

2025-04-03T22:37:41.658000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-0013	date:	2002-01-11T00:00:00
db:	VULHUB	id:	VHN-4504	date:	2016-10-18T00:00:00
db:	BID	id:	3797	date:	2009-07-11T09:56:00
db:	BID	id:	3795	date:	2009-07-11T09:56:00
db:	CNNVD	id:	CNNVD-200203-048	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0109	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-0013	date:	2002-01-06T00:00:00
db:	VULHUB	id:	VHN-4504	date:	2002-03-25T00:00:00
db:	BID	id:	3797	date:	2002-01-06T00:00:00
db:	BID	id:	3795	date:	2002-01-06T00:00:00
db:	CNNVD	id:	CNNVD-200203-048	date:	2002-01-06T00:00:00
db:	NVD	id:	CVE-2002-0109	date:	2002-03-25T05:00:00