Details of VAR-200208-0019

ID

VAR-200208-0019

CVE

CVE-2002-0426

TITLE

Linksys BEFVP41 Key Truncation Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2002-0430 // CNNVD: CNNVD-200208-084

DESCRIPTION

VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys. BEFVP41 is a hardware router that is currently developed and maintained by Linksys. BEFVP41 supports Triple DES encryption keys (48 hexadecimal characters) and MD5 check keys (32 hexadecimal characters) of the following lengths, respectively. Encryption: 80C4DAFD9AFC3D7AB57079E19DEBFFF43538A62039768D74 Authentication: 32EA72F58D7F1E063E14A3FF78131172 However, due to a design error, when the user tried to manually enter these keys, they were cut off by mistake, and became 23 hex characters and 19 hex characters respectively. Encryption: 80C4DAFD9AFC3D7AB57079E Authentication: 32EA72F58D7F1E063E1 This leads to the eventual use of weak keys, increasing the likelihood of successful brute-force brute-force attacks. However, when a user attempts to manually enter a generated Triple DES key of any length greater than 23 bytes, the key is truncated to a maximum of 23 bytes. Manual entry of the key results in a truncated key maximum length of 19 bytes

Trust: 1.8

sources: NVD: CVE-2002-0426 // CNVD: CNVD-2002-0430 // BID: 4250 // VULHUB: VHN-4819

AFFECTED PRODUCTS

vendor:	linksys	model:	befvp41	scope:	lte	version:	1.40.1	Trust: 1.0
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	linksys	model:	befvp41	scope:	eq	version:	1.40.1	Trust: 0.6
vendor:	linksys	model:	etherfast befvp41 router	scope:	-	version:	-	Trust: 0.3

sources: CNVD: CNVD-2002-0430 // BID: 4250 // CNNVD: CNNVD-200208-084 // NVD: CVE-2002-0426

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0426
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200208-084
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4819
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0426
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4819
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4819 // CNNVD: CNNVD-200208-084 // NVD: CVE-2002-0426

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0426

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-084

TYPE

Design Error

Trust: 0.9

sources: BID: 4250 // CNNVD: CNNVD-200208-084

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0426	Trust: 2.6
db:	BID	id:	4250	Trust: 2.0
db:	CNNVD	id:	CNNVD-200208-084	Trust: 0.7
db:	CNVD	id:	CNVD-2002-0430	Trust: 0.6
db:	BUGTRAQ	id:	20020308 LINKSYS BEFVP41 VPN SERVER DOES NOT FOLLOW PROPER VPN STANDARDS	Trust: 0.6
db:	XF	id:	8397	Trust: 0.6
db:	VULHUB	id:	VHN-4819	Trust: 0.1

sources: CNVD: CNVD-2002-0430 // VULHUB: VHN-4819 // BID: 4250 // CNNVD: CNNVD-200208-084 // NVD: CVE-2002-0426

REFERENCES

url:	http://www.securityfocus.com/bid/4250	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/260613	Trust: 1.7
url:	ftp://ftp.linksys.com/pub/befsr41/befvp41-1402.zip	Trust: 1.7
url:	http://www.iss.net/security_center/static/8397.php	Trust: 1.7
url:	http://www1.linksys.com/products/product.asp?grid=34&scid=29&prid=607	Trust: 0.3
url:	http://www.linksys.com/support/support.asp?spid=85	Trust: 0.3

sources: VULHUB: VHN-4819 // BID: 4250 // CNNVD: CNNVD-200208-084 // NVD: CVE-2002-0426

CREDITS

Phil Schlesinger※ pschlesinger@teltechplus.com

Trust: 0.6

sources: CNNVD: CNNVD-200208-084

SOURCES

db:	CNVD	id:	CNVD-2002-0430
db:	VULHUB	id:	VHN-4819
db:	BID	id:	4250
db:	CNNVD	id:	CNNVD-200208-084
db:	NVD	id:	CVE-2002-0426

LAST UPDATE DATE

2025-04-03T22:42:49.926000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-0430	date:	2002-03-12T00:00:00
db:	VULHUB	id:	VHN-4819	date:	2008-09-05T00:00:00
db:	BID	id:	4250	date:	2009-07-11T10:56:00
db:	CNNVD	id:	CNNVD-200208-084	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-0426	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-0430	date:	2002-03-08T00:00:00
db:	VULHUB	id:	VHN-4819	date:	2002-08-12T00:00:00
db:	BID	id:	4250	date:	2002-03-08T00:00:00
db:	CNNVD	id:	CNNVD-200208-084	date:	2002-03-08T00:00:00
db:	NVD	id:	CVE-2002-0426	date:	2002-08-12T04:00:00