Details of VAR-200212-0200

ID

VAR-200212-0200

CVE

CVE-2002-2112

TITLE

RCA Digital Cable Modem public SNMP Management vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-531

DESCRIPTION

RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must conform to the Data-over-Cable Service Interface Specifications DOCSIS standard, uses the "public" community string for SNMP access, which allows remote attackers to read or write MIB information. The RCA Digital Cable Modem provides a bridge between a computer and cable internet access. SNMP access is granted to the public community. Remote users may connect, view, and modify modem configuration data through the SNMP interface listening on the 10.0.0.0/8 address space

Trust: 1.26

sources: NVD: CVE-2002-2112 // BID: 4377 // VULHUB: VHN-6495

AFFECTED PRODUCTS

vendor:	rca	model:	digital cable modem	scope:	eq	version:	dcm225	Trust: 1.6
vendor:	rca	model:	digital cable modem	scope:	eq	version:	dcm225e	Trust: 1.6
vendor:	rca	model:	digital cable modem dcm225e	scope:	-	version:	-	Trust: 0.3
vendor:	rca	model:	digital cable modem dcm225	scope:	-	version:	-	Trust: 0.3

sources: BID: 4377 // CNNVD: CNNVD-200212-531 // NVD: CVE-2002-2112

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-2112
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200212-531
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-6495
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2002-2112
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6495
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6495 // CNNVD: CNNVD-200212-531 // NVD: CVE-2002-2112

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-2112

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-531

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200212-531

EXTERNAL IDS

db:	BID	id:	4377	Trust: 2.0
db:	NVD	id:	CVE-2002-2112	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-531	Trust: 0.7
db:	BUGTRAQ	id:	20020327 RE: RCA CABLE MODEM DENY OF SERVICE	Trust: 0.6
db:	BUGTRAQ	id:	20020327 RCA CABLE MODEM DENY OF SERVICE	Trust: 0.6
db:	XF	id:	8662	Trust: 0.6
db:	VULHUB	id:	VHN-6495	Trust: 0.1

sources: VULHUB: VHN-6495 // BID: 4377 // CNNVD: CNNVD-200212-531 // NVD: CVE-2002-2112

REFERENCES

url:	http://www.securityfocus.com/bid/4377	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-03/0335.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2002-03/0336.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/8662.php	Trust: 1.7
url:	http://www.rca.com/product/viewmodellist/browseproduct/0,2589,ci700094,00.html?	Trust: 0.3

sources: VULHUB: VHN-6495 // BID: 4377 // CNNVD: CNNVD-200212-531 // NVD: CVE-2002-2112

CREDITS

Discovered by Gabriel A. Maggiotti <gmaggiot@ciudad.com.ar>.

Trust: 0.9

sources: BID: 4377 // CNNVD: CNNVD-200212-531

SOURCES

db:	VULHUB	id:	VHN-6495
db:	BID	id:	4377
db:	CNNVD	id:	CNNVD-200212-531
db:	NVD	id:	CVE-2002-2112

LAST UPDATE DATE

2025-04-03T22:19:26.026000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6495	date:	2008-09-05T00:00:00
db:	BID	id:	4377	date:	2002-03-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-531	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-2112	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6495	date:	2002-12-31T00:00:00
db:	BID	id:	4377	date:	2002-03-27T00:00:00
db:	CNNVD	id:	CNNVD-200212-531	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-2112	date:	2002-12-31T05:00:00