Details of VAR-200212-0308

ID

VAR-200212-0308

CVE

CVE-2002-1877

TITLE

NetGear FM114P Prosafe URL filtering bypasses the vulnerability

Trust: 0.6

sources: CNVD: CNVD-2002-3535

DESCRIPTION

NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. FM114P is an integrated HUB, print service, wireless access point, firewall and IDS hardware solution developed by Netgear. The firewall module supports filtering of domain names. The Netgear Fm114P firewall module checks that address filtering is not sufficient. The Netgear Fm114P firewall module cannot resolve host names and domain names by default. Users can bypass the rule restrictions by entering IP instead of host names or domain names. FM114P Prosafe firewalls are a hardware solution manufactured and distributed by Netgear. It has been reported that FM114P firewalls do not sufficiently check addresses when requests are made. Because of this, it would be possible for a user behind the system to reach a restricted-access site by requesting the site on the basis of IP address

Trust: 1.8

sources: NVD: CVE-2002-1877 // CNVD: CNVD-2002-3535 // BID: 5667 // VULHUB: VHN-6260

AFFECTED PRODUCTS

vendor:	netgear	model:	fm114p	scope:	eq	version:	*	Trust: 1.0
vendor:	netgear	model:	fm114p	scope:	-	version:	-	Trust: 0.9
vendor:	none	model:	-	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2002-3535 // BID: 5667 // CNNVD: CNNVD-200212-511 // NVD: CVE-2002-1877

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1877
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200212-511
value:	HIGH
Trust: 0.6
VULHUB:	VHN-6260
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-1877
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6260
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6260 // CNNVD: CNNVD-200212-511 // NVD: CVE-2002-1877

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.1

sources: VULHUB: VHN-6260 // NVD: CVE-2002-1877

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200212-511

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200212-511

EXTERNAL IDS

db:	NVD	id:	CVE-2002-1877	Trust: 2.3
db:	BID	id:	5667	Trust: 2.0
db:	CNNVD	id:	CNNVD-200212-511	Trust: 0.7
db:	CNVD	id:	CNVD-2002-3535	Trust: 0.6
db:	NSFOCUS	id:	3475	Trust: 0.6
db:	XF	id:	114	Trust: 0.6
db:	VULHUB	id:	VHN-6260	Trust: 0.1

sources: CNVD: CNVD-2002-3535 // VULHUB: VHN-6260 // BID: 5667 // CNNVD: CNNVD-200212-511 // NVD: CVE-2002-1877

REFERENCES

url:	http://www.securityfocus.com/bid/5667	Trust: 1.7
url:	http://www.iss.net/security_center/static/10061.php	Trust: 1.7
url:	http://online.securityfocus.com/archive/1/290849	Trust: 1.1
url:	http://www.nsfocus.net/vulndb/3475	Trust: 0.6
url:	http://www.netgear.com/product_view.asp?xrp=4&yrp=12&zrp=142	Trust: 0.3

sources: VULHUB: VHN-6260 // BID: 5667 // CNNVD: CNNVD-200212-511 // NVD: CVE-2002-1877

CREDITS

Marc Ruef※ marc.ruef@computec.ch

Trust: 0.6

sources: CNNVD: CNNVD-200212-511

SOURCES

db:	CNVD	id:	CNVD-2002-3535
db:	VULHUB	id:	VHN-6260
db:	BID	id:	5667
db:	CNNVD	id:	CNNVD-200212-511
db:	NVD	id:	CVE-2002-1877

LAST UPDATE DATE

2025-04-03T22:21:55.936000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2002-3535	date:	2002-09-12T00:00:00
db:	VULHUB	id:	VHN-6260	date:	2009-10-14T00:00:00
db:	BID	id:	5667	date:	2002-09-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-511	date:	2009-10-14T00:00:00
db:	NVD	id:	CVE-2002-1877	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2002-3535	date:	2002-09-07T00:00:00
db:	VULHUB	id:	VHN-6260	date:	2002-12-31T00:00:00
db:	BID	id:	5667	date:	2002-09-07T00:00:00
db:	CNNVD	id:	CNNVD-200212-511	date:	2002-09-07T00:00:00
db:	NVD	id:	CVE-2002-1877	date:	2002-12-31T05:00:00