Details of VAR-200212-0323

ID

VAR-200212-0323

CVE

CVE-2002-1892

TITLE

NetGear FVS318 username / Password leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200212-273

DESCRIPTION

NETGEAR FVS318 running firmware 1.1 stores the username and password in a readable format when a backup of the configuration file is made, which allows local users to obtain sensitive information. A vulnerability has been reported in NetGear Firewall/VPN/Routers. When configured to backup configuration settings, the device will store various usernames and passwords in cleartext. Accessing this file could allow an attacker to obtain sensitive information which could aid the attacker in compromising the web administrative interface of the device. It should be noted that the backup option is not enabled by default, but is a common feature used by administrators. Local users get sensitive information

Trust: 1.26

sources: NVD: CVE-2002-1892 // BID: 5830 // VULHUB: VHN-6275

AFFECTED PRODUCTS

vendor:

netgear

model:

fvs318

scope:

version:

1.1

Trust: 1.9

sources: BID: 5830 // CNNVD: CNNVD-200212-273 // NVD: CVE-2002-1892

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-1892
value:	LOW
Trust: 1.0
CNNVD:	CNNVD-200212-273
value:	LOW
Trust: 0.6
VULHUB:	VHN-6275
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2002-1892
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-6275
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-6275 // CNNVD: CNNVD-200212-273 // NVD: CVE-2002-1892

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-1892

THREAT TYPE

local

Trust: 0.9

sources: BID: 5830 // CNNVD: CNNVD-200212-273

TYPE

Design Error

Trust: 0.9

sources: BID: 5830 // CNNVD: CNNVD-200212-273

EXTERNAL IDS

db:	BID	id:	5830	Trust: 2.0
db:	NVD	id:	CVE-2002-1892	Trust: 1.7
db:	CNNVD	id:	CNNVD-200212-273	Trust: 0.7
db:	XF	id:	318	Trust: 0.6
db:	BUGTRAQ	id:	20021001 NETGEAR FVS318 INFORMATION DISCLOSURE	Trust: 0.6
db:	VULNWATCH	id:	20020927 FVS318 CONFIG STORES USERNAMES/PASSWD'S IN PLAIN TEXT	Trust: 0.6
db:	VULHUB	id:	VHN-6275	Trust: 0.1

sources: VULHUB: VHN-6275 // BID: 5830 // CNNVD: CNNVD-200212-273 // NVD: CVE-2002-1892

REFERENCES

url:	http://www.securityfocus.com/bid/5830	Trust: 1.7
url:	http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00004.html	Trust: 1.7
url:	http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0133.html	Trust: 1.7
url:	http://www.iss.net/security_center/static/10216.php	Trust: 1.7

sources: VULHUB: VHN-6275 // CNNVD: CNNVD-200212-273 // NVD: CVE-2002-1892

CREDITS

Discovery credited to fab@aisec.net.

Trust: 0.9

sources: BID: 5830 // CNNVD: CNNVD-200212-273

SOURCES

db:	VULHUB	id:	VHN-6275
db:	BID	id:	5830
db:	CNNVD	id:	CNNVD-200212-273
db:	NVD	id:	CVE-2002-1892

LAST UPDATE DATE

2025-04-03T21:11:04.110000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-6275	date:	2008-09-05T00:00:00
db:	BID	id:	5830	date:	2002-09-30T00:00:00
db:	CNNVD	id:	CNNVD-200212-273	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2002-1892	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-6275	date:	2002-12-31T00:00:00
db:	BID	id:	5830	date:	2002-09-30T00:00:00
db:	CNNVD	id:	CNNVD-200212-273	date:	2002-12-31T00:00:00
db:	NVD	id:	CVE-2002-1892	date:	2002-12-31T05:00:00