Details of VAR-200404-0088

ID

VAR-200404-0088

CVE

CVE-2004-1920

TITLE

X-Micro WLAN 11b Broadband Router Backdoor Management Account Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-010

DESCRIPTION

X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. X-Micro WLAN 11b is a wireless broadband router. There is a \"super\" account in the firmware, and its password is also \"super\". The remote can use this account to access the port monitored by the management WEB service and control the entire router

Trust: 1.26

sources: NVD: CVE-2004-1920 // BID: 10095 // VULHUB: VHN-10349

AFFECTED PRODUCTS

vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.6.0.1	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.6.0	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2.4	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2.3	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2	Trust: 1.9

sources: BID: 10095 // CNNVD: CNNVD-200404-010 // NVD: CVE-2004-1920

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1920
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200404-010
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10349
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1920
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10349
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10349 // CNNVD: CNNVD-200404-010 // NVD: CVE-2004-1920

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1920

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-010

TYPE

Design Error

Trust: 0.9

sources: BID: 10095 // CNNVD: CNNVD-200404-010

EXTERNAL IDS

db:	BID	id:	10095	Trust: 2.0
db:	NVD	id:	CVE-2004-1920	Trust: 1.7
db:	SECUNIA	id:	11342	Trust: 1.7
db:	CNNVD	id:	CNNVD-200404-010	Trust: 0.7
db:	XF	id:	15829	Trust: 0.6
db:	BUGTRAQ	id:	20040410 BACKDOOR IN X-MICRO WLAN 11B BROADBAND ROUTER	Trust: 0.6
db:	VULHUB	id:	VHN-10349	Trust: 0.1

sources: VULHUB: VHN-10349 // BID: 10095 // CNNVD: CNNVD-200404-010 // NVD: CVE-2004-1920

REFERENCES

url:	http://www.securityfocus.com/bid/10095	Trust: 1.7
url:	http://secunia.com/advisories/11342	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15829	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108162529229947&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108162529229947&w=2	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/15829	Trust: 0.6
url:	http://xmicro.risko.hu/	Trust: 0.3
url:	http://www.x-micro.com/wlan-router.htm	Trust: 0.3
url:	/archive/1/360049	Trust: 0.3
url:	/archive/1/360538	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108162529229947&w=2	Trust: 0.1

sources: VULHUB: VHN-10349 // BID: 10095 // CNNVD: CNNVD-200404-010 // NVD: CVE-2004-1920

CREDITS

Gergely Risko※ xmicro@risko.hu

Trust: 0.6

sources: CNNVD: CNNVD-200404-010

SOURCES

db:	VULHUB	id:	VHN-10349
db:	BID	id:	10095
db:	CNNVD	id:	CNNVD-200404-010
db:	NVD	id:	CVE-2004-1920

LAST UPDATE DATE

2025-04-03T22:27:19.236000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10349	date:	2017-07-11T00:00:00
db:	BID	id:	10095	date:	2004-04-10T00:00:00
db:	CNNVD	id:	CNNVD-200404-010	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1920	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10349	date:	2004-04-10T00:00:00
db:	BID	id:	10095	date:	2004-04-10T00:00:00
db:	CNNVD	id:	CNNVD-200404-010	date:	2004-04-10T00:00:00
db:	NVD	id:	CVE-2004-1920	date:	2004-04-10T04:00:00