Details of VAR-200404-0089

ID

VAR-200404-0089

CVE

CVE-2004-1921

TITLE

X-Micro WLAN 11b Broadband Router Backdoor Management Account Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200404-009

DESCRIPTION

X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. It has been reported that the firmware shipped with the X-Micro 11b Broadband Router has built-in an administrative account that cannot be disabled. The account, username and password "super", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. According to the author of the report, the built-in administration webserver listens on both internal and external interfaces. Attackers may authenticate with the "super" account from outside of the LAN and gain control of the device through this web interface. Once authenticated, it is possible for attackers to install new firmware on the device. The account, username and password "1502", appears to be a backdoor and may provide remote attackers possessing knowledge of the account with complete control over the device. X-Micro WLAN 11b is a wireless broadband router. There is a \"super\" account in the firmware, and its password is also \"super\". The remote can use this account to access the port monitored by the management WEB service and control the entire router

Trust: 1.26

sources: NVD: CVE-2004-1921 // BID: 10095 // VULHUB: VHN-10350

AFFECTED PRODUCTS

vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.6.0.1	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.6.0	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2.4	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2.3	Trust: 1.9
vendor:	x micro	model:	wlan 11b broadband router	scope:	eq	version:	1.2.2	Trust: 1.9

sources: BID: 10095 // CNNVD: CNNVD-200404-009 // NVD: CVE-2004-1921

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1921
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200404-009
value:	HIGH
Trust: 0.6
VULHUB:	VHN-10350
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2004-1921
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10350
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10350 // CNNVD: CNNVD-200404-009 // NVD: CVE-2004-1921

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1921

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200404-009

TYPE

Design Error

Trust: 0.9

sources: BID: 10095 // CNNVD: CNNVD-200404-009

EXTERNAL IDS

db:	BID	id:	10095	Trust: 2.0
db:	NVD	id:	CVE-2004-1921	Trust: 1.7
db:	SECUNIA	id:	11342	Trust: 1.7
db:	CNNVD	id:	CNNVD-200404-009	Trust: 0.7
db:	XF	id:	15890	Trust: 0.6
db:	BUGTRAQ	id:	20040416 RE: BACKDOOR IN X-MICRO WLAN 11B BROADBAND ROUTER	Trust: 0.6
db:	BUGTRAQ	id:	20040416 NEW BACKDOOR IN X-MICRO WLAN 11B BROADBAND ROUTER	Trust: 0.6
db:	VULHUB	id:	VHN-10350	Trust: 0.1

sources: VULHUB: VHN-10350 // BID: 10095 // CNNVD: CNNVD-200404-009 // NVD: CVE-2004-1921

REFERENCES

url:	http://www.securityfocus.com/bid/10095	Trust: 1.7
url:	http://secunia.com/advisories/11342	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/15890	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=108213608111111&w=2	Trust: 1.0
url:	http://marc.info/?l=bugtraq&m=108223222519855&w=2	Trust: 1.0
url:	http://xforce.iss.net/xforce/xfdb/15890	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108223222519855&w=2	Trust: 0.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108213608111111&w=2	Trust: 0.6
url:	http://xmicro.risko.hu/	Trust: 0.3
url:	http://www.x-micro.com/wlan-router.htm	Trust: 0.3
url:	/archive/1/360049	Trust: 0.3
url:	/archive/1/360538	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108223222519855&w=2	Trust: 0.1
url:	http://marc.info/?l=bugtraq&m=108213608111111&w=2	Trust: 0.1

sources: VULHUB: VHN-10350 // BID: 10095 // CNNVD: CNNVD-200404-009 // NVD: CVE-2004-1921

CREDITS

Gergely Risko※ xmicro@risko.hu

Trust: 0.6

sources: CNNVD: CNNVD-200404-009

SOURCES

db:	VULHUB	id:	VHN-10350
db:	BID	id:	10095
db:	CNNVD	id:	CNNVD-200404-009
db:	NVD	id:	CVE-2004-1921

LAST UPDATE DATE

2025-04-03T22:27:19.262000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10350	date:	2017-07-11T00:00:00
db:	BID	id:	10095	date:	2004-04-10T00:00:00
db:	CNNVD	id:	CNNVD-200404-009	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1921	date:	2025-04-03T01:03:51.193

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10350	date:	2004-04-10T00:00:00
db:	BID	id:	10095	date:	2004-04-10T00:00:00
db:	CNNVD	id:	CNNVD-200404-009	date:	2004-04-10T00:00:00
db:	NVD	id:	CVE-2004-1921	date:	2004-04-10T04:00:00