Sign-up

ID

VAR-200412-0994


CVE

CVE-2004-1540


TITLE

ZyXEL Prestige 650 HW Remote management vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200412-1130

DESCRIPTION

ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. ZyXEL Prestige router series is reported prone to an access validation vulnerability. A remote attacker may exploit this vulnerability to reset the configuration of the router

Trust: 1.17

sources: NVD: CVE-2004-1540 // BID: 11723

AFFECTED PRODUCTS

vendor:zyxelmodel:zynosscope:eqversion:3.40

Trust: 1.9

vendor:zyxelmodel:prestigescope:eqversion:650r

Trust: 1.6

vendor:zyxelmodel:prestigescope:eqversion:650h

Trust: 1.6

vendor:zyxelmodel:prestigescope:eqversion:650hw_31

Trust: 1.6

vendor:zyxelmodel:prestigescope:eqversion:650hw

Trust: 1.6

vendor:zyxelmodel:zynosscope:eqversion:is.3

Trust: 1.6

vendor:zyxelmodel:prestigescope:eqversion:645r_a1

Trust: 1.6

vendor:zyxelmodel:zynosscope:eqversion:is.5

Trust: 1.6

vendor:zyxelmodel:zynos v3.40scope: - version: -

Trust: 0.3

vendor:zyxelmodel:zynos is.5scope: - version: -

Trust: 0.3

vendor:zyxelmodel:zynos is.3scope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 650rscope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 650hw-31scope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 650hwscope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 650hscope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 645r-a1scope: - version: -

Trust: 0.3

vendor:zyxelmodel:prestige 782rscope:neversion: -

Trust: 0.3

sources: BID: 11723 // NVD: CVE-2004-1540 // CNNVD: CNNVD-200412-1130

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2004-1540
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200412-1130
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

sources: NVD: CVE-2004-1540 // CNNVD: CNNVD-200412-1130

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1540

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200412-1130

TYPE

access verification error

Trust: 0.6

sources: CNNVD: CNNVD-200412-1130

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2004-1540

EXTERNAL IDS
db:BIDid:11723
Trust: 1.9
db:SECUNIAid:13278
Trust: 1.6
db:SECTRACKid:1012298
Trust: 1.6
db:OSVDBid:12108
Trust: 1.6
db:NVDid:CVE-2004-1540
Trust: 1.6
db:XFid:18202
Trust: 0.6
db:BUGTRAQid:20041124 RE: ROUTER ZYXEL PRESTIGE 650 HW HTTP REMOTE ADMIN.
Trust: 0.6
db:BUGTRAQid:20041121 ROUTER ZYXEL PRESTIGE 650 HW HTTP REMOTE ADMIN.
Trust: 0.6
db:NSFOCUSid:7147
Trust: 0.6
db:CNNVDid:CNNVD-200412-1130
Trust: 0.6
sources:
            
            
            BID: 11723 // 
            
            
            
            NVD: CVE-2004-1540 // 
            
            
            
            CNNVD: CNNVD-200412-1130

REFERENCES
url:http://secunia.com/advisories/13278
Trust: 1.6
url:http://securitytracker.com/id?1012298
Trust: 1.6
url:http://www.osvdb.org/12108
Trust: 1.6
url:http://www.securityfocus.com/bid/11723
Trust: 1.6
url:http://marc.info/?l=bugtraq&m=110116413414615&w=2
Trust: 1.0
url:http://marc.info/?l=bugtraq&m=110135136811344&w=2
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/18202
Trust: 1.0
url:http://xforce.iss.net/xforce/xfdb/18202
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=110135136811344&w=2
Trust: 0.6
url:http://marc.theaimsgroup.com/?l=bugtraq&m=110116413414615&w=2
Trust: 0.6
url:http://www.nsfocus.net/vulndb/7147
Trust: 0.6
url:http://www.zyxel.com/
Trust: 0.3
url:/archive/1/382231
Trust: 0.3
url:/archive/1/381835
Trust: 0.3
sources:
            
            
            BID: 11723 // 
            
            
            
            NVD: CVE-2004-1540 // 
            
            
            
            CNNVD: CNNVD-200412-1130

CREDITS
Francisco Jos?Canela※ darkydelphi@gmail.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200412-1130

SOURCES
db:BIDid:11723
db:NVDid:CVE-2004-1540
db:CNNVDid:CNNVD-200412-1130

LAST UPDATE DATE
2023-12-18T13:45:27.478000+00:00

SOURCES UPDATE DATE
db:BIDid:11723date:2004-11-22T00:00:00
db:NVDid:CVE-2004-1540date:2017-07-11T01:31:07.340
db:CNNVDid:CNNVD-200412-1130date:2005-10-20T00:00:00

SOURCES RELEASE DATE
db:BIDid:11723date:2004-11-22T00:00:00
db:NVDid:CVE-2004-1540date:2004-12-31T05:00:00
db:CNNVDid:CNNVD-200412-1130date:2004-11-22T00:00:00