Sign-up

ID

VAR-200708-0021


CVE

CVE-2007-4319


TITLE

Zyxel Zywall 2 Run on device ZyNOS Service disruption in the management interface (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2007-005960

DESCRIPTION

The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to cause a denial of service (infinite reboot loop) via invalid configuration data. NOTE: this issue might not cross privilege boundaries, and it might be resultant from CSRF; if so, then it should not be included in CVE. ZyXEL ZyWALL 2 is prone to multiple remote vulnerabilities that affect the management interface. An attacker can exploit these issues to carry out cross-site request forgery, HTML-injection, and denial-of-service attacks. ZyWALL 2 running with firmware V3.62(WK.6) is reported vulnerable to this issue

Trust: 1.89

sources: NVD: CVE-2007-4319 // JVNDB: JVNDB-2007-005960 // BID: 25262

AFFECTED PRODUCTS

vendor:zyxelmodel:zynosscope:eqversion:3.62

Trust: 1.6

vendor:zyxelmodel:zywall 2scope: - version: -

Trust: 1.4

vendor:zyxelmodel:zywall 2scope:eqversion:*

Trust: 1.0

vendor:zyxelmodel:zynosscope:eqversion:3.62(wk.6)

Trust: 0.8

vendor:zyxelmodel:zywallscope:eqversion:23.62

Trust: 0.3

sources: BID: 25262 // JVNDB: JVNDB-2007-005960 // NVD: CVE-2007-4319 // CNNVD: CNNVD-200708-183

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2007-4319
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-200708-183
value: MEDIUM

Trust: 0.6

NVD:
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: FALSE
obtainAllPrivilege: FALSE
obtainUserPrivilege: FALSE
obtainOtherPrivilege: FALSE
userInteractionRequired: FALSE
version: 2.0

Trust: 1.0

NVD: CVE-2007-4319
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2007-005960 // NVD: CVE-2007-4319 // CNNVD: CNNVD-200708-183

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-4319

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200708-183

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200708-183

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2007-4319

PATCH
title:Top Pageurl:http://www.zyxel.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-005960

EXTERNAL IDS
db:NVDid:CVE-2007-4319
Trust: 2.7
db:BIDid:25262
Trust: 1.9
db:SREASONid:3002
Trust: 1.6
db:OSVDBid:42448
Trust: 1.6
db:JVNDBid:JVNDB-2007-005960
Trust: 0.8
db:BUGTRAQid:20070810 ZYXEL ZYWALL 2 MULTIPLE VULNERABILITIES
Trust: 0.6
db:XFid:35941
Trust: 0.6
db:CNNVDid:CNNVD-200708-183
Trust: 0.6
sources:
            
            
            BID: 25262 // 
            
            
            
            JVNDB: JVNDB-2007-005960 // 
            
            
            
            NVD: CVE-2007-4319 // 
            
            
            
            CNNVD: CNNVD-200708-183

REFERENCES
url:http://www.louhi.fi/advisory/zyxel_070810.txt
Trust: 1.9
url:http://osvdb.org/42448
Trust: 1.6
url:http://securityreason.com/securityalert/3002
Trust: 1.6
url:http://www.securityfocus.com/bid/25262
Trust: 1.6
url:http://www.securityfocus.com/archive/1/476031/100/0/threaded
Trust: 1.0
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/35941
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-4319
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-4319
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/476031/100/0/threaded
Trust: 0.6
url:http://xforce.iss.net/xforce/xfdb/35941
Trust: 0.6
url:http://us.zyxel.com/products/model.php?indexcate=1044940679&indexcate1=1123007871&indexflagvalue=1021873683
Trust: 0.3
sources:
            
            
            BID: 25262 // 
            
            
            
            JVNDB: JVNDB-2007-005960 // 
            
            
            
            NVD: CVE-2007-4319 // 
            
            
            
            CNNVD: CNNVD-200708-183

CREDITS
Henri Lindberg discovered these issues.
Trust: 0.9
sources:
            
            
            BID: 25262 // 
            
            
            
            CNNVD: CNNVD-200708-183

SOURCES
db:BIDid:25262
db:JVNDBid:JVNDB-2007-005960
db:NVDid:CVE-2007-4319
db:CNNVDid:CNNVD-200708-183

LAST UPDATE DATE
2023-12-18T12:32:15.227000+00:00

SOURCES UPDATE DATE
db:BIDid:25262date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2007-005960date:2012-12-20T00:00:00
db:NVDid:CVE-2007-4319date:2018-10-15T21:34:28.887
db:CNNVDid:CNNVD-200708-183date:2007-08-14T00:00:00

SOURCES RELEASE DATE
db:BIDid:25262date:2007-08-10T00:00:00
db:JVNDBid:JVNDB-2007-005960date:2012-12-20T00:00:00
db:NVDid:CVE-2007-4319date:2007-08-13T21:17:00
db:CNNVDid:CNNVD-200708-183date:2007-08-13T00:00:00