Sign-up

ID

VAR-200811-0218


CVE

CVE-2008-5041


TITLE

Sweex RO002 Router Vulnerabilities that gain access

Trust: 0.8

sources: JVNDB: JVNDB-2008-006438

DESCRIPTION

Sweex RO002 Router with firmware Ts03-072 has "rdc123" as its default password for the "rdc123" account, which makes it easier for remote attackers to obtain access. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Successful exploitation will allow attackers to gain access to the router's web configuration interface. RO002 Router with firmware Ts03-072 is vulnerable; other versions may be affected as well. Sweex RO002 is a broadband router mainly used in Europe. ---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: Sweex RO002 Router Undocumented Account Security Issue SECUNIA ADVISORY ID: SA32623 VERIFY ADVISORY: http://secunia.com/advisories/32623/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: >From local network OPERATING SYSTEM: Sweex RO002 Router http://secunia.com/advisories/product/20462/ DESCRIPTION: Rob Stout has reported a security issue in the Sweex RO002 Router, which can be exploited by malicious people to bypass certain security restrictions. modify the configuration. The security issue is reported in firmware version Ts03-072. Reportedly, the vendor is working on a fix. PROVIDED AND/OR DISCOVERED BY: Rob Stout ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-5041 // JVNDB: JVNDB-2008-006438 // BID: 32249 // VULHUB: VHN-35166 // PACKETSTORM: 71844

AFFECTED PRODUCTS

vendor:sweexmodel:ro002 routerscope:eqversion:ts03-072

Trust: 2.4

vendor:sweexmodel:ro002 router ts03-072scope: - version: -

Trust: 0.3

sources: BID: 32249 // JVNDB: JVNDB-2008-006438 // CNNVD: CNNVD-200811-183 // NVD: CVE-2008-5041

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-5041
value: HIGH

Trust: 1.0

NVD: CVE-2008-5041
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200811-183
value: HIGH

Trust: 0.6

VULHUB: VHN-35166
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-5041
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-35166
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-35166 // JVNDB: JVNDB-2008-006438 // CNNVD: CNNVD-200811-183 // NVD: CVE-2008-5041

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.9

sources: VULHUB: VHN-35166 // JVNDB: JVNDB-2008-006438 // NVD: CVE-2008-5041

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200811-183

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-200811-183

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-006438

PATCH
title:Top Pageurl:http://www.sweex.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-006438

EXTERNAL IDS
db:NVDid:CVE-2008-5041
Trust: 2.8
db:BIDid:32249
Trust: 2.0
db:SECUNIAid:32623
Trust: 1.8
db:OSVDBid:49865
Trust: 1.1
db:JVNDBid:JVNDB-2008-006438
Trust: 0.8
db:XFid:46517
Trust: 0.6
db:XFid:002
Trust: 0.6
db:CNNVDid:CNNVD-200811-183
Trust: 0.6
db:VULHUBid:VHN-35166
Trust: 0.1
db:PACKETSTORMid:71844
Trust: 0.1
sources:
            
            
            VULHUB: VHN-35166 // 
            
            
            
            BID: 32249 // 
            
            
            
            JVNDB: JVNDB-2008-006438 // 
            
            
            
            PACKETSTORM: 71844 // 
            
            
            
            CNNVD: CNNVD-200811-183 // 
            
            
            
            NVD: CVE-2008-5041

REFERENCES
url:http://www.securityfocus.com/bid/32249
Trust: 1.7
url:http://secunia.com/advisories/32623
Trust: 1.7
url:http://osvdb.org/49865
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/46517
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-5041
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-5041
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/46517
Trust: 0.6
url:http://www.sweex.com/producten.php?sectie=&subsectie=&item=80&artikel=858&detail=h
Trust: 0.3
url:http://secunia.com/advisories/product/20462/
Trust: 0.1
url:http://secunia.com/advisories/32623/
Trust: 0.1
url:http://secunia.com/binary_analysis/sample_analysis/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-35166 // 
            
            
            
            BID: 32249 // 
            
            
            
            JVNDB: JVNDB-2008-006438 // 
            
            
            
            PACKETSTORM: 71844 // 
            
            
            
            CNNVD: CNNVD-200811-183 // 
            
            
            
            NVD: CVE-2008-5041

CREDITS
Rob Stout
Trust: 0.9
sources:
            
            
            BID: 32249 // 
            
            
            
            CNNVD: CNNVD-200811-183

SOURCES
db:VULHUBid:VHN-35166
db:BIDid:32249
db:JVNDBid:JVNDB-2008-006438
db:PACKETSTORMid:71844
db:CNNVDid:CNNVD-200811-183
db:NVDid:CVE-2008-5041

LAST UPDATE DATE
2025-04-10T23:20:49.414000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-35166date:2017-08-08T00:00:00
db:BIDid:32249date:2015-04-16T17:51:00
db:JVNDBid:JVNDB-2008-006438date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200811-183date:2008-11-13T00:00:00
db:NVDid:CVE-2008-5041date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-35166date:2008-11-12T00:00:00
db:BIDid:32249date:2008-11-11T00:00:00
db:JVNDBid:JVNDB-2008-006438date:2012-12-20T00:00:00
db:PACKETSTORMid:71844date:2008-11-12T22:55:13
db:CNNVDid:CNNVD-200811-183date:2008-11-12T00:00:00
db:NVDid:CVE-2008-5041date:2008-11-12T21:11:06.867