ID
VAR-201106-0317
TITLE
MODACOM URoad-5000 Security Bypass Vulnerability
Trust: 0.6
DESCRIPTION
The MODACOM URoad-5000 is a portable WiMAX/WiFi router. The MODACOM URoad-5000 device uses the modified RaLink SDK version to access standard web interfaces via HTTP. The WEB management interface can be accessed by admin:admin via a standard username/password, which can be changed later. But there is another engineer:engineer pair can also be changed by the WEB interface. MODACOM URoad-5000 is prone to a security-bypass vulnerability and a remote command-execution vulnerability. An attacker can exploit these issues to bypass certain security restrictions and execute arbitrary commands on the affected device. MODACOM URoad-5000 firmware version 1450 is vulnerable; other versions may also be affected
Trust: 1.35
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 1.2 |
AFFECTED PRODUCTS
| vendor: | modacom | model: | uroad-5000 | scope: | eq | version: | 1450 | Trust: 1.5 |
THREAT TYPE
local
Trust: 0.3
TYPE
Design Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 48089 | Trust: 1.5 |
| db: | EXPLOIT-DB | id: | 17356 | Trust: 1.2 |
| db: | CNVD | id: | CNVD-2011-2089 | Trust: 0.6 |
| db: | CNVD | id: | CNVD-2011-2091 | Trust: 0.6 |
REFERENCES
| url: | http://www.exploit-db.com/exploits/17356/ | Trust: 1.2 |
| url: | http://www.modacom.co.kr | Trust: 0.3 |
CREDITS
Alex Stanev
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2011-2089 |
| db: | CNVD | id: | CNVD-2011-2091 |
| db: | BID | id: | 48089 |
LAST UPDATE DATE
2022-05-17T01:46:44.578000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2011-2089 | date: | 2011-06-03T00:00:00 |
| db: | CNVD | id: | CNVD-2011-2091 | date: | 2011-06-03T00:00:00 |
| db: | BID | id: | 48089 | date: | 2011-06-02T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2011-2089 | date: | 2011-06-03T00:00:00 |
| db: | CNVD | id: | CNVD-2011-2091 | date: | 2011-06-03T00:00:00 |
| db: | BID | id: | 48089 | date: | 2011-06-02T00:00:00 |