Details of VAR-201208-0813

ID

VAR-201208-0813

TITLE

ALPHA Networks ADSL Wireless Router 'returnJSON.htm'Administrator Password Disclosure Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2012-4355

DESCRIPTION

ALPHA Networks ADSL Wireless Router is an ADSL wireless router. ALPHA Networks ADSL wireless routers have a management WEB panel that configures the device. The /APIS/ directory of the WEB server allows the attacker to access sensitive information without having to authenticate, and access the returnJSON.htm script to obtain administrator password information. Attackers can exploit this issue to gain access to the administrator's password. Successfully exploiting this issue may lead to other attacks

Trust: 0.81

sources: CNVD: CNVD-2012-4355 // BID: 55092

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2012-4355

AFFECTED PRODUCTS

vendor:	alpha	model:	networks adsl wireless router asl-26555	scope:	-	version:	-	Trust: 0.6
vendor:	alpha	model:	networks adsl2/2+ wireless router	scope:	eq	version:	0	Trust: 0.3

sources: CNVD: CNVD-2012-4355 // BID: 55092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201210-668

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201210-668

EXTERNAL IDS

db:	BID	id:	55092	Trust: 1.5
db:	PACKETSTORM	id:	115663	Trust: 0.6
db:	CNVD	id:	CNVD-2012-4355	Trust: 0.6
db:	CNNVD	id:	CNNVD-201210-668	Trust: 0.6

sources: CNVD: CNVD-2012-4355 // BID: 55092 // CNNVD: CNNVD-201210-668

REFERENCES

url:	http://packetstormsecurity.org/files/115663/alpha-networks-adsl2-2-wireless-router-asl-26555-password-disclosure.html	Trust: 0.6
url:	http://www.securityfocus.com/bid/55092	Trust: 0.6
url:	http://www.alphanetworks.com	Trust: 0.3

sources: CNVD: CNVD-2012-4355 // BID: 55092 // CNNVD: CNNVD-201210-668

CREDITS

Alberto Ortega

Trust: 0.9

sources: BID: 55092 // CNNVD: CNNVD-201210-668

SOURCES

db:	CNVD	id:	CNVD-2012-4355
db:	BID	id:	55092
db:	CNNVD	id:	CNNVD-201210-668

LAST UPDATE DATE

2022-05-17T02:03:25.512000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-4355	date:	2012-08-22T00:00:00
db:	BID	id:	55092	date:	2012-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201210-668	date:	2012-10-29T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-4355	date:	2012-08-22T00:00:00
db:	BID	id:	55092	date:	2012-08-17T00:00:00
db:	CNNVD	id:	CNNVD-201210-668	date:	2012-08-17T00:00:00