Details of VAR-201209-0274

ID

VAR-201209-0274

CVE

CVE-2012-4999

TITLE

Mercury MR804 Denial of service in router (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2012-004488

DESCRIPTION

Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information. The Mercury MR804 Router is a router device. Mercury MR804 router is prone to multiple denial-of-service vulnerabilities. Remote attackers can exploit these issues to cause the device to crash, denying service to legitimate users. Mercury MR804 running version 3.8.1 Build 101220 is vulnerable. ---------------------------------------------------------------------- Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch ---------------------------------------------------------------------- TITLE: Mercury MR804 Denial of Service Vulnerability SECUNIA ADVISORY ID: SA48079 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48079/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48079 RELEASE DATE: 2012-03-07 DISCUSS ADVISORY: http://secunia.com/advisories/48079/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/48079/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=48079 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Mercury MR804, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in version 8. Other versions may also be affected. SOLUTION: Restrict access to trusted hosts only. PROVIDED AND/OR DISCOVERED BY: demonalex@163.com. OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 3.15

sources: NVD: CVE-2012-4999 // JVNDB: JVNDB-2012-004488 // CNVD: CNVD-2012-1134 // CNVD: CNVD-2012-0817 // BID: 52106 // VULHUB: VHN-58280 // PACKETSTORM: 110531

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 1.2

sources: CNVD: CNVD-2012-1134 // CNVD: CNVD-2012-0817

AFFECTED PRODUCTS

vendor:	mercurycom	model:	mr804	scope:	eq	version:	8.0	Trust: 1.8
vendor:	mercurycom	model:	mr804	scope:	eq	version:	3.8.1	Trust: 1.6
vendor:	mercury	model:	mr804	scope:	eq	version:	0	Trust: 0.9
vendor:	mercurycom	model:	mr804	scope:	eq	version:	8.0 3.8.1 build 101220 rel.53006nb	Trust: 0.8
vendor:	mercury	model:	mr804	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2012-1134 // CNVD: CNVD-2012-0817 // BID: 52106 // JVNDB: JVNDB-2012-004488 // CNNVD: CNNVD-201209-412 // NVD: CVE-2012-4999

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-4999
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-4999
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-412
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-58280
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-4999
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-58280
severity:	MEDIUM
baseScore:	6.1
vectorString:	AV:A/AC:L/AU:N/C:N/I:N/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-58280 // JVNDB: JVNDB-2012-004488 // CNNVD: CNNVD-201209-412 // NVD: CVE-2012-4999

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-58280 // JVNDB: JVNDB-2012-004488 // NVD: CVE-2012-4999

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201209-412

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201209-412

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004488

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-58280

PATCH

title:

MR804 router

url:

http://www.mercurycom.com.cn/Product/list?c=2

Trust: 0.8

sources: JVNDB: JVNDB-2012-004488

EXTERNAL IDS

db:	NVD	id:	CVE-2012-4999	Trust: 2.8
db:	BID	id:	52106	Trust: 2.6
db:	SECUNIA	id:	48079	Trust: 2.4
db:	JVNDB	id:	JVNDB-2012-004488	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-412	Trust: 0.7
db:	CNVD	id:	CNVD-2012-1134	Trust: 0.6
db:	CNVD	id:	CNVD-2012-0817	Trust: 0.6
db:	XF	id:	804	Trust: 0.6
db:	XF	id:	73383	Trust: 0.6
db:	BUGTRAQ	id:	20120221 MERCURYCOM MR804 ROUTER - MULTIPLE HTTP HEADER FIELDS DENIAL OF SERVICE VULNERABILITY	Trust: 0.6
db:	EXPLOIT-DB	id:	36868	Trust: 0.1
db:	VULHUB	id:	VHN-58280	Trust: 0.1
db:	PACKETSTORM	id:	110531	Trust: 0.1

sources: CNVD: CNVD-2012-1134 // CNVD: CNVD-2012-0817 // VULHUB: VHN-58280 // BID: 52106 // JVNDB: JVNDB-2012-004488 // PACKETSTORM: 110531 // CNNVD: CNNVD-201209-412 // NVD: CVE-2012-4999

REFERENCES

url:	http://www.securityfocus.com/bid/52106	Trust: 1.7
url:	http://archives.neohapsis.com/archives/bugtraq/2012-02/0116.html	Trust: 1.7
url:	http://secunia.com/advisories/48079	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/73383	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4999	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4999	Trust: 0.8
url:	http://secunia.com/advisories/48079/	Trust: 0.7
url:	http://www.securityfocus.com/archive/1/521731	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/73383	Trust: 0.6
url:	http://www.mercurycom.com.cn/product/list?c=2	Trust: 0.3
url:	/archive/1/521731	Trust: 0.3
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=48079	Trust: 0.1
url:	http://secunia.com/psi_30_beta_launch	Trust: 0.1
url:	http://secunia.com/vulnerability_intelligence/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/advisories/48079/#comments	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

CREDITS

demonalex

Trust: 0.3

sources: BID: 52106

SOURCES

db:	CNVD	id:	CNVD-2012-1134
db:	CNVD	id:	CNVD-2012-0817
db:	VULHUB	id:	VHN-58280
db:	BID	id:	52106
db:	JVNDB	id:	JVNDB-2012-004488
db:	PACKETSTORM	id:	110531
db:	CNNVD	id:	CNNVD-201209-412
db:	NVD	id:	CVE-2012-4999

LAST UPDATE DATE

2025-04-11T22:53:37.140000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2012-1134	date:	2012-03-09T00:00:00
db:	CNVD	id:	CNVD-2012-0817	date:	2012-02-23T00:00:00
db:	VULHUB	id:	VHN-58280	date:	2017-08-29T00:00:00
db:	BID	id:	52106	date:	2012-09-21T18:20:00
db:	JVNDB	id:	JVNDB-2012-004488	date:	2012-09-21T00:00:00
db:	CNNVD	id:	CNNVD-201209-412	date:	2012-11-02T00:00:00
db:	NVD	id:	CVE-2012-4999	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2012-1134	date:	2012-03-09T00:00:00
db:	CNVD	id:	CNVD-2012-0817	date:	2012-02-23T00:00:00
db:	VULHUB	id:	VHN-58280	date:	2012-09-19T00:00:00
db:	BID	id:	52106	date:	2012-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2012-004488	date:	2012-09-21T00:00:00
db:	PACKETSTORM	id:	110531	date:	2012-03-07T03:04:19
db:	CNNVD	id:	CNNVD-201209-412	date:	2012-09-21T00:00:00
db:	NVD	id:	CVE-2012-4999	date:	2012-09-19T19:55:08.607