Details of VAR-201409-0173

ID

VAR-201409-0173

CVE

CVE-2014-4862

TITLE

Arris Touchstone cable modem information leakage vulnerabiliity

Trust: 0.8

sources: CERT/CC: VU#855836

DESCRIPTION

The Netmaster CBW700N cable modem with software 81.447.392110.729.024 has an SNMP community of public, which allows remote attackers to obtain sensitive credential, key, and SSID information via an SNMP request. Netmaster Cable modem provided by CBW700N Contains an information disclosure vulnerability. Netmaster Cable modem provided by CBW700N Is the default setting SNMP Is enabled. CBW700N Is known SNMP Uses community name, username, password and WiFi There is a vulnerability that leaks information such as keys (CWE-200) . CWE-200: Information Exposure http://cwe.mitre.org/data/definitions/200.htmlUser name, password and password set on the device by a remote third party WiFi You may be able to obtain sensitive information such as keys. Arris Touchstone DG950A 7.10.131 is vulnerable. Netmaster CBW700N is prone to an information-disclosure vulnerability. This may aid in further attacks. Netmaster CBW700N running firmware version 81.447.392110.729.024 is vulnerable

Trust: 4.14

sources: NVD: CVE-2014-4862 // CERT/CC: VU#855836 // CERT/CC: VU#259548 // JVNDB: JVNDB-2014-004044 // CNVD: CNVD-2014-05345 // BID: 69631 // BID: 69630

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-05345

AFFECTED PRODUCTS

vendor:	netmaster	model:	cbw700 software	scope:	eq	version:	81.447.392110.729.024	Trust: 1.6
vendor:	netmaster	model:	cbw700n	scope:	eq	version:	-	Trust: 1.0
vendor:	arris	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netmaster	model:	-	scope:	-	version:	-	Trust: 0.8
vendor:	netmaster	model:	cable modem cbw700n	scope:	-	version:	-	Trust: 0.8
vendor:	netmaster	model:	cable modem cbw700n software	scope:	eq	version:	version 81.447.392110.729.024	Trust: 0.8
vendor:	netmaster	model:	netmaster	scope:	eq	version:	1.0	Trust: 0.6
vendor:	arris	model:	group touchstone dg950a	scope:	eq	version:	7.10.131	Trust: 0.3
vendor:	netmaster	model:	cbw700n	scope:	eq	version:	81.447.392110.729.02	Trust: 0.3

sources: CERT/CC: VU#855836 // CERT/CC: VU#259548 // CNVD: CNVD-2014-05345 // BID: 69631 // BID: 69630 // JVNDB: JVNDB-2014-004044 // CNNVD: CNNVD-201409-055 // NVD: CVE-2014-4862

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-4862
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-4863
value:	MEDIUM
Trust: 0.8
NVD:	CVE-2014-4862
value:	MEDIUM
Trust: 0.8
IPA:	JVNDB-2014-004044
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-05345
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201409-055
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-4862
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
NVD:	CVE-2014-4863
severity:	MEDIUM
baseScore:	5.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
NVD:	CVE-2014-4862
severity:	MEDIUM
baseScore:	5.0
vectorString:	NONE
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
IPA:	JVNDB-2014-004044
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2014-05345
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CERT/CC: VU#855836 // CERT/CC: VU#259548 // CNVD: CNVD-2014-05345 // JVNDB: JVNDB-2014-004044 // CNNVD: CNNVD-201409-055 // NVD: CVE-2014-4862

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2014-004044 // NVD: CVE-2014-4862

THREAT TYPE

network

Trust: 0.6

sources: BID: 69631 // BID: 69630

TYPE

Design Error

Trust: 0.6

sources: BID: 69631 // BID: 69630

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004044

EXPLOIT AVAILABILITY

sources: CERT/CC: VU#855836 // CERT/CC: VU#259548

PATCH

title:

Netmaster CBW-700V

url:

http://www.netmaster.com.tr/urun/6

Trust: 0.8

sources: JVNDB: JVNDB-2014-004044

EXTERNAL IDS

db:	NVD	id:	CVE-2014-4862	Trust: 5.2
db:	CERT/CC	id:	VU#259548	Trust: 3.8
db:	CERT/CC	id:	VU#855836	Trust: 0.8
db:	JVN	id:	JVNVU90686659	Trust: 0.8
db:	JVNDB	id:	JVNDB-2014-004044	Trust: 0.8
db:	OSVDB	id:	110554	Trust: 0.6
db:	CNVD	id:	CNVD-2014-05345	Trust: 0.6
db:	CNNVD	id:	CNNVD-201409-055	Trust: 0.6
db:	BID	id:	69631	Trust: 0.3
db:	BID	id:	69630	Trust: 0.3

REFERENCES

url:	https://community.rapid7.com/community/metasploit/blog/2014/08/21/more-snmp-information-leaks-cve-2014-4862-and-cve-2014-4863	Trust: 4.6
url:	http://www.kb.cert.org/vuls/id/259548	Trust: 3.0
url:	http://cwe.mitre.org/data/definitions/200.html	Trust: 1.6
url:	http://moto.arrisi.com/support/documentation/user_guides/_docs/dg950_user_guide_std1-4.pdf	Trust: 0.8
url:	http://www.netmaster.com.tr/urun/6	Trust: 0.8
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-4862	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90686659/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-4862	Trust: 0.8
url:	http://www.osvdb.com/show/osvdb/110554	Trust: 0.6
url:	http://www.arrisi.com/products/product.asp?id=50	Trust: 0.3
url:	http://www.netmaster.com.tr/	Trust: 0.3

CREDITS

Deral Heiland and Matthew Kienow.

Trust: 0.3

sources: BID: 69631

SOURCES

db:	CERT/CC	id:	VU#855836
db:	CERT/CC	id:	VU#259548
db:	CNVD	id:	CNVD-2014-05345
db:	BID	id:	69631
db:	BID	id:	69630
db:	JVNDB	id:	JVNDB-2014-004044
db:	CNNVD	id:	CNNVD-201409-055
db:	NVD	id:	CVE-2014-4862

LAST UPDATE DATE

2025-04-13T23:35:14.412000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#855836	date:	2014-09-04T00:00:00
db:	CERT/CC	id:	VU#259548	date:	2014-09-04T00:00:00
db:	CNVD	id:	CNVD-2014-05345	date:	2014-09-01T00:00:00
db:	BID	id:	69631	date:	2014-08-21T00:00:00
db:	BID	id:	69630	date:	2014-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-004044	date:	2014-09-09T00:00:00
db:	CNNVD	id:	CNNVD-201409-055	date:	2014-09-10T00:00:00
db:	NVD	id:	CVE-2014-4862	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#855836	date:	2014-09-04T00:00:00
db:	CERT/CC	id:	VU#259548	date:	2014-09-04T00:00:00
db:	CNVD	id:	CNVD-2014-05345	date:	2014-09-01T00:00:00
db:	BID	id:	69631	date:	2014-08-21T00:00:00
db:	BID	id:	69630	date:	2014-08-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-004044	date:	2014-09-08T00:00:00
db:	CNNVD	id:	CNNVD-201409-055	date:	2014-09-10T00:00:00
db:	NVD	id:	CVE-2014-4862	date:	2014-09-05T17:55:06.907