Details of VAR-201409-1171

ID

VAR-201409-1171

TITLE

Multiple vulnerabilities in multiple Aztech ADSL2/2+ routers

Trust: 0.6

sources: CNVD: CNVD-2014-06155

DESCRIPTION

Aztech ADSL2/2+ Routers are ADSL router devices. Multiple Aztech ADSL2/2+ Routers products have security vulnerabilities: 1, /cgi-bin/AZ_Retrain.cgi failed to properly handle user-submitted HTTP GET requests, which can lead to link interruption. 2. The WEB interface session management privilege ID verification has a problem, allowing an attacker to reuse the session execution management command. 3. The attacker can obtain sensitive configuration information by sending a request to the cgi-bin/userromfile.cgi script to download the ROM file. 4. The router fails to properly process the user request, allowing the attacker to operate the WEB parameters, change settings, and so on. An attacker could use this vulnerability to bypass security restrictions and perform unauthorized operations on the affected device. This may aid in further attacks

Trust: 1.35

sources: CNVD: CNVD-2014-06155 // CNNVD: CNNVD-201410-1187 // BID: 69810

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-06155

AFFECTED PRODUCTS

vendor:

aztech

model:

adsl2/2+

scope:

version:

3.7.0

Trust: 0.6

sources: CNVD: CNVD-2014-06155

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2014-06155
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2014-06155
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2014-06155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-1187

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 69810

EXTERNAL IDS

db:	BID	id:	69810	Trust: 1.5
db:	CNVD	id:	CNVD-2014-06155	Trust: 0.6
db:	CNNVD	id:	CNNVD-201410-1187	Trust: 0.6

sources: CNVD: CNVD-2014-06155 // BID: 69810 // CNNVD: CNNVD-201410-1187

REFERENCES

url:	http://seclists.org/bugtraq/2014/sep/88	Trust: 0.9
url:	http://www.securityfocus.com/bid/69810	Trust: 0.6
url:	http://www.aztech.com/	Trust: 0.3

sources: CNVD: CNVD-2014-06155 // BID: 69810 // CNNVD: CNNVD-201410-1187

CREDITS

Federick Joe P Fajardo

Trust: 0.9

sources: BID: 69810 // CNNVD: CNNVD-201410-1187

SOURCES

db:	CNVD	id:	CNVD-2014-06155
db:	BID	id:	69810
db:	CNNVD	id:	CNNVD-201410-1187

LAST UPDATE DATE

2022-05-17T02:10:37.671000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-06155	date:	2014-09-28T00:00:00
db:	BID	id:	69810	date:	2014-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201410-1187	date:	2014-10-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-06155	date:	2014-09-23T00:00:00
db:	BID	id:	69810	date:	2014-09-15T00:00:00
db:	CNNVD	id:	CNNVD-201410-1187	date:	2014-09-15T00:00:00