Sign-up

ID

VAR-201411-0386


CVE

CVE-2014-8425


TITLE

Arris VAP2500 Remote Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2014-08532 // CNNVD: CNNVD-201411-516

DESCRIPTION

The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files. Authentication is not required to exploit this vulnerability.The specific flaw exists within the handling of access to the management portal. The issue lies in the failure to restrict access to configuration files. An attacker can leverage this vulnerability to leak credentials which can then be chained to execute code with root privileges. The Arris VAP2500 is a wireless access device from Arris, USA. An information disclosure vulnerability exists in Arris VAP2500. There is a security vulnerability in the management portal in the ARRIS VAP2500 with firmware 08.41 and earlier

Trust: 3.24

sources: NVD: CVE-2014-8425 // JVNDB: JVNDB-2014-005685 // ZDI: ZDI-14-387 // CNVD: CNVD-2014-08532 // BID: 71295 // VULHUB: VHN-76370 // VULMON: CVE-2014-8425

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2014-08532

AFFECTED PRODUCTS

vendor:arrismodel:vap2500scope:lteversion:08.41

Trust: 1.0

vendor:arris groupmodel:vap2500scope:ltversion:fw08.41

Trust: 0.8

vendor:arrismodel:vap2500scope: - version: -

Trust: 0.7

vendor:arris groupmodel:vap2500scope: - version: -

Trust: 0.6

vendor:arrismodel:vap2500scope:eqversion:08.41

Trust: 0.6

vendor:arrismodel:vap2500scope:eqversion:0

Trust: 0.3

sources: ZDI: ZDI-14-387 // CNVD: CNVD-2014-08532 // BID: 71295 // JVNDB: JVNDB-2014-005685 // CNNVD: CNNVD-201411-516 // NVD: CVE-2014-8425

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-8425
value: HIGH

Trust: 1.0

NVD: CVE-2014-8425
value: HIGH

Trust: 0.8

ZDI: CVE-2014-8425
value: HIGH

Trust: 0.7

CNVD: CNVD-2014-08532
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201411-516
value: HIGH

Trust: 0.6

VULHUB: VHN-76370
value: HIGH

Trust: 0.1

VULMON: CVE-2014-8425
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2014-8425
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 2.6

CNVD: CNVD-2014-08532
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-76370
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: ZDI: ZDI-14-387 // CNVD: CNVD-2014-08532 // VULHUB: VHN-76370 // VULMON: CVE-2014-8425 // JVNDB: JVNDB-2014-005685 // CNNVD: CNNVD-201411-516 // NVD: CVE-2014-8425

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-76370 // JVNDB: JVNDB-2014-005685 // NVD: CVE-2014-8425

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201411-516

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201411-516

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-005685

EXPLOIT AVAILABILITY
sources:
            
            
            VULHUB: VHN-76370 // 
            
            
            
            VULMON: CVE-2014-8425

PATCH
title:Top Pageurl:http://www.arrisi.com/products/product.asp?id=5017
Trust: 0.8
title:Patch for Arris VAP2500 Remote Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/52254
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2014-08532 // 
            
            
            
            JVNDB: JVNDB-2014-005685

EXTERNAL IDS
db:NVDid:CVE-2014-8425
Trust: 4.2
db:ZDIid:ZDI-14-387
Trust: 3.6
db:BIDid:71295
Trust: 1.7
db:JVNDBid:JVNDB-2014-005685
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-2135
Trust: 0.7
db:CNNVDid:CNNVD-201411-516
Trust: 0.7
db:CNVDid:CNVD-2014-08532
Trust: 0.6
db:EXPLOIT-DBid:35372
Trust: 0.2
db:VULHUBid:VHN-76370
Trust: 0.1
db:VULMONid:CVE-2014-8425
Trust: 0.1
sources:
            
            
            ZDI: ZDI-14-387 // 
            
            
            
            CNVD: CNVD-2014-08532 // 
            
            
            
            VULHUB: VHN-76370 // 
            
            
            
            VULMON: CVE-2014-8425 // 
            
            
            
            BID: 71295 // 
            
            
            
            JVNDB: JVNDB-2014-005685 // 
            
            
            
            CNNVD: CNNVD-201411-516 // 
            
            
            
            NVD: CVE-2014-8425

REFERENCES
url:http://www.zerodayinitiative.com/advisories/zdi-14-387/
Trust: 2.9
url:http://www.securityfocus.com/bid/71295
Trust: 1.3
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-8425
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-8425
Trust: 0.8
url:http://www.arrisi.com/products/product.asp?id=5017
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.exploit-db.com/exploits/35372/
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2014-08532 // 
            
            
            
            VULHUB: VHN-76370 // 
            
            
            
            VULMON: CVE-2014-8425 // 
            
            
            
            BID: 71295 // 
            
            
            
            JVNDB: JVNDB-2014-005685 // 
            
            
            
            CNNVD: CNNVD-201411-516 // 
            
            
            
            NVD: CVE-2014-8425

CREDITS
Ricky "HeadlessZeke" Lawshae
Trust: 1.6
sources:
            
            
            ZDI: ZDI-14-387 // 
            
            
            
            BID: 71295 // 
            
            
            
            CNNVD: CNNVD-201411-516

SOURCES
db:ZDIid:ZDI-14-387
db:CNVDid:CNVD-2014-08532
db:VULHUBid:VHN-76370
db:VULMONid:CVE-2014-8425
db:BIDid:71295
db:JVNDBid:JVNDB-2014-005685
db:CNNVDid:CNNVD-201411-516
db:NVDid:CVE-2014-8425

LAST UPDATE DATE
2025-04-12T23:16:58.818000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-14-387date:2014-11-25T00:00:00
db:CNVDid:CNVD-2014-08532date:2014-11-27T00:00:00
db:VULHUBid:VHN-76370date:2014-11-28T00:00:00
db:VULMONid:CVE-2014-8425date:2014-11-28T00:00:00
db:BIDid:71295date:2014-11-25T00:00:00
db:JVNDBid:JVNDB-2014-005685date:2014-12-01T00:00:00
db:CNNVDid:CNNVD-201411-516date:2014-12-02T00:00:00
db:NVDid:CVE-2014-8425date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:ZDIid:ZDI-14-387date:2014-11-25T00:00:00
db:CNVDid:CNVD-2014-08532date:2014-11-27T00:00:00
db:VULHUBid:VHN-76370date:2014-11-28T00:00:00
db:VULMONid:CVE-2014-8425date:2014-11-28T00:00:00
db:BIDid:71295date:2014-11-25T00:00:00
db:JVNDBid:JVNDB-2014-005685date:2014-12-01T00:00:00
db:CNNVDid:CNNVD-201411-516date:2014-11-27T00:00:00
db:NVDid:CVE-2014-8425date:2014-11-28T15:59:05.323