Details of VAR-201609-0691

ID

VAR-201609-0691

TITLE

Design flaw in BDCOM Broadcom BSR2800-08C multi-service router

Trust: 0.6

sources: CNVD: CNVD-2016-06632

DESCRIPTION

BDCOM Broadcom BSR2800-08C multi-service router is a new generation of switched multi-service router platform developed by Shanghai Broad Data Communication Co., Ltd. This platform adopts a 64-bit multi-core processor + high-speed switching engine + FPGA supporting design scheme, and has excellent performance. The BDCOM Broadcom BSR2800-08C multi-service router has a design flaw vulnerability that allows an attacker to use this vulnerability to authenticate Authorization by forging a 401: Digest username = "admin bypasses authentication to access the system and obtain the administrator password.

Trust: 0.6

sources: CNVD: CNVD-2016-06632

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06632

AFFECTED PRODUCTS

vendor:

boda data communication

model:

bdcom boda bsr2800-08c multi-service router

scope:

version:

Trust: 0.6

sources: CNVD: CNVD-2016-06632

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2016-06632
value:	HIGH
Trust: 0.6

CNVD:	CNVD-2016-06632
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2016-06632

EXTERNAL IDS

db:

CNVD

id:

CNVD-2016-06632

Trust: 0.6

sources: CNVD: CNVD-2016-06632

SOURCES

db:

CNVD

id:

CNVD-2016-06632

LAST UPDATE DATE

2022-05-04T09:43:57.531000+00:00

SOURCES UPDATE DATE

db:

CNVD

id:

CNVD-2016-06632

date:

2016-08-24T00:00:00

SOURCES RELEASE DATE

db:

CNVD

id:

CNVD-2016-06632

date:

2016-09-21T00:00:00