CVE-2004-0311 - American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are sh

CVE-2004-0311

Summary

American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.

References

Vulnerable Configurations

cpe:2.3:h:apc:ap9606:3.0:*:*:*:*:*:*:*
cpe:2.3:h:apc:ap9606:3.0:*:*:*:*:*:*:*
cpe:2.3:h:apc:ap9606:3.0.1:*:*:*:*:*:*:*
cpe:2.3:h:apc:ap9606:3.0.1:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	9681
bugtraq	20040216 APC 9606 SmartSlot Web/SNMP management card "backdoor" 20040219 Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor"
confirm	http://nam-en.apc.com/cgi-bin/nam_en.cfg/php/enduser/std_adp.php?p_faqid=3131&p_created=1077139129
xf	apc-smartslot-default-password(15238)

Last major update

11-07-2017 - 01:30

Published

23-11-2004 - 05:00

Last modified

11-07-2017 - 01:30