CVE-2004-0680 - Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML ma

CVE-2004-0680

Summary

Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access.

References

http://marc.info/?l=bugtraq&m=108915255520924&w=2
http://www.securityfocus.com/bid/10669
https://exchange.xforce.ibmcloud.com/vulnerabilities/16639

Vulnerable Configurations

cpe:2.3:h:zoom:model_5560_x3_ethernet_adsl_modem:*:*:*:*:*:*:*:*
cpe:2.3:h:zoom:model_5560_x3_ethernet_adsl_modem:*:*:*:*:*:*:*:*

CVSS

Base:	10.0 (as of 11-07-2017 - 01:30)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:C/I:C/A:C

refmap via4

bid	10669
bugtraq	20040706 backdoor menu on conexant chipset dsl router (Zoom X3)
xf	conexant-chipset-settings-restore(16639)

Last major update

11-07-2017 - 01:30

Published

06-08-2004 - 04:00

Last modified

11-07-2017 - 01:30