var-200412-1004
Vulnerability from variot
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. Motorola WR850G is a wireless router.
The attacker gains access to the WEB interface through periodic access restricted 'ver.asp' scripts, and can obtain the WEB interface user name and password. Using this password, by accessing frame_debug.asp, the WEB SHELL can be obtained and executed on the system. Any command. This issue is caused by a design error and may allow an attacker to ultimately take complete control over the device. Motorola wireless router WR850G running firmware version 4.03 is reportedly affected by this issue. It is possible that other models and firmware versions are affected as well
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-1004",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "wr850g",
"scope": "eq",
"trust": 1.6,
"vendor": "motorola",
"version": "4.0.3_firmware"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "none",
"version": null
},
{
"model": "wr850g",
"scope": "eq",
"trust": 0.3,
"vendor": "motorola",
"version": "4.03"
},
{
"model": "wr850g",
"scope": "ne",
"trust": 0.3,
"vendor": "motorola",
"version": "5.13"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Daniel Fabian\u203b d.fabian@sec-consult.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
}
],
"trust": 0.6
},
"cve": "CVE-2004-1550",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2004-1550",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-9980",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-1550",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-222",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-9980",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9980"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. Motorola WR850G is a wireless router. \n\n\u00a0The attacker gains access to the WEB interface through periodic access restricted \u0027ver.asp\u0027 scripts, and can obtain the WEB interface user name and password. Using this password, by accessing frame_debug.asp, the WEB SHELL can be obtained and executed on the system. Any command. This issue is caused by a design error and may allow an attacker to ultimately take complete control over the device. \nMotorola wireless router WR850G running firmware version 4.03 is reportedly affected by this issue. It is possible that other models and firmware versions are affected as well",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1550"
},
{
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "VULHUB",
"id": "VHN-9980"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2004-1550",
"trust": 2.6
},
{
"db": "BID",
"id": "11241",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2004-2618",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "6955",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20040924 MOTOROLA WIRELESS ROUTER WR850G AUTHENTICATION CIRCUMVENTION",
"trust": 0.6
},
{
"db": "XF",
"id": "850",
"trust": 0.6
},
{
"db": "XF",
"id": "17474",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20040923 MOTOROLA WIRELESS ROUTER WR850G AUTHENTICATION CIRCUMVENTION",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-9980",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"db": "VULHUB",
"id": "VHN-9980"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"id": "VAR-200412-1004",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-9980"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T15:45:43.542000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/11241"
},
{
"trust": 1.7,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-september/026791.html"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17474"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=109613135105800\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/17474"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109613135105800\u0026w=2"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/6955"
},
{
"trust": 0.3,
"url": "http://broadband.motorola.com/consumers/products/wr850g/"
},
{
"trust": 0.3,
"url": "/archive/1/376384"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=109613135105800\u0026amp;w=2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-9980"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"db": "VULHUB",
"id": "VHN-9980"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-9980"
},
{
"date": "2004-09-23T00:00:00",
"db": "BID",
"id": "11241"
},
{
"date": "2004-09-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-9980"
},
{
"date": "2009-07-12T07:06:00",
"db": "BID",
"id": "11241"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-222"
},
{
"date": "2017-07-11T01:31:08.107000",
"db": "NVD",
"id": "CVE-2004-1550"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Motorola WR850G Wireless Router Remote Authentication Bypass Vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2004-2618"
},
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
}
],
"trust": 1.5
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Design Error",
"sources": [
{
"db": "BID",
"id": "11241"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-222"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…