CVE-2001-1135

ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/archive/1/204439	Vendor Advisory
http://www.securityfocus.com/bid/3346	Vendor Advisory
http://www.securityfocus.com/archive/1/214971	Vendor Advisory
http://www.securityfocus.com/archive/1/203592
http://www.securityfocus.com/archive/1/203022
https://exchange.xforce.ibmcloud.com/vulnerabilities/7146

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:h:zyxel:prestige:642r:*:*:*:*:*:*:*

Information

Published : 2001-08-13 21:00

Updated : 2017-12-18 18:29

NVD link : CVE-2001-1135

Mitre link : CVE-2001-1135

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

zyxel

prestige

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/204439", "name": "20010814 Fwd: ZyXEL Prestige 642 Router Administration Interface Vulnerability", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/3346", "name": "3346", "tags": ["Vendor Advisory"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/archive/1/214971", "name": "20010918 SECURITY RISK: ZyXEL ADSL Router 642R - WAN filter bypass from internal network", "tags": ["Vendor Advisory"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/203592", "name": "20010810 Re: ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/203022", "name": "20010809 ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7146", "name": "prestige-wan-bypass-filter(7146)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2001-1135", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2001-08-14T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:zyxel:prestige:642r:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-12-19T02:29Z"}