CVE-2003-1264

TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.securityfocus.com/archive/1/305391	Exploit
http://www.securityfocus.com/archive/1/305344	Exploit
http://www.iss.net/security_center/static/10997.php
http://www.securityfocus.com/bid/6533
http://www.securitytracker.com/id?1005897

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:d-link:di-614\+:2.0:::::::*
	cpe:2.3:h:longshine_technologie:longshine_wireless_ethernet_access_point:lcs-883r-ac-b:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2008-09-05 13:36

NVD link : CVE-2003-1264

Mitre link : CVE-2003-1264

JSON object : View

CWE

NVD-CWE-Other

Products Affected

longshine_technologie

longshine_wireless_ethernet_access_point

d-link

di-614\+

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/305391", "name": "20030106 Re: Longshine WLAN Access-Point LCS-883R VU#310201", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/archive/1/305344", "name": "20030106 Longshine WLAN Access-Point LCS-883R VU#310201", "tags": ["Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://www.iss.net/security_center/static/10997.php", "name": "longshine-ap-tftp-access(10997)", "tags": [], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/6533", "name": "6533", "tags": [], "refsource": "BID"}, {"url": "http://www.securitytracker.com/id?1005897", "name": "1005897", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, and in D-Link DI-614+ 2.0 which is based on it, allows remote attackers to obtain the WEP secret and gain administrator privileges by downloading the configuration file (config.img) and other files without authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1264", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:d-link:di-614\\+:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:h:longshine_technologie:longshine_wireless_ethernet_access_point:lcs-883r-ac-b:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2008-09-05T20:36Z"}

5.0 /10