CVE-2012-1250

Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051	Third Party Advisory VDB Entry
http://jvn.jp/en/jp/JVN85934986/index.html	Third Party Advisory
http://www.logitec.co.jp/info/2012/0516.html	Vendor Advisory
http://www.securityfocus.com/bid/53685	Third Party Advisory VDB Entry
http://secunia.com/advisories/49289	Broken Link

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:logitech:lan-w300n\/ru2_firmware:*:*:*:*:*:*:*:*

OR	cpe:2.3:h:logitech:lan-w300n\/r:-:::::::*
	cpe:2.3:h:logitech:lan-w300n\/rs:-:::::::*
	cpe:2.3:h:logitech:lan-w300n\/ru2:-:::::::*

Information

Published : 2012-06-04 10:55

Updated : 2022-02-25 10:40

NVD link : CVE-2012-1250

Mitre link : CVE-2012-1250

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

logitech

lan-w300n\/rs
lan-w300n\/ru2_firmware
lan-w300n\/ru2
lan-w300n\/r

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2012-000051", "name": "JVNDB-2012-000051", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "JVNDB"}, {"url": "http://jvn.jp/en/jp/JVN85934986/index.html", "name": "JVN#85934986", "tags": ["Third Party Advisory"], "refsource": "JVN"}, {"url": "http://www.logitec.co.jp/info/2012/0516.html", "name": "http://www.logitec.co.jp/info/2012/0516.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/53685", "name": "53685", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/49289", "name": "49289", "tags": ["Broken Link"], "refsource": "SECUNIA"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Logitec LAN-W300N/R routers with firmware before 2.27 do not properly restrict login access, which allows remote attackers to obtain administrative privileges and modify settings via vectors related to PPPoE authentication."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-264"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2012-1250", "ASSIGNER": "vultures@jpcert.or.jp"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2012-06-04T17:55Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:logitech:lan-w300n\\/ru2_firmware:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.27"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:h:logitech:lan-w300n\\/r:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:logitech:lan-w300n\\/rs:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:h:logitech:lan-w300n\\/ru2:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-02-25T18:40Z"}

10.0 /10