VAR-200205-0047
Vulnerability from variot - Updated: 2025-04-03 22:37Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password. HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching. It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly. The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker. *Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200205-0047",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "advancestack 10base-t switching hub j3202a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3200a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3203a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3210a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3204a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3201a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3205a",
"scope": "eq",
"trust": 1.6,
"vendor": "hp",
"version": "a.03.07"
},
{
"model": "advancestack 10base-t switching hub j3210a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3205a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3204a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3203a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3202a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3201a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
},
{
"model": "advancestack 10base-t switching hub j3200a a.03.07",
"scope": null,
"trust": 0.3,
"vendor": "hp",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "4062"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Tamer Sahin\u203b ts@securityoffice.net",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0250",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-0250",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4643",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-0250",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200205-056",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-4643",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4643"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch\u0027s configuration and modify the administrator password. HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching. \nIt has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly. \nThe attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker. \n*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0250"
},
{
"db": "BID",
"id": "4062"
},
{
"db": "VULHUB",
"id": "VHN-4643"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-4643",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4643"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4062",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0250",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20020208 HEWLETT PACKARD ADVANCESTACK SWITCH MANAGMENT AUTHENTICATION BYPASS VULNERABILITY",
"trust": 0.6
},
{
"db": "XF",
"id": "8124",
"trust": 0.6
},
{
"db": "HP",
"id": "HPSBUX0202-185",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21285",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-4643",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4643"
},
{
"db": "BID",
"id": "4062"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"id": "VAR-200205-0047",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4643"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:38.016000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4062"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/advisories/3870"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8124.php"
},
{
"trust": 1.1,
"url": "http://marc.info/?l=bugtraq\u0026m=101318469216213\u0026w=2"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=101318469216213\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.hp.com/cposupport/nonjsnav/hpadvances50727.html"
},
{
"trust": 0.3,
"url": "http://www.securityoffice.net/articles/hp/"
},
{
"trust": 0.1,
"url": ""
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4643"
},
{
"db": "BID",
"id": "4062"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4643"
},
{
"db": "BID",
"id": "4062"
},
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-05-29T00:00:00",
"db": "VULHUB",
"id": "VHN-4643"
},
{
"date": "2002-02-08T00:00:00",
"db": "BID",
"id": "4062"
},
{
"date": "2002-02-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"date": "2002-05-29T04:00:00",
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-4643"
},
{
"date": "2002-02-08T00:00:00",
"db": "BID",
"id": "4062"
},
{
"date": "2005-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200205-056"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-0250"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "HP AdvanceStack Switch Bypass management authentication vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "unknown",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200205-056"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…