VAR-200212-0704
Vulnerability from variot - Updated: 2025-04-03 22:37NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. A weakness has been discovered in NetDSL-800 router firmware. It has been reported that NetDSL-800 firmware, configured by certain Internet Service Providers(ISP), contains undocumented users. It is possible to obtain a target devices undocumented username and password using a network sniffer and the Arescom NetDSL Remote Manager. Access via undocumented accounts may allow attackers to corrupt configuration settings or cause a denial of service. It should be noted that all firmware configurations may not contain undocumented users. Firmware configured by the MSN ISP has been reported vulnreable. It should also be noted that it has not yet been confirmed whether unique username and passwords are generated for each device. Arescom NetDSL-800 is a pluggable, easy-to-use ADSL MODEM. There are undisclosed accounts in the NetDSL-800 firmware provided by some ISPs. There are undisclosed usernames and passwords in the NetDSL-800 firmware preset by MSN ISP, which can make, change settings, or conduct denial of service attacks
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200212-0704",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "network",
"scope": "eq",
"trust": 1.0,
"vendor": "microsoft",
"version": "5.5.11"
},
{
"model": "netdsl",
"scope": "eq",
"trust": 0.6,
"vendor": "arescom",
"version": "800"
},
{
"model": "netdsl-800",
"scope": null,
"trust": 0.3,
"vendor": "arescom",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "6064"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Justin Cervero\u203b Scorpion_1169@msn.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
}
],
"trust": 0.6
},
"cve": "CVE-2002-2380",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2002-2380",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-6763",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2002-2380",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200212-770",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-6763",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6763"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows remote attackers to gain access to configuration menus by sniffing undocumented usernames and passwords from network traffic. A weakness has been discovered in NetDSL-800 router firmware. \nIt has been reported that NetDSL-800 firmware, configured by certain Internet Service Providers(ISP), contains undocumented users. \nIt is possible to obtain a target devices undocumented username and password using a network sniffer and the Arescom NetDSL Remote Manager. Access via undocumented accounts may allow attackers to corrupt configuration settings or cause a denial of service. \nIt should be noted that all firmware configurations may not contain undocumented users. Firmware configured by the MSN ISP has been reported vulnreable. \nIt should also be noted that it has not yet been confirmed whether unique username and passwords are generated for each device. Arescom NetDSL-800 is a pluggable, easy-to-use ADSL MODEM. There are undisclosed accounts in the NetDSL-800 firmware provided by some ISPs. There are undisclosed usernames and passwords in the NetDSL-800 firmware preset by MSN ISP, which can make, change settings, or conduct denial of service attacks",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-2380"
},
{
"db": "BID",
"id": "6064"
},
{
"db": "VULHUB",
"id": "VHN-6763"
}
],
"trust": 1.26
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "6064",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-2380",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770",
"trust": 0.7
},
{
"db": "XF",
"id": "10498",
"trust": 0.6
},
{
"db": "NSFOCUS",
"id": "3771",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20021029 FURTHER PROBLEMS WITH ARESCOM NETDSL-800 MSN FIRMWARE VERSION 5.4.X AND UP",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-6763",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6763"
},
{
"db": "BID",
"id": "6064"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"id": "VAR-200212-0704",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-6763"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:37:36.492000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6763"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/6064"
},
{
"trust": 1.7,
"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00416.html"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/10498.php"
},
{
"trust": 0.6,
"url": "http://www.nsfocus.net/vulndb/3771"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-6763"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-6763"
},
{
"db": "BID",
"id": "6064"
},
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-6763"
},
{
"date": "2002-10-29T00:00:00",
"db": "BID",
"id": "6064"
},
{
"date": "2002-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"date": "2002-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-6763"
},
{
"date": "2002-10-29T00:00:00",
"db": "BID",
"id": "6064"
},
{
"date": "2002-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200212-770"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2002-2380"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Arescom NetDSL-800 There is an undisclosed account vulnerability in the firmware",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200212-770"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…