VAR-200412-0962
Vulnerability from variot - Updated: 2025-04-03 22:33The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. The Conseptronic CADSLR1 router is reported to contain a denial of service vulnerability. This vulnerability reportedly presents itself in the embedded HTTP server used for web-based administration of the router. When presented a large malformed request, the device will reportedly crash and reboot. This vulnerability could be exploited by a remote attacker to deny service to legitimate users. Due to code reuse across products, other Conseptronic devices may also be vulnerable to similar issues. TITLE: Conceptronic CADSLR1 Router Denial of Service Vulnerability
SECUNIA ADVISORY ID: SA12110
VERIFY ADVISORY: http://secunia.com/advisories/12110/
CRITICAL: Less critical
IMPACT: DoS
WHERE:
From local network
OPERATING SYSTEM: Conceptronic CADSLR1 http://secunia.com/product/3707/
DESCRIPTION: Jordi Corrales has reported a vulnerability in CADSLR1, allowing malicious people to cause a Denial of Service.
The problem is that the device fails to handle HTTP requests with a long username (65535 characters). This causes the device to reboot.
This has been reported to affect devices running firmware version 3.04n. Prior versions may also be affected.
SOLUTION: Filter access to the device or disable the HTTP service.
PROVIDED AND/OR DISCOVERED BY: Jordi Corrales
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200412-0962",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cadslr1 adsl router",
"scope": "eq",
"trust": 1.6,
"vendor": "conceptronic",
"version": "3.04n"
},
{
"model": "cadslr1 router",
"scope": null,
"trust": 0.3,
"vendor": "conceptronic",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "10769"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jordi Corrales",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
}
],
"trust": 0.6
},
"cve": "CVE-2004-2045",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2004-2045",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-10473",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2004-2045",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200412-1198",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-10473",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10473"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. The Conseptronic CADSLR1 router is reported to contain a denial of service vulnerability. \nThis vulnerability reportedly presents itself in the embedded HTTP server used for web-based administration of the router. When presented a large malformed request, the device will reportedly crash and reboot. \nThis vulnerability could be exploited by a remote attacker to deny service to legitimate users. \nDue to code reuse across products, other Conseptronic devices may also be vulnerable to similar issues. \nTITLE:\nConceptronic CADSLR1 Router Denial of Service Vulnerability\n\nSECUNIA ADVISORY ID:\nSA12110\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/12110/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nDoS\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nConceptronic CADSLR1\nhttp://secunia.com/product/3707/\n\nDESCRIPTION:\nJordi Corrales has reported a vulnerability in CADSLR1, allowing\nmalicious people to cause a Denial of Service. \n\nThe problem is that the device fails to handle HTTP requests with a\nlong username (65535 characters). This causes the device to reboot. \n\nThis has been reported to affect devices running firmware version\n3.04n. Prior versions may also be affected. \n\nSOLUTION:\nFilter access to the device or disable the HTTP service. \n\nPROVIDED AND/OR DISCOVERED BY:\nJordi Corrales\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org\n\n----------------------------------------------------------------------\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2045"
},
{
"db": "BID",
"id": "10769"
},
{
"db": "VULHUB",
"id": "VHN-10473"
},
{
"db": "PACKETSTORM",
"id": "33840"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-10473",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10473"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "10769",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "12110",
"trust": 1.8
},
{
"db": "NVD",
"id": "CVE-2004-2045",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20040721 DENIAL OF SERVICE IN CONCEPTRONIC CADSLR1 ROUTER",
"trust": 0.6
},
{
"db": "XF",
"id": "16746",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "363",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-10473",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "33840",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10473"
},
{
"db": "BID",
"id": "10769"
},
{
"db": "PACKETSTORM",
"id": "33840"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"id": "VAR-200412-0962",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-10473"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T22:33:04.966000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://www.shellsec.net/leer_advisory.php?id=5"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/10769"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/12110"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16746"
},
{
"trust": 1.0,
"url": "http://marc.info/?l=bugtraq\u0026m=109045084522857\u0026w=2"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/16746"
},
{
"trust": 0.6,
"url": "http://marc.theaimsgroup.com/?l=bugtraq\u0026m=109045084522857\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.conceptronic.net/"
},
{
"trust": 0.1,
"url": "http://marc.info/?l=bugtraq\u0026amp;m=109045084522857\u0026amp;w=2"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/3707/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/12110/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-10473"
},
{
"db": "BID",
"id": "10769"
},
{
"db": "PACKETSTORM",
"id": "33840"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-10473"
},
{
"db": "BID",
"id": "10769"
},
{
"db": "PACKETSTORM",
"id": "33840"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2004-12-31T00:00:00",
"db": "VULHUB",
"id": "VHN-10473"
},
{
"date": "2004-07-21T00:00:00",
"db": "BID",
"id": "10769"
},
{
"date": "2004-07-21T21:40:50",
"db": "PACKETSTORM",
"id": "33840"
},
{
"date": "2004-12-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"date": "2004-12-31T05:00:00",
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-07-11T00:00:00",
"db": "VULHUB",
"id": "VHN-10473"
},
{
"date": "2004-07-21T00:00:00",
"db": "BID",
"id": "10769"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200412-1198"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2004-2045"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Conceptronic CADSLR1 ADSL Router Service Rejection Vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Boundary Condition Error",
"sources": [
{
"db": "BID",
"id": "10769"
},
{
"db": "CNNVD",
"id": "CNNVD-200412-1198"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…