VAR-200604-0487
Vulnerability from variot - Updated: 2025-04-03 21:41na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI). IP3 Networks NetAccess NA75 devices are susceptible to multiple local vulnerabilities: - A command-injection vulnerability due to insufficient input-sanitization of user-supplied commands. This issue allows attackers to execute arbitrary shell commands in the underlying UNIX-based operating system. - An encrypted-password information-disclosure vulnerability. This issue may aid attackers in brute-force password-guessing attacks. - An insecure default-permissions vulnerability. This issue allows attackers to access or corrupt potentially sensitive information. These issues are present in version 4.0.34 of the device's firmware; other versions may also be affected.
TITLE: IP3 Networks NA75 SQL Injection Vulnerability and Weaknesses
SECUNIA ADVISORY ID: SA19818
VERIFY ADVISORY: http://secunia.com/advisories/19818/
CRITICAL: Less critical
IMPACT: Security Bypass, Manipulation of data, Exposure of sensitive information, Privilege escalation
WHERE:
From local network
OPERATING SYSTEM: IP3 Networks NA75 http://secunia.com/product/9602/
DESCRIPTION: Ralph Moonen has reported a vulnerability and some weaknesses in IP3 Networks NA75, which can be exploited by malicious, local users to potentially gain escalated privileges and disclose or manipulate sensitive information, or by malicious people to conduct SQL injection attacks.
1) Some input passed in the web interface is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Example: * The password field during login.
3) The shadow password file has world-readable permissions, which can be exploited to disclose other users' encrypted passwords.
4) The database file is stored with world-readable and world-writable permissions.
SOLUTION: Apply patch available from the vendor. http://www.ip3.com/supportoverview.htm
PROVIDED AND/OR DISCOVERED BY: Ralph Moonen
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200604-0487",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "netaccess 75",
"scope": "eq",
"trust": 1.6,
"vendor": "ip3",
"version": "4.0.34"
},
{
"model": "networks na75",
"scope": "eq",
"trust": 0.3,
"vendor": "ip3",
"version": "4.0.34"
}
],
"sources": [
{
"db": "BID",
"id": "17698"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Ralph Moonen reported these vulnerabilities.",
"sources": [
{
"db": "BID",
"id": "17698"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
}
],
"trust": 0.9
},
"cve": "CVE-2006-2043",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "CVE-2006-2043",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.0,
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 3.9,
"id": "VHN-18151",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-2043",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200604-519",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-18151",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18151"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via \"`\" (backtick) characters in the appliance\u0027s command line interface (CLI). IP3 Networks NetAccess NA75 devices are susceptible to multiple local vulnerabilities:\n- A command-injection vulnerability due to insufficient input-sanitization of user-supplied commands. This issue allows attackers to execute arbitrary shell commands in the underlying UNIX-based operating system. \n- An encrypted-password information-disclosure vulnerability. This issue may aid attackers in brute-force password-guessing attacks. \n- An insecure default-permissions vulnerability. This issue allows attackers to access or corrupt potentially sensitive information. \nThese issues are present in version 4.0.34 of the device\u0027s firmware; other versions may also be affected. \n\nTITLE:\nIP3 Networks NA75 SQL Injection Vulnerability and Weaknesses\n\nSECUNIA ADVISORY ID:\nSA19818\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/19818/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nSecurity Bypass, Manipulation of data, Exposure of sensitive\ninformation, Privilege escalation\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nIP3 Networks NA75\nhttp://secunia.com/product/9602/\n\nDESCRIPTION:\nRalph Moonen has reported a vulnerability and some weaknesses in IP3\nNetworks NA75, which can be exploited by malicious, local users to\npotentially gain escalated privileges and disclose or manipulate\nsensitive information, or by malicious people to conduct SQL\ninjection attacks. \n\n1) Some input passed in the web interface is not properly sanitised\nbefore being used in a SQL query. This can be exploited to manipulate\nSQL queries by injecting arbitrary SQL code. \n\nExample:\n* The password field during login. \n\n3) The shadow password file has world-readable permissions, which can\nbe exploited to disclose other users\u0027 encrypted passwords. \n\n4) The database file is stored with world-readable and world-writable\npermissions. \n\nSOLUTION:\nApply patch available from the vendor. \nhttp://www.ip3.com/supportoverview.htm\n\nPROVIDED AND/OR DISCOVERED BY:\nRalph Moonen\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2043"
},
{
"db": "BID",
"id": "17698"
},
{
"db": "VULHUB",
"id": "VHN-18151"
},
{
"db": "PACKETSTORM",
"id": "45748"
}
],
"trust": 1.35
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-18151",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18151"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "17698",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "19818",
"trust": 1.8
},
{
"db": "SREASON",
"id": "793",
"trust": 1.7
},
{
"db": "VUPEN",
"id": "ADV-2006-1540",
"trust": 1.7
},
{
"db": "NVD",
"id": "CVE-2006-2043",
"trust": 1.7
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519",
"trust": 0.7
},
{
"db": "BUGTRAQ",
"id": "20060424 MULTIPLE VULNERABILITIES IN IP3 NETWORKS \u0027NETACCESS\u0027 NA75 APPLIANCE",
"trust": 0.6
},
{
"db": "XF",
"id": "26108",
"trust": 0.6
},
{
"db": "XF",
"id": "3",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "9688",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-18151",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "45748",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18151"
},
{
"db": "BID",
"id": "17698"
},
{
"db": "PACKETSTORM",
"id": "45748"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"id": "VAR-200604-0487",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-18151"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-03T21:41:48.041000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/17698"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/19818"
},
{
"trust": 1.7,
"url": "http://securityreason.com/securityalert/793"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/archive/1/432007/100/0/threaded"
},
{
"trust": 1.1,
"url": "http://www.vupen.com/english/advisories/2006/1540"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26108"
},
{
"trust": 0.6,
"url": "http://www.securityfocus.com/archive/1/archive/1/432007/100/0/threaded"
},
{
"trust": 0.6,
"url": "http://xforce.iss.net/xforce/xfdb/26108"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2006/1540"
},
{
"trust": 0.3,
"url": "http://ip3networks.com/na75.htm"
},
{
"trust": 0.3,
"url": "http://www.ip3.com/"
},
{
"trust": 0.3,
"url": "/archive/1/432007"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://www.ip3.com/supportoverview.htm"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/9602/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/19818/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-18151"
},
{
"db": "BID",
"id": "17698"
},
{
"db": "PACKETSTORM",
"id": "45748"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-18151"
},
{
"db": "BID",
"id": "17698"
},
{
"db": "PACKETSTORM",
"id": "45748"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-04-26T00:00:00",
"db": "VULHUB",
"id": "VHN-18151"
},
{
"date": "2006-04-25T00:00:00",
"db": "BID",
"id": "17698"
},
{
"date": "2006-04-27T21:57:26",
"db": "PACKETSTORM",
"id": "45748"
},
{
"date": "2006-04-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"date": "2006-04-26T20:06:00",
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-18T00:00:00",
"db": "VULHUB",
"id": "VHN-18151"
},
{
"date": "2006-04-26T20:56:00",
"db": "BID",
"id": "17698"
},
{
"date": "2006-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200604-519"
},
{
"date": "2025-04-03T01:03:51.193000",
"db": "NVD",
"id": "CVE-2006-2043"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "17698"
},
{
"db": "PACKETSTORM",
"id": "45748"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
}
],
"trust": 1.0
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "IP3 Networks NetAccess NA75 Multiple Local Vulnerabilities",
"sources": [
{
"db": "BID",
"id": "17698"
},
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "lack of information",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200604-519"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…