Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
13 vulnerabilities by alcatel
CVE-2011-4505 (GCVE-0-2011-4505)
Vulnerability from cvelistv5 – Published: 2011-11-22 11:00 – Updated: 2024-09-16 20:32
VLAI
Summary
The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an "external forwarding" vulnerability.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/357851 | third-party-advisoryx_refsource_CERT-VN |
| http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.471Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-11-22T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#357851",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-4505",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware before 6.2.29 allows remote attackers to establish arbitrary port mappings by sending a UPnP AddPortMapping action in a SOAP request to the WAN interface, related to an \"external forwarding\" vulnerability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#357851",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/357851"
},
{
"name": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf",
"refsource": "MISC",
"url": "http://toor.do/DEFCON-19-Garcia-UPnP-Mapping-WP.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-4505",
"datePublished": "2011-11-22T11:00:00.000Z",
"dateReserved": "2011-11-22T00:00:00.000Z",
"dateUpdated": "2024-09-16T20:32:49.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4383 (GCVE-0-2008-4383)
Vulnerability from cvelistv5 – Published: 2008-10-03 22:00 – Updated: 2024-08-07 10:17
VLAI
Summary
Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/30652 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id?1020657 | vdb-entryx_refsource_SECTRACK |
| http://www.layereddefense.com/alcatel12aug.html | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://securityreason.com/securityalert/4347 | third-party-advisoryx_refsource_SREASON |
| http://secunia.com/advisories/31435 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/archive/1/495343/100… | mailing-listx_refsource_BUGTRAQ |
| http://www1.alcatel-lucent.com/psirt/statements/2… | x_refsource_CONFIRM |
| http://www.vupen.com/english/advisories/2008/2346 | vdb-entryx_refsource_VUPEN |
Date Public
2008-08-12 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:17:09.271Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-12T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "30652",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-4383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the Agranet-Emweb embedded management web server in Alcatel OmniSwitch OS7000, OS6600, OS6800, OS6850, and OS9000 Series devices with AoS 5.1 before 5.1.6.463.R02, 5.4 before 5.4.1.429.R01, 6.1.3 before 6.1.3.965.R01, 6.1.5 before 6.1.5.595.R01, and 6.3 before 6.3.1.966.R01 allows remote attackers to execute arbitrary code via a long Session cookie."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "30652",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30652"
},
{
"name": "1020657",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020657"
},
{
"name": "http://www.layereddefense.com/alcatel12aug.html",
"refsource": "MISC",
"url": "http://www.layereddefense.com/alcatel12aug.html"
},
{
"name": "omniswitch-session-bo(44400)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44400"
},
{
"name": "4347",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4347"
},
{
"name": "31435",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31435"
},
{
"name": "20080812 Layered Defense Research Advisory: Alcatel-Lucent OmniSwitch products, Stack Buffer Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/495343/100/0/threaded"
},
{
"name": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm",
"refsource": "CONFIRM",
"url": "http://www1.alcatel-lucent.com/psirt/statements/2008002/OmniSwitch.htm"
},
{
"name": "ADV-2008-2346",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2346"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-4383",
"datePublished": "2008-10-03T22:00:00.000Z",
"dateReserved": "2008-10-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T10:17:09.271Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5383 (GCVE-0-2007-5383)
Vulnerability from cvelistv5 – Published: 2007-10-12 01:00 – Updated: 2024-08-07 15:31
VLAI
Summary
The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a '/' (slash) character at the end of the PATH_INFO to cgi/b, aka "double-slash auth bypass." NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| http://www.gnucitizen.org/blog/holes-in-embedded-… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/489009/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/projects/router-hacking… | x_refsource_MISC |
| http://securityreason.com/securityalert/3213 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/25972 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/481835/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/blog/bt-home-flub-pwnin… | x_refsource_MISC |
| http://www.theregister.co.uk/2007/10/09/bt_home_h… | x_refsource_MISC |
Date Public
2007-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:57.305Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
},
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "bthomehub-cgib-auth-bypass(41271)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
},
{
"name": "20080301 The Router Hacking Challenge is Over!",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "bthomehub-cgib-auth-bypass(41271)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5383",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allows remote attackers on an intranet to bypass authentication and gain administrative access via vectors including a \u0027/\u0027 (slash) character at the end of the PATH_INFO to cgi/b, aka \"double-slash auth bypass.\" NOTE: remote attackers outside the intranet can exploit this by leveraging a separate CSRF vulnerability. NOTE: SpeedTouch 780 might also be affected by some of these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/holes-in-embedded-devices-authentication-bypass-pt-1/"
},
{
"name": "20080301 The Router Hacking Challenge is Over!",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/489009/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/projects/router-hacking-challenge/",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/projects/router-hacking-challenge/"
},
{
"name": "3213",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "bthomehub-cgib-auth-bypass(41271)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41271"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5383",
"datePublished": "2007-10-12T01:00:00.000Z",
"dateReserved": "2007-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:57.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5384 (GCVE-0-2007-5384)
Vulnerability from cvelistv5 – Published: 2007-10-12 01:00 – Updated: 2024-08-07 15:31
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3213 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/25972 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/481835/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/blog/bt-home-flub-pwnin… | x_refsource_MISC |
| http://www.theregister.co.uk/2007/10/09/bt_home_h… | x_refsource_MISC |
Date Public
2007-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.054Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5384",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to perform actions as administrators via unspecified POST requests, as demonstrated by enabling an inbound remote-assistance HTTPS session on TCP port 51003. NOTE: an authentication bypass can be leveraged to exploit this in the absence of an existing administrative session. NOTE: SpeedTouch 780 might also be affected by some of these issues."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3213",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5384",
"datePublished": "2007-10-12T01:00:00.000Z",
"dateReserved": "2007-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.054Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-5385 (GCVE-0-2007-5385)
Vulnerability from cvelistv5 – Published: 2007-10-12 01:00 – Updated: 2024-08-07 15:31
VLAI
Summary
Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://securityreason.com/securityalert/3213 | third-party-advisoryx_refsource_SREASON |
| http://www.securityfocus.com/bid/25972 | vdb-entryx_refsource_BID |
| http://www.securityfocus.com/archive/1/481835/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.gnucitizen.org/blog/bt-home-flub-pwnin… | x_refsource_MISC |
| http://www.theregister.co.uk/2007/10/09/bt_home_h… | x_refsource_MISC |
Date Public
2007-10-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:31:58.817Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-10-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3213",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-5385",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in the Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub 6.2.6.B and earlier, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3213",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3213"
},
{
"name": "25972",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25972"
},
{
"name": "20071008 BT Home Flub: Pwnin the BT Home Hub",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/481835/100/0/threaded"
},
{
"name": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub",
"refsource": "MISC",
"url": "http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub"
},
{
"name": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/",
"refsource": "MISC",
"url": "http://www.theregister.co.uk/2007/10/09/bt_home_hub_vuln/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-5385",
"datePublished": "2007-10-12T01:00:00.000Z",
"dateReserved": "2007-10-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T15:31:58.817Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-2377 (GCVE-0-2004-2377)
Vulnerability from cvelistv5 – Published: 2005-08-16 04:00 – Updated: 2024-08-08 01:22
VLAI
Summary
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/9745 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/10981 | third-party-advisoryx_refsource_SECUNIA |
| http://www.osvdb.org/4064 | vdb-entryx_refsource_OSVDB |
| http://www.securityfocus.com/archive/1/355134 | mailing-listx_refsource_BUGTRAQ |
| http://securitytracker.com/id?1009211 | vdb-entryx_refsource_SECTRACK |
Date Public
2004-02-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:22:13.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "alcatel-omniswitch-nessus-dos(15318)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15318"
},
{
"name": "9745",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9745"
},
{
"name": "10981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/10981"
},
{
"name": "4064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/4064"
},
{
"name": "20040219 Alcatel Omniswitch 7000 series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/355134"
},
{
"name": "1009211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009211"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "alcatel-omniswitch-nessus-dos(15318)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15318"
},
{
"name": "9745",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9745"
},
{
"name": "10981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/10981"
},
{
"name": "4064",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/4064"
},
{
"name": "20040219 Alcatel Omniswitch 7000 series",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/355134"
},
{
"name": "1009211",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009211"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2377",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alcatel-omniswitch-nessus-dos(15318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15318"
},
{
"name": "9745",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9745"
},
{
"name": "10981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/10981"
},
{
"name": "4064",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/4064"
},
{
"name": "20040219 Alcatel Omniswitch 7000 series",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/355134"
},
{
"name": "1009211",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009211"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2377",
"datePublished": "2005-08-16T04:00:00.000Z",
"dateReserved": "2005-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-08T01:22:13.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1484 (GCVE-0-2001-1484)
Vulnerability from cvelistv5 – Published: 2005-06-21 04:00 – Updated: 2024-08-08 04:58
VLAI
Summary
Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/211736 | third-party-advisoryx_refsource_CERT-VN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cert.org/advisories/CA-2001-08.html | third-party-advisoryx_refsource_CERT |
Date Public
2001-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#211736",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/211736"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#211736",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/211736"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1484",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#211736",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/211736"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1484",
"datePublished": "2005-06-21T04:00:00.000Z",
"dateReserved": "2005-06-21T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1424 (GCVE-0-2001-1424)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-08 04:58
VLAI
Summary
Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/212088 | third-party-advisoryx_refsource_CERT-VN |
| http://security.sdsc.edu/self-help/alcatel/alcate… | x_refsource_MISC |
| http://www.securityfocus.com/archive/1/175229 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/2568 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cert.org/advisories/CA-2001-08.html | third-party-advisoryx_refsource_CERT |
Date Public
2001-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.561Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#212088",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/212088"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "alcatel-blank-password(6335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6335"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#212088",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/212088"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "alcatel-blank-password(6335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6335"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1424",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, KHDSAA.132, KHDSBA.133, and KHDSAA.134 has a blank default password, which allows remote attackers to gain unauthorized access."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#212088",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/212088"
},
{
"name": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html",
"refsource": "MISC",
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "alcatel-blank-password(6335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6335"
},
{
"name": "CA-2001-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1424",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1426 (GCVE-0-2001-1426)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-08 04:58
VLAI
Summary
Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device's configurations.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/bid/2566 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/490344 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/archive/1/175229 | mailing-listx_refsource_BUGTRAQ |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.cert.org/advisories/CA-2001-08.html | third-party-advisoryx_refsource_CERT |
Date Public
2001-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:09.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2566",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2566"
},
{
"name": "VU#490344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/490344"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device\u0027s configurations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2566",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2566"
},
{
"name": "VU#490344",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/490344"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1426",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 has a TFTP server running without a password, which allows remote attackers to change firmware versions or the device\u0027s configurations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2566",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2566"
},
{
"name": "VU#490344",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/490344"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "alcatel-tftp-lan-access(6336)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6336"
},
{
"name": "CA-2001-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1426",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:09.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2001-1425 (GCVE-0-2001-1425)
Vulnerability from cvelistv5 – Published: 2005-03-22 05:00 – Updated: 2024-08-08 04:58
VLAI
Summary
The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
6 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/243592 | third-party-advisoryx_refsource_CERT-VN |
| http://security.sdsc.edu/self-help/alcatel/alcate… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/175229 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/2568 | vdb-entryx_refsource_BID |
| http://www.cert.org/advisories/CA-2001-08.html | third-party-advisoryx_refsource_CERT |
Date Public
2001-04-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:58:11.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#243592",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/243592"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "alcatel-expert-account(6354)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6354"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-04-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#243592",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/243592"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "alcatel-expert-account(6354)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6354"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "CA-2001-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-1425",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The challenge-response authentication of the EXPERT user for Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through KHDSAA.134 allows remote attackers to gain privileges by directly computing the response based on information that is provided by the device during login."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#243592",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/243592"
},
{
"name": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html",
"refsource": "MISC",
"url": "http://security.sdsc.edu/self-help/alcatel/alcatel-bugs.html"
},
{
"name": "alcatel-expert-account(6354)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6354"
},
{
"name": "20010410 multiple vulnerabilities in Alcatel Speed Touch DSL modems",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/175229"
},
{
"name": "2568",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2568"
},
{
"name": "CA-2001-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-08.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-1425",
"datePublished": "2005-03-22T05:00:00.000Z",
"dateReserved": "2005-03-22T00:00:00.000Z",
"dateUpdated": "2024-08-08T04:58:11.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1272 (GCVE-0-2002-1272)
Vulnerability from cvelistv5 – Published: 2004-09-01 04:00 – Updated: 2024-08-08 03:19
VLAI
Summary
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/6220 | vdb-entryx_refsource_BID |
| http://www.cert.org/advisories/CA-2002-32.html | third-party-advisoryx_refsource_CERT |
| http://www.kb.cert.org/vuls/id/181721 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2002-11-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:19:28.721Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/181721"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1272",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alcatel-omniswitch-backdoor(10664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10664"
},
{
"name": "6220",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6220"
},
{
"name": "CA-2002-32",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-32.html"
},
{
"name": "VU#181721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/181721"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1272",
"datePublished": "2004-09-01T04:00:00.000Z",
"dateReserved": "2002-11-06T00:00:00.000Z",
"dateUpdated": "2024-08-08T03:19:28.721Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-0119 (GCVE-0-2002-0119)
Vulnerability from cvelistv5 – Published: 2002-03-15 05:00 – Updated: 2024-08-08 02:35
VLAI
Summary
Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/7893.php | vdb-entryx_refsource_XF |
| http://online.securityfocus.com/archive/1/249746 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/3851 | vdb-entryx_refsource_BID |
Date Public
2002-01-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:35:17.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "alcatel-speedtouch-nmap-dos(7893)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7893.php"
},
{
"name": "20020111 Bug in alcatel speed touch home adsl modem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/249746"
},
{
"name": "3851",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/3851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-01-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-03-22T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "alcatel-speedtouch-nmap-dos(7893)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7893.php"
},
{
"name": "20020111 Bug in alcatel speed touch home adsl modem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/249746"
},
{
"name": "3851",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/3851"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0119",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a denial of service (reboot) via a network scan with unusual packets, such as nmap with OS detection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "alcatel-speedtouch-nmap-dos(7893)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7893.php"
},
{
"name": "20020111 Bug in alcatel speed touch home adsl modem",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/249746"
},
{
"name": "3851",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/3851"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0119",
"datePublished": "2002-03-15T05:00:00.000Z",
"dateReserved": "2002-03-15T00:00:00.000Z",
"dateUpdated": "2024-08-08T02:35:17.441Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1559 (GCVE-0-1999-1559)
Vulnerability from cvelistv5 – Published: 2001-09-12 04:00 – Updated: 2024-08-01 17:18
VLAI
Summary
Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://marc.info/?l=bugtraq&m=92299263017061&w=2 | mailing-listx_refsource_BUGTRAQ |
Date Public
1999-03-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:18:07.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "xylan-omniswitch-login(2064)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2064"
},
{
"name": "19990331 Xylan OmniSwitch \"features\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92299263017061\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-03-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "xylan-omniswitch-login(2064)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2064"
},
{
"name": "19990331 Xylan OmniSwitch \"features\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92299263017061\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the login prompt via a CTRL-D (control d) character, which locks other users out of the switch because it only supports one session at a time."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "xylan-omniswitch-login(2064)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/2064"
},
{
"name": "19990331 Xylan OmniSwitch \"features\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=92299263017061\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1559",
"datePublished": "2001-09-12T04:00:00.000Z",
"dateReserved": "2001-08-31T00:00:00.000Z",
"dateUpdated": "2024-08-01T17:18:07.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}