Vulnerability Name:

CVE-1999-0571 (CCN-1824)

Assigned:1997-02-15
Published:1997-02-15
Updated:2005-10-20
Summary:A router's configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
8.3 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Thu, 15 May 1997 16:39:33 -0400
MicroSolved finds hole in Ascom Timeplex Router Security

Source: MITRE
Type: CNA
CVE-1999-0571

Source: MITRE
Type: CNA
CVE-1999-1141

Source: CCN
Type: Ascom AG Bern, Switzerland Web site
Welcome to Ascom

Source: CCN
Type: OSVDB ID: 8793
Ascom Timeplex Router Debug Mode Unauthorized Activity

Source: XF
Type: UNKNOWN
ascom-timeplex-debug(1824)

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/h:ascom:timeplex_routers:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-1999-0571 (CCN-2091)

    Assigned:1998-08-14
    Published:1998-08-14
    Updated:1998-08-14
    Summary:Flowpoint DSL routers ship by default with no administrator password or with the password "admin". Either of these default conditions could allow a remote attacker to acquire administrative control of these devices.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, 14 Aug 1998 00:25:30
    FlowPoint 2000 DSL Routers..

    Source: CCN
    Type: BugTraq Mailing List, Wed, 14 Apr 1999 20:33:41 -0700
    Re: FlowPoint ADSL Reported Problem

    Source: MITRE
    Type: CNA
    CVE-1999-0508

    Source: MITRE
    Type: CNA
    CVE-1999-0571

    Source: XF
    Type: UNKNOWN
    default-flowpoint(2091)

    Vulnerability Name:

    CVE-1999-0571 (CCN-4003)

    Assigned:2000-02-25
    Published:2000-02-25
    Updated:2000-02-25
    Summary:NETGEAR ISDN Routers are vulnerable to a denial of service attack. If a remote attacker Telnets to the router and remains idle, it will not allow any other management sessions. This attack does not require the connecting user to authenticate.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Fri Feb 25 2000 - 13:59:34 CST
    DoSing the Netgear ISDN RT34x router.

    Source: MITRE
    Type: CNA
    CVE-1999-0571

    Source: CCN
    Type: BID-1010
    Nortel Netgear ISDN RH348 and RT328 Denial Of Service Vulnerabilities

    Source: XF
    Type: UNKNOWN
    netgear-router-idle-dos(4003)

    Vulnerability Name:

    CVE-1999-0571 (CCN-5185)

    Assigned:2000-09-04
    Published:2000-09-04
    Updated:2000-09-04
    Summary:The WaveNet Access 2458 wireless TCP/IP router could allow a remote attacker to gain access to the device's Web-based management console ("Command Module"). When authenticating to the Command Modele, the username and password are transmitted in plaintext. An attacker can use a sniffing tool program to obtain a valid username and password to login to the system. With access to the Command Module, the attacker can modify the configuration of the WaveNet router, and possibly compromise the WAN.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: BugTraq Mailing List, Mon Sep 04 2000 - 02:54:19 CDT
    Wireless Inc. WaveLink (Possibly Wavenet) 2458 family Command Module Vulnerability.

    Source: MITRE
    Type: CNA
    CVE-1999-0571

    Source: CCN
    Type: BID-1635
    WaveNet IP 2400/2458 Authentication Vulnerability

    Source: XF
    Type: UNKNOWN
    wavelink-authentication(5185)

    Vulnerability Name:

    CVE-1999-0571 (CCN-5514)

    Assigned:2000-11-11
    Published:2000-11-11
    Updated:2000-11-11
    Summary:Foundry Networks switches are vulnerable to a denial of service attack. A remote attacker can Telnet to the router, send a long password, and then press enter again before the login attempt times out, to cause the router to reset.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): None
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: CCN
    Type: BugTraq Mailing List, Sun Nov 12 2000 - 15:36:19 CST
    Re: Foundry DoS at login prompt

    Source: MITRE
    Type: CNA
    CVE-1999-0571

    Source: CCN
    Type: BID-1937
    Foundry Firmware Telnet Login Denial of Service Vulnerability

    Source: XF
    Type: UNKNOWN
    foundry-firmware-telnet-dos(5514)

    Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:foundrynet:serveriron:7.1.09:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-1999-0571 (CCN-6968)

    Assigned:2001-08-09
    Published:2001-08-09
    Updated:2001-08-09
    Summary:ZyXEL Prestige 642R and 642R-I DSL routers could allow a remote attacker to gain unauthorized access to the router’s configuration, caused by a vulnerability in the default administrator password. A remote attacker could establish an FTP or Telnet connection to the router and perform configuration changes, such as firmware upgrades and password changes.
    CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): None
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): None
    Vulnerability Consequences:Bypass Security
    References:Source: CCN
    Type: BugTraq Mailing List, Wed Aug 08 2001 - 22:07:55 CDT
    ZyXEL Prestige 642R: Exposed Admin Services on WAN with Default Password

    Source: MITRE
    Type: CNA
    CVE-1999-0571

    Source: CCN
    Type: BID-3161
    ZyXEL Prestige Router Administration Interface Vulnerability

    Source: CCN
    Type: ZyXEL Communications Web site
    ZyXEL

    Source: XF
    Type: UNKNOWN
    zyxel-router-default-password(6968)

    BACK
    ascom timeplex routers *
    foundrynet serveriron 7.1.09