Vulnerability Name:

CVE-2002-0812 (CCN-1438)

Assigned:1998-11-17
Published:1998-11-17
Updated:2020-12-09
Summary:Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Denial of Service
References:Source: VULNWATCH
Type: Broken Link
20020809 Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points

Source: VULNWATCH
Type: Broken Link
20020813 Foundstone Labs Advisory - Information Leakage in Orinoco and Compaq Access Points [updated]

Source: MITRE
Type: CNA
CVE-2000-0147

Source: MITRE
Type: CNA
CVE-2000-0379

Source: MITRE
Type: CNA
CVE-2000-0515

Source: MITRE
Type: CNA
CVE-2001-0046

Source: MITRE
Type: CNA
CVE-2001-0380

Source: MITRE
Type: CNA
CVE-2001-1210

Source: MITRE
Type: CNA
CVE-2002-0478

Source: MITRE
Type: CNA
CVE-2002-0540

Source: MITRE
Type: CNA
CVE-2002-0812

Source: XF
Type: Broken Link
orinoco-rg-default-snmp(9810)

Source: CCN
Type: US-CERT VU#403315
Nortel Networks CVX 1800 discloses privileged information

Source: CCN
Type: BID-1177
Netopia DSL Router Vulnerability

Source: CCN
Type: BID-1327
HP SNMPD File Permission Vulnerabilities

Source: CCN
Type: BID-2066
Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability

Source: CCN
Type: BID-3758
Cisco Cable Access Router MIB Community Default Passwords Vulnerability

Source: CCN
Type: BID-4330
Foundry Networks EdgeIron SNMP Community String Read-Write Vulnerability

Source: CCN
Type: BID-4331
ISS RealSecure for Nokia IDS Devices Default KeyAdministrator Entry Vulnerability

Source: CCN
Type: BID-4507
Nortel CVX 1800 Multi-Service Access Switch Default SNMP Community Vulnerability

Source: BID
Type: Third Party Advisory, VDB Entry
5436

Source: CCN
Type: BID-5436
Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability

Source: CCN
Type: BID-973
SCO OpenServer SNMPD Default Community Vulnerability

Source: XF
Type: UNKNOWN
snmp-kill-interface(1438)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:hpe:compaq_wl310_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:hpe:compaq_wl310:-:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:proxim:orinoco_rg-1000_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:proxim:orinoco_rg-1000:-:*:*:*:*:*:*:*

  • Configuration 3:
  • cpe:/o:proxim:orinoco_rg-1100_firmware:-:*:*:*:*:*:*:*
  • AND
  • cpe:/h:proxim:orinoco_rg-1100:-:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:ibm:aix:*:*:*:*:*:*:*:*
  • OR cpe:/o:windriver:bsdos:*:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:sgi:irix:*:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:*:*:*:*:*:*:*:*
  • OR cpe:/o:sun:solaris:*:*:*:*:*:*:*:*
  • OR cpe:/o:ibm:os2:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_95:*:*:*:*:*:*:*:*
  • OR cpe:/a:data_general:dg_ux:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_nt:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98:*:*:*:*:*:*:*:*
  • OR cpe:/a:novell:netware:*:*:*:*:*:*:*:*
  • OR cpe:/o:sco:unix:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_98se:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2000:*:*:*:*:*:*:*:*
  • OR cpe:/o:cisco:ios:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_me:*:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:2003_server:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2002-0812 (CCN-9810)

    Assigned:2002-08-09
    Published:2002-08-09
    Updated:2002-08-09
    Summary:The ORiNOCO Residential Gateway access point and the Compaq WL310, which is based on the ORiNOCO Residential Gateway, use a system identification string as the default Simple Network Management Protocol (SNMP) community string. A remote attacker could use this vulnerability to view and modify sensitive system configuration information.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): None
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2002-0812

    Source: CCN
    Type: Foundstone Security Advisory FS-080902-APIL
    Leakage in Orinoco and Compaq Access Points

    Source: CCN
    Type: BID-5436
    Orinoco OEM Residential Gateway SNMP Community String Remote Configuration Vulnerability

    Source: XF
    Type: UNKNOWN
    orinoco-rg-default-snmp(9810)

    BACK
    hpe compaq wl310 firmware -
    hpe compaq wl310 -
    proxim orinoco rg-1000 firmware -
    proxim orinoco rg-1000 -
    proxim orinoco rg-1100 firmware -
    proxim orinoco rg-1100 -
    ibm aix *
    windriver bsdos *
    hp hp-ux *
    sgi irix *
    linux linux kernel *
    sun solaris *
    ibm os2 *
    microsoft windows 95 *
    data_general dg ux *
    microsoft windows nt 4.0
    microsoft windows 98 *
    novell netware *
    sco unix *
    microsoft windows 98se *
    microsoft windows 2000 *
    cisco ios *
    microsoft windows me *
    compaq tru64 *
    microsoft windows xp
    apple mac os *
    microsoft windows 2003_server