Lucene search

[email protected]CVE-2002-0396

HistoryJul 26, 2002 - 4:00 a.m.

CVE-2002-0396

2002-07-2604:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

red-m 1050

bluetooth access point

cve-2002-0396

session authentication

web server security

nvd

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

JSON

The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.

CPENameOperatorVersion
red-m:1050ap_lan_acess_pointred-m 1050ap lan acess pointeq*

CPE	Name	Operator	Version
red-m:1050ap_lan_acess_point	red-m 1050ap lan acess point	eq	*

References

www.atstake.com/research/advisories/2002/a060502-1.txt

www.securityfocus.com/bid/4940

exchange.xforce.ibmcloud.com/vulnerabilities/9265

6.8 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

75.5%

JSON

Related for CVE-2002-0396

securityvulns1