Lucene search

MitreCVE-2005-2424

HistoryAug 03, 2005 - 4:00 a.m.

CVE-2005-2424

2005-08-0304:00:00

mitre

web.nvd.nist.gov

siemens

santis 50

ericsson

hn294dp

dynalink

rta300w

firmware

remote access

authentication

web interface

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.

Affected configurations

Nvd

Node

siemenssantis_50Match4.2.8.0

VendorProductVersionCPE
siemenssantis_504.2.8.0cpe:2.3:h:siemens:santis_50:4.2.8.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
siemens	santis_50	4.2.8.0	cpe:2.3:h:siemens:santis_50:4.2.8.0:::::::*

References

marc.info/?l=bugtraq&m=112230914431638&w=2

secunia.com/advisories/16215

www.osvdb.org/18294

www.securenetwork.it/advisories/

www.securityfocus.com/bid/14372

exchange.xforce.ibmcloud.com/vulnerabilities/21552

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7.6

Confidence

Low

EPSS

0.025

Percentile

90.3%

JSON

Related for CVE-2005-2424