CVE-2008-1252

2008-03-1017:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

Low

0.013 Low

EPSS

Percentile

85.9%

JSON

b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.

References

secunia.com/advisories/29414

www.gnucitizen.org/projects/router-hacking-challenge/

www.securityfocus.com/archive/1/489009/100/0/threaded

www.securityfocus.com/bid/28382

exchange.xforce.ibmcloud.com/vulnerabilities/41128