Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2003-2012 Digital DefenseDDI_MOTOROLA_VANGUARD_NO_PASS.NASL
HistoryJan 22, 2003 - 12:00 a.m.

Motorola Vanguard with No Password (telnet check)

2003-01-2200:00:00
This script is Copyright (C) 2003-2012 Digital Defense
www.tenable.com
33
JSON

This device is a Motorola Vanguard router and has no password set. An attacker can reconfigure this device without providing any authentication.

#
# This script was written by Geoff Humes <[email protected]>
#
# See the Nessus Scripts License for details
#

# Changes by Tenable:
# - Revised plugin title (9/2/09)
# - Revised plugin title (10/29/09)

include("compat.inc");

if(description)
{
	script_id(11203);
	script_version("$Revision: 1.10 $");
	script_cvs_date("$Date: 2012/08/15 21:05:11 $");

	script_cve_id("CVE-1999-0508");

	script_name(english:"Motorola Vanguard with No Password (telnet check)");
	script_summary(english:"Attempts to log into Vanguards.");
 

	script_set_attribute(attribute:"synopsis", value:
"The router does have a password.");
	script_set_attribute(attribute:"description", value:
"This device is a Motorola Vanguard router and has no password set.  An
attacker can reconfigure this device without providing any
authentication.");
script_set_attribute(attribute:"solution", value:
"Please set a strong password for this device.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'SNMP Community Scanner');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
	script_set_attribute(attribute:"plugin_publication_date", value:
"2003/01/22");
	script_set_attribute(attribute:"plugin_type", value:"remote");
	script_end_attributes();

	script_category(ACT_GATHER_INFO);
	script_copyright(english:"This script is Copyright (C) 2003-2012 Digital Defense");
	script_family(english:"Misc.");
	script_require_ports(23);
 
	exit(0);
}

include('telnet_func.inc');

function greprecv(socket, pattern)
{
 local_var buffer, cnt, _r;
 buffer = "";
 cnt = 0;
 while(1)
 {
  _r = recv_line(socket:socket, length:4096);
  if(strlen(_r) == 0)return(0);
  buffer = string(buffer, _r);
  if(ereg(pattern:pattern, string:_r))return(buffer);
  cnt = cnt + 1;
  if(cnt > 1024)return(0);
 }
}

#
# The script code starts here
#
port = 23;


if(get_port_state(port))
{
	banner = get_telnet_banner(port:port);
	if ( ! banner || "OK" >!< banner ) exit(0);

	soc = open_sock_tcp(port);
	if(soc)
	{
		buf = greprecv(socket:soc, pattern:".*OK.*");
		if(!buf)exit(0);
		send(socket:soc, data:string("atds0\r\n"));
		buf = greprecv(socket:soc, pattern:".*Password.*");
		if(!buf)exit(0);
		send(socket:soc, data:string("\r\n"));
		buf = greprecv(socket:soc, pattern:".*Logout.*");
		if(buf)security_hole(port);
		close(soc);
	}
}

Related

nessus 24
openvas 36
cvelist 1
cve 1
nessus
nessus
Shiva LanRover Blank Password
2002-06-05 00:00:00
3Com Superstack 3 Switch Multiple Default Accounts
2001-08-29 00:00:00
Linksys Router Default Password
2002-06-05 00:00:00
openvas
openvas
Enhydra Multiserver Default Password
2005-11-03 00:00:00
AOLserver Default Password
2005-11-03 00:00:00
Unprotected PC Anywhere Service
2005-11-03 00:00:00
cvelist
cvelist
CVE-1999-0508
2000-02-04 05:00:00
cve
cve
CVE-1999-0508
1998-06-01 04:00:00
JSON
Related for DDI_MOTOROLA_VANGUARD_NO_PASS.NASL
nessus24openvas36cvelist1cve1