ID OSVDB:4002 Type osvdb Reporter OSVDB Modified 2004-02-19T08:23:56
Description
Vulnerability Description
The WAP55AG Access Point contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with read access requests the SNMP read/write community string. This flaw may lead to a loss of confidentiality, integrity and/or availability.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
The WAP55AG Access Point contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with read access requests the SNMP read/write community string. This flaw may lead to a loss of confidentiality, integrity and/or availability.
{"type": "osvdb", "published": "2004-02-19T08:23:56", "href": "https://vulners.com/osvdb/OSVDB:4002", "bulletinFamily": "software", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/", "score": 6.4}, "viewCount": 5, "edition": 1, "reporter": "OSVDB", "title": "Linksys WAP55AG SNMP Community Strings Disclosure", "affectedSoftware": [{"operator": "eq", "version": "1.07", "name": "WAP55AG Access Point"}], "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2017-04-28T13:19:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0312"]}, {"type": "exploitdb", "idList": ["EDB-ID:23721"]}], "modified": "2017-04-28T13:19:58", "rev": 2}, "vulnersScore": 6.1}, "references": [], "id": "OSVDB:4002", "lastseen": "2017-04-28T13:19:58", "cvelist": ["CVE-2004-0312"], "modified": "2004-02-19T08:23:56", "description": "## Vulnerability Description\nThe WAP55AG Access Point contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with read access requests the SNMP read/write community string. This flaw may lead to a loss of confidentiality, integrity and/or availability.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nThe WAP55AG Access Point contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with read access requests the SNMP read/write community string. This flaw may lead to a loss of confidentiality, integrity and/or availability.\n## References:\nVendor URL: http://www.linksys.com/products/product.asp?prid=538&scid=35\n[Secunia Advisory ID:10923](https://secuniaresearch.flexerasoftware.com/advisories/10923/)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-02/0488.html\nKeyword: Disclosure\nKeyword: Linksys\nKeyword: WAP55AG\nKeyword: SNMP\nISS X-Force ID: 15257\n[CVE-2004-0312](https://vulners.com/cve/CVE-2004-0312)\nBugtraq ID: 9688\n"}
{"cve": [{"lastseen": "2020-10-03T11:33:38", "description": "Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.", "edition": 3, "cvss3": {}, "published": "2004-11-23T05:00:00", "title": "CVE-2004-0312", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0312"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/h:linksys:wap55ag:1.0.7"], "id": "CVE-2004-0312", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0312", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:h:linksys:wap55ag:1.0.7:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-02T21:39:14", "description": "Linksys WAP55AG 1.0.7 SNMP Community String Insecure Configuration Vulnerability. CVE-2004-0312. Remote exploit for hardware platform", "published": "2004-02-18T00:00:00", "type": "exploitdb", "title": "Linksys WAP55AG 1.0.7 SNMP Community String Insecure Configuration Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2004-0312"], "modified": "2004-02-18T00:00:00", "id": "EDB-ID:23721", "href": "https://www.exploit-db.com/exploits/23721/", "sourceData": "source: http://www.securityfocus.com/bid/9688/info\r\n\r\nLinksys WAP55AG appliance has been reported prone to an insecure default configuration vulnerability.\r\n\r\nIt has been reported that all SNMP MIB (Management Information Base) community strings, even read/write strings may be disclosed to a remote attacker if the attacker makes certain queries to the affected appliance.\r\n\r\nAn attacker may disclose sensitive information in this manner. Although unconfirmed, it may also be possible for the attacker to manipulate the appliance configuration through writeable strings.\r\n\r\nQuerying OID:\r\n1.3.6.1.4.1.3955.2.1.13.1.2.\r\n\r\n1.3.6.1.4.1.3955.2.1.13.1.2.1 = STRING: \"public\"\r\n1.3.6.1.4.1.3955.2.1.13.1.2.2 = STRING: \"private\"", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23721/"}]}
