Samsung DSL Modem Multiple Remote Vulnerabilities
BID:12864
Info
Samsung DSL Modem Multiple Remote Vulnerabilities
| Bugtraq ID: | 12864 |
| Class: | Design Error |
| CVE: |
CVE-2005-0864 CVE-2005-0865 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 21 2005 12:00AM |
| Updated: | Jul 12 2009 10:56AM |
| Credit: | "Morning Wood" <[email protected]> disclosed these vulnerabilities. |
| Vulnerable: |
Samsung DSL Modem SMDK8947v1.2 |
| Not Vulnerable: | |
Discussion
Samsung DSL Modem Multiple Remote Vulnerabilities
Multiple vulnerabilities are reported to exist in Samsung DSL modems.
The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files.
The second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem.
These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device.
Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected.
Multiple vulnerabilities are reported to exist in Samsung DSL modems.
The first issue is an information disclosure issue due to a failure of the device to block access to potentially sensitive files.
The second issue is a default backdoor account vulnerability. It is reported that multiple accounts exist on the modem by default, allowing remote attackers to gain administrative privileges on the modem.
These vulnerabilities may allow remote attackers to gain access to potentially sensitive information, or to gain administrative access to the affected device.
Samsung DSL modems running software version SMDK8947v1.2 are reported to be affected. Other devices and software versions are also likely affected.
Exploit / POC
Samsung DSL Modem Multiple Remote Vulnerabilities
An exploit is not required.
An exploit is not required.
Solution / Fix
Samsung DSL Modem Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Samsung DSL Modem Multiple Remote Vulnerabilities
References:
References:
- EXPL-A-2005-002 exploitlabs.com Advisory 031 (Donnie Werner)
- Samsung Homepage (Samsung)