Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

BID:23562

Info

Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

Bugtraq ID: 23562
Class: Design Error
CVE: CVE-2007-2333
CVE-2007-2334
CVE-2007-2332
Remote: Yes
Local: No
Published: Apr 19 2007 12:00AM
Updated: Jul 06 2016 02:39PM
Credit: Detack GmbH is credited with discovering these issues.
Vulnerable: Nortel Networks VPN Router 5000
Nortel Networks VPN Router 2700
Nortel Networks VPN Router 1750 0
Nortel Networks VPN Router 1740
Nortel Networks VPN Router 1700
Nortel Networks VPN Router 1100
Nortel Networks VPN Router 1050
Nortel Networks VPN Router 1010
Nortel Networks Contivity 4000 VPN Switch
Nortel Networks Contivity 2000 VPN Switch
Nortel Networks Contivity 1000 VPN Switch
Not Vulnerable:

Discussion

Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

Nortel VPN routers are prone to multiple remote unauthorized-access vulnerabilities due to design errors.

Successful exploits will allow attackers to access administrative functionality and completely compromise vulnerable devices or gain direct access to the private network.

This issue affects all model numbers for Nortel VPN Routers 1000, 2000, 4000, 5000. Nortel VPN routers were formerly known as Contivity.

Exploit / POC

Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

Attackers may exploit these issues via a browser or through readily available networking tools.

Solution / Fix

Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

Solution:
Nortel released an advisory and fixes to address these issues. Please see the references for details.

References

Nortel VPN Routers Multiple Remote Unauthorized Access Vulnerabilities

References:
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report