CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
9.6 | $0-$5k | 0.00 |
A vulnerability classified as very critical has been found in Router (Router Operating System) (unknown version). This affects an unknown code block of the component Administration Interface. The manipulation with an unknown input leads to a improper authentication vulnerability. CWE is classifying the issue as CWE-287. When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
A router s configuration service or management interface (such as a web server or telnet) is configured to allow connections from arbitrary hosts.
The weakness was published 01/01/1999 by Daniel Roethlisberger. This vulnerability is uniquely identified as CVE-1999-0571. The exploitability is told to be easy. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details are unknown but a public exploit is available. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/12/2019). Due to its background and reception, this vulnerability has a historic impact.
It is declared as highly functional. The vulnerability scanner Nessus provides a plugin with the ID 10714 (ZyXEL Router Default Telnet Password Present), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Misc. and running in the context r.
It is possible to mitigate the problem by applying the configuration setting .It is possible to mitigate the weakness by firewalling Administrative Access. The best possible mitigation is suggested to be the change of configuration settings.
The vulnerability is also documented in the databases at X-Force (5274) and Tenable (10714). Similar entry is available at 16076.
Product
Type
Name
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.8VulDB Meta Temp Score: 9.6
VulDB Base Score: 9.8
VulDB Temp Score: 9.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Improper authenticationCWE: CWE-287
ATT&CK: Unknown
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Highly functional
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 10714
Nessus Name: ZyXEL Router Default Telnet Password Present
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
OpenVAS ID: 17304
OpenVAS Name: Default web account on Zyxel
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: ConfigStatus: 🔍
0-Day Time: 🔍
Firewalling: 🔍
ISS Proventia IPS: 🔍
Timeline
01/01/1999 🔍01/01/1999 🔍
01/01/1999 🔍
08/09/2001 🔍
08/13/2001 🔍
09/01/2003 🔍
06/19/2014 🔍
05/12/2019 🔍
Sources
Researcher: Daniel RoethlisbergerStatus: Not defined
CVE: CVE-1999-0571 (🔍)
X-Force: 5274
Vulnerability Center: 1839 - [cisco-sa-20010823-cbos-webserver, cisco-sa-20001204-cbos, cisco-sa-20000921-secure-acs-nt] Multiple Vendor Routers Weak User Authentication, Medium
SecurityFocus: 3161 - ZyXEL Prestige Router Administration Interface Vulnerability
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 06/20/2014 00:55Updated: 05/12/2019 06:46
Changes: 06/20/2014 00:55 (69), 05/12/2019 06:46 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.