CVE-2003-1515

Current Description

Origo ASR-8100 ADSL Router 3.21 has an administration service running on port 254 that does not require a password, which allows remote attackers to cause a denial of service by restoring the factory defaults.

Basic Data

PublishedDecember 31, 2003
Last ModifiedJuly 29, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-264
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3HardwareOrigoAsr-8100adsl_router_3.21*******
    2.3HardwareOrigoAsr-8400adsl_router*******

Vulnerable Software List

VendorProductVersions
Origo Asr-8100 adsl_router_3.21
Origo Asr-8400 adsl_router

References

NameSourceURLTags
3300http://securityreason.com/securityalert/3300SREASONExploit
20031012 Origo ASR-8100 ADSL router remote factory resethttp://www.securityfocus.com/archive/1/341752BUGTRAQExploit
8855http://www.securityfocus.com/bid/8855BID
origo-default-settings-restore(13463)https://exchange.xforce.ibmcloud.com/vulnerabilities/13463XF