Ericsson HM220dp could allow an attacker to bypass authentication
| ericsson-hm220dp-auth-bypass (11290) |  Medium Risk |
Description:
Ericsson HM220dp ADSL modem could allow a local attacker to bypass authentication and gain administrative access to the Web administration interface. The Web administration interface does not require authentication. A remote attacker from within the Local Area Network (LAN) could use this vulnerability to gain unauthorized access to the Web administration interface and modify the device's configuration settings.
Platforms Affected:
- Ericsson, Ericsson HM220dp
Remedy:
No remedy available as of July 6, 2008.
Consequences:
Bypass Security
References:
- BugTraq Mailing List, 2003-02-25 8:46:07, RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne rability at http://marc.theaimsgroup.com/?l=bugtraq&m=104619331706574&w=2.
- BugTraq Mailing List, Tue Feb 11 2003 - 01:37:10 CST , Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability at http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html.
- BID-6824: Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability
- CVE-2003-1442: The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
Reported:
Feb 11, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net