Ericsson HM220dp could allow an attacker to bypass authentication
| ericsson-hm220dp-auth-bypass (11290) |  Medium Risk |
Description:
Ericsson HM220dp ADSL modem could allow a local attacker to bypass authentication and gain administrative access to the Web administration interface. The Web administration interface does not require authentication. A remote attacker from within the Local Area Network (LAN) could use this vulnerability to gain unauthorized access to the Web administration interface and modify the device's configuration settings.
Consequences:
Bypass Security
Remedy:
No remedy available as of July 17, 2010.
References:
- BugTraq Mailing List, 2003-02-25 8:46:07: RE: Ericsson HM220dp ADSL modem Insecure Web Administration Vulne rability.
- BugTraq Mailing List, Tue Feb 11 2003 - 01:37:10 CST : Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability .
- BID-6824: Ericsson HM220dp DSL Modem World Accessible Web Administration Interface Vulnerability
- CVE-2003-1442: The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.
Platforms Affected:
- Ericsson Ericsson HM220dp
Reported:
Feb 11, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net