Virata-EmWeb unauthorized DSL modem access
| virata-emweb-unauth-access (24304) |  Medium Risk |
Description:
Virata-EmWeb, which is the built in Web server used on Intracom JetSpeed 500 and 520 and Allied Data Technologies CopperJet 811 RouterPlus DSL modems, could allow a remote attacker to obtain sensitive information. An attacker could use a default username and password to gain unauthorized access to device configuration settings and user information.
Platforms Affected:
- Allied Data Technologies, CopperJet RouterPlus 811
- INTRACOM, jetSpeed 500
- INTRACOM, jetSpeed 520
Remedy:
No remedy available as of June 27, 2009.
Consequences:
Obtain Information
References:
- Dinos' weblog 01.13.2006, The beauty of dsl connections in .gr at http://blog.globalnetworks.gr/?p=4.
- Full-Disclosure Mailing List, Mon Jan 16 2006 - 03:40:25 CST, Virata-EmWeb DSL modems at http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0532.html.
- CVE-2006-0248: Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests.
- SA18483: Intracom JetSpeed ADSL Modem Information Disclosure
- VUPEN/ADV-2006-0218: Intracom JetSpeed Security Bypass and Information Disclosure Issues
Reported:
Jan 16, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net