Virata-EmWeb unauthorized DSL modem access
|virata-emweb-unauth-access (24304)||Medium Risk|
Virata-EmWeb, which is the built in Web server used on Intracom JetSpeed 500 and 520 and Allied Data Technologies CopperJet 811 RouterPlus DSL modems, could allow a remote attacker to obtain sensitive information. An attacker could use a default username and password to gain unauthorized access to device configuration settings and user information.
No remedy available as of September 1, 2014.
- Dinos' weblog 01.13.2006: The beauty of dsl connections in .gr.
- Full-Disclosure Mailing List, Mon Jan 16 2006 - 03:40:25 CST: Virata-EmWeb DSL modems.
- CVE-2006-0248: Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 and 520 and (2) Allied Data Technologies CopperJet 811 RouterPlus, allows remote attackers to access privileged information, such as user lists and configuration settings, via direct HTTP requests.
- OSVDB ID: 22467: Intracom JetSpeed ADSL Modem Multiple Default Accounts
- OSVDB ID: 22468: Multiple Vendor ADSL Modem Multiple Page Direct Request Authentication Bypass
- SA18483: Intracom JetSpeed ADSL Modem Information Disclosure
- Allied Data Technologies CopperJet RouterPlus 811
- INTRACOM jetSpeed 500
- INTRACOM jetSpeed 520
Jan 16, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this