CVE-2003-1442

The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html
http://marc.info/?l=bugtraq&m=104619331706574&w=2
http://www.securityfocus.com/bid/6824	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11290
http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html
http://marc.info/?l=bugtraq&m=104619331706574&w=2
http://www.securityfocus.com/bid/6824	Exploit Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/11290

Configurations

Configuration 1 (hide)

cpe:2.3:h:ericsson:hm220dp_adsl_modem:*:*:*:*:*:*:*:*

History

20 Nov 2024, 23:47

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html -~~	() http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html -
References	~~() http://marc.info/?l=bugtraq&m=104619331706574&w=2 -~~	() http://marc.info/?l=bugtraq&m=104619331706574&w=2 -
References	~~() http://www.securityfocus.com/bid/6824 - Exploit, Patch~~	() http://www.securityfocus.com/bid/6824 - Exploit, Patch
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/11290 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/11290 -

Information

Published : 2003-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2003-1442

Mitre link : CVE-2003-1442

CVE.ORG link : CVE-2003-1442

JSON object : View

Products Affected

ericsson

hm220dp_adsl_modem

CWE

CWE-287

Improper Authentication

{"id": "CVE-2003-1442", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": true, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2003-12-31T05:00:00.000", "references": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=104619331706574&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/6824", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11290", "source": "cve@mitre.org"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2003-02/0127.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://marc.info/?l=bugtraq&m=104619331706574&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/6824", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11290", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "The web administration page for the Ericsson HM220dp ADSL modem does not require authentication, which could allow remote attackers to gain access from the LAN side."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:ericsson:hm220dp_adsl_modem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EC9A306-F497-4A70-B42D-A3B33599F96F"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

7.5 /10