Vulnerability Details : CVE-2002-1810
D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to access the TFTP server without authentication and read the config.img file, which contains sensitive information such as the administrative password, the WEP encryption keys, and network configuration information.
Exploit prediction scoring system (EPSS) score for CVE-2002-1810
Probability of exploitation activity in the next 30 days: 0.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 50 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2002-1810
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2002-1810
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2002-1810
-
http://www.securityfocus.com/bid/6015
Broken Link;Third Party Advisory;VDB Entry
-
http://www.iss.net/security_center/static/10424.php
Broken Link
-
http://online.securityfocus.com/archive/1/296374
Broken Link;Third Party Advisory;VDB Entry
Products affected by CVE-2002-1810
- cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.1:*:*:*:*:*:*:*
- cpe:2.3:o:dlink:dwl-900ap\+_firmware:2.2:*:*:*:*:*:*:*