CVE-2004-0328 - Gigabyte Gn-B46B Wireless Router Authentication Bypass Vulnerability

Publication

2004-11-23

Last modification

2017-07-11

Summary

Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.

Description

Gigabyte Gn-B46B appliance has been reported prone to an authentication bypass vulnerability. It has been reported that an attacker may save the router HTML menu on a local machine, the attacker may then use this menu to access and configure an accessible router without requiring prior authentication.

Solution

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: info@vumetric.com <mailto:info@vumetric.com>.

Exploit

There is no exploit required.

Risk level (CVSS AV:L/AC:L/Au:N/C:C/I:C/A:C)

High

7.2

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

Vendor Product Versions
Gigabyte GN B46B  1.003.00