Vulnerability Details CVE-2002-0250
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.088
EPSS Ranking 92.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://marc.info/?l=bugtraq&m=101318469216213&w=2
- http://online.securityfocus.com/advisories/3870
- http://www.iss.net/security_center/static/8124.php
- http://www.securityfocus.com/bid/4062
- http://marc.info/?l=bugtraq&m=101318469216213&w=2
- http://online.securityfocus.com/advisories/3870
- http://www.iss.net/security_center/static/8124.php
- http://www.securityfocus.com/bid/4062
Products affected by CVE-2002-0250
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3200a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3201a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3202a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3203a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3204a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3205a:a.03.07
-
cpe:2.3:h:hp:advancestack_10base-t_switching_hub_j3210a:a.03.07