Vulnerability Description
The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Iomega | Nas A300U Firmware | - |
| Iomega | Nas A300U | - |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.htmlBroken Link
- http://www.iss.net/security_center/static/10521.phpBroken Link
- http://www.securityfocus.com/bid/6092Broken LinkThird Party AdvisoryVDB Entry
- http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.htmlBroken Link
- http://www.iss.net/security_center/static/10521.phpBroken Link
- http://www.securityfocus.com/bid/6092Broken LinkThird Party AdvisoryVDB Entry
FAQ
What is CVE-2002-1949?
CVE-2002-1949 is a vulnerability with a CVSS score of 7.5 (HIGH). The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password.
How severe is CVE-2002-1949?
CVE-2002-1949 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-1949?
Check the references section above for vendor advisories and patch information. Affected products include: Iomega Nas A300U Firmware, Iomega Nas A300U.