Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 has two template HTML files lacking certain verification tags, which allows remote attackers to access the administration interface and change the device configuration via certain requests.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Contivity | Nortel | 1000_vpn_switch (including) | 1000_vpn_switch (including) |
Contivity | Nortel | 2000_vpn_switch (including) | 2000_vpn_switch (including) |
Contivity | Nortel | 4000_vpn_switch (including) | 4000_vpn_switch (including) |
Vpn_router_5000 | Nortel | * | * |