CVE-2011-3997

Opengear console servers with firmware before 2.2.1 allow remote attackers to bypass authentication, and modify settings or access connected equipment, via unspecified vectors.

Weakness

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Affected Software

Name	Vendor	Start Version	End Version
Opengear_console_server_firmware	Opengear	*	2.1.0u7 (including)
Opengear_console_server_firmware	Opengear	2.0.4 (including)	2.0.4 (including)
Opengear_console_server_firmware	Opengear	2.0.4u1 (including)	2.0.4u1 (including)
Opengear_console_server_firmware	Opengear	2.0.6 (including)	2.0.6 (including)
Opengear_console_server_firmware	Opengear	2.0.8 (including)	2.0.8 (including)
Opengear_console_server_firmware	Opengear	2.0.9 (including)	2.0.9 (including)
Opengear_console_server_firmware	Opengear	2.1.0 (including)	2.1.0 (including)
Opengear_console_server_firmware	Opengear	2.1.0u1 (including)	2.1.0u1 (including)

Potential Mitigations

https://cwe.mitre.org/data/definitions/114.html
https://cwe.mitre.org/data/definitions/115.html
https://cwe.mitre.org/data/definitions/151.html
https://cwe.mitre.org/data/definitions/194.html
https://cwe.mitre.org/data/definitions/22.html
https://cwe.mitre.org/data/definitions/57.html
https://cwe.mitre.org/data/definitions/593.html
https://cwe.mitre.org/data/definitions/633.html
https://cwe.mitre.org/data/definitions/650.html
https://cwe.mitre.org/data/definitions/94.html

References

http://jvn.jp/en/jp/JVN71349007/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096
http://jvn.jp/en/jp/JVN71349007/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000096

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-3997
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References