Main Menu

Login



Support Virus.Org

Help support Virus.Org by donating.
Donating allows us to keep this site free and pay the running costs of all our services.
3Com OfficeConnect 11G Access Point Vulnerability Shows Soft Under Belly PDF Print E-mail
Friday, 21 January 2005 12:09
iDefence (the people who bought you the pay for 0day business model) have released a vulnerability in the 3Com OfficeConnect 11G access point. The vulnerability allows an attacker who can connect to the administrative website on port 80 to obtain the username and password anonymously! The original advisory [here] details that certain URLs if requested directly require no authentication (go 3Com!!). Anyway the affected URLs are: 

	/main/config.bin
	/main/profile.wlp?PN=ggg
    	/main/event.logs
According to iDefence “These URLs will expose the administrative username and password in clear text, the WEP key and SSID, and the router log file respectively.” There is a patch available from 3Com here.

Add this page to your favorite Social Bookmarking websites
Digg! Reddit! Del.icio.us! Google! Live! Facebook! Technorati! StumbleUpon! Yahoo!
Last Updated ( Thursday, 14 September 2006 21:28 )