ID
VAR-E-201009-0069
TITLE
Accton-based Switches Backdoor Password Vulnerability
Trust: 0.3
DESCRIPTION
Accton-based switches are prone to a security vulnerability due to the existence of a backdoor password.
Successful exploits will allow remote attackers to perform brute-force attacks and obtain the password used for HTTP, SSH, and Telnet services.
The following products are vulnerable:
3Com 3812
3Com 3870
EdgeCore ES4649
Dell PowerConnect 5224
Other products from multiple vendors that re-brand Accton switches may also be affected.
Trust: 0.3
AFFECTED PRODUCTS
| vendor: | edgecore | model: | es4649 | scope: | eq | version: | 0 | Trust: 0.3 |
| vendor: | dell | model: | powerconnect | scope: | eq | version: | 52240 | Trust: 0.3 |
| vendor: | 3com | model: | - | scope: | eq | version: | 38700 | Trust: 0.3 |
| vendor: | 3com | model: | - | scope: | eq | version: | 38120 | Trust: 0.3 |
EXPLOIT
Attackers can exploit this issue using readily available tools.
The following exploit code is available:
Bullet list:
<li><a href="/data/vulnerabilities/exploits/42947.pl">/data/vulnerabilities/exploits/42947.pl</a></li>
Trust: 0.3
PRICE
Free
Trust: 0.3
TYPE
Design Error
Trust: 0.3
CREDITS
Edwin Eefting
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 42947 | Trust: 0.3 |
REFERENCES
| url: | http://www.accton.com/ | Trust: 0.3 |
| url: | http://www.3com.com/ | Trust: 0.3 |
| url: | http://www.attackvector.org/vendor-response-to-backdoor-in-accton-switches-post/?utm_source=feedburner&utm_medium=feed&utm_campaign=feed%3a+attackvector+%28attack+vector%29 | Trust: 0.3 |
| url: | http://dell.com | Trust: 0.3 |
SOURCES
| db: | BID | id: | 42947 |
LAST UPDATE DATE
2022-07-27T09:19:27.239000+00:00
SOURCES UPDATE DATE
| db: | BID | id: | 42947 | date: | 2010-09-02T00:00:00 |
SOURCES RELEASE DATE
| db: | BID | id: | 42947 | date: | 2010-09-02T00:00:00 |