Details of VAR-200307-0049

ID

VAR-200307-0049

TITLE

3Com DSL Router Management Interface Long Request Denial of Service Attack Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2003-2289

DESCRIPTION

The 3Com 812 OfficeConnect is a widely used DSL router. 3Com 812 OfficeConnect lacks proper handling of long requests submitted by users to the management interface. Remote attackers can exploit this vulnerability to denial the device. The DSL router does not have any authentication for the user to perform management interface access. Any LAN user submits a request of more than 512 bytes to the WEB management interface, which may cause the router to crash and need to be restarted to obtain normal services. A problem in the 3Com 812 OfficeConnect has been reported that may result in the router becoming unstable. Because of this, an attacker may be able to deny service to legitimate users of the vulnerable router by submitting an excessively long request

Trust: 0.81

sources: CNVD: CNVD-2003-2289 // BID: 8248

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2003-2289

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	3com	model:	officeconnect dsl router	scope:	eq	version:	8122.0	Trust: 0.3
vendor:	3com	model:	officeconnect dsl router	scope:	eq	version:	8121.1.9	Trust: 0.3
vendor:	3com	model:	officeconnect dsl router	scope:	eq	version:	8121.1.7	Trust: 0.3

sources: CNVD: CNVD-2003-2289 // BID: 8248

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2003-2289
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2003-2289
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2003-2289

THREAT TYPE

network

Trust: 0.3

sources: BID: 8248

TYPE

Boundary Condition Error

Trust: 0.3

sources: BID: 8248

EXTERNAL IDS

db:	BID	id:	8248	Trust: 0.9
db:	CNVD	id:	CNVD-2003-2289	Trust: 0.6

sources: CNVD: CNVD-2003-2289 // BID: 8248

REFERENCES

url:	http://marc.theaimsgroup.com/?l=bugtraq&m=105897526228843&w=2	Trust: 0.6
url:	http://www.3com.com/products/en_us/detail.jsp?tab=support&pathtype=support&sku=3cr414492-us	Trust: 0.3
url:	/archive/1/330102	Trust: 0.3

sources: CNVD: CNVD-2003-2289 // BID: 8248

CREDITS

Discovery credited to David F.Madrid.

Trust: 0.3

sources: BID: 8248

SOURCES

db:	CNVD	id:	CNVD-2003-2289
db:	BID	id:	8248

LAST UPDATE DATE

2022-05-17T02:00:51.758000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2003-2289	date:	2014-01-20T00:00:00
db:	BID	id:	8248	date:	2003-07-23T00:00:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2003-2289	date:	2003-07-23T00:00:00
db:	BID	id:	8248	date:	2003-07-23T00:00:00