Details of VAR-200902-0692

ID

VAR-200902-0692

TITLE

3Com OfficeConnect Wireless Cable/DSL Router SaveCfgFile bypasses authentication vulnerability

Trust: 0.6

sources: CNVD: CNVD-2009-0746

DESCRIPTION

3Com OfficeConnect Wireless Cable/DSL is a small wireless router. The OfficeConnect Wireless Cable/DSL Router has a web console enabled by default for device management. Even if the http daemon does not allow access to HTML pages and web consoles without authentication, you can still call and execute existing CGI programs. System Tools-->Configuration-->Backup Configuration saves the actual configuration file to a plain text file called config.bin. Unauthenticated users can directly call the SaveCfgFile CGI program and download the configuration information, user, System configuration of sensitive information such as passwords and WIFI keys. This vulnerability can also be exploited remotely from the Internet if the Remote Administration option is enabled. The following is an example of sensitive content in the config.bin file: [...]pppoe_username=xxxxxxxxxxxxxxxpppoe_password=xxxxxxxxxpppoe_service_name=xxxxxxxxx[...]mradius_username=xxxxxxmradius_password=xxxxxxmradius_secret=xxxxxxx[...]http_username=xxxxxlogin_password=xxxxxhttp_passwd=xxxxx[.. .]AuthName=xxxxxxxAuthPassword=xxxxsnmpStatus=xxxxxxxsnmpRoCommunity=xxxxxxxxsnmpRwCommunity=xxxxxxxx[...]multi_dmz_wan_ip1=xxxxxxxxxx[...]lan_macaddr=xxxxxxxxxxxxx[...]. The 3Com OfficeConnect Wireless Cable/DSL Gateway is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The 3Com OfficeConnect Wireless Cable/DSL Gateway firmware 1.2.0 is vulnerable; other versions may also be affected

Trust: 0.81

sources: CNVD: CNVD-2009-0746 // BID: 33686

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2009-0746

AFFECTED PRODUCTS

vendor:	no	model:	-	scope:	-	version:	-	Trust: 0.6
vendor:	3com	model:	officeconnect wireless 11g cable/dsl gateway	scope:	eq	version:	1.2	Trust: 0.3

sources: CNVD: CNVD-2009-0746 // BID: 33686

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2009-0746
value:	MEDIUM
Trust: 0.6

CNVD:	CNVD-2009-0746
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

sources: CNVD: CNVD-2009-0746

THREAT TYPE

network

Trust: 0.3

sources: BID: 33686

TYPE

Access Validation Error

Trust: 0.3

sources: BID: 33686

EXTERNAL IDS

db:	BID	id:	33686	Trust: 0.9
db:	CNVD	id:	CNVD-2009-0746	Trust: 0.6

sources: CNVD: CNVD-2009-0746 // BID: 33686

REFERENCES

url:	http://marc.info/?l=bugtraq&m=123420157904113&w=2	Trust: 0.6
url:	http://www.3com.com/products/en_us/detail.jsp?tab=features&sku=3crwe554g72&pathtype=support	Trust: 0.3
url:	/archive/1/500762	Trust: 0.3

sources: CNVD: CNVD-2009-0746 // BID: 33686

CREDITS

Luca Carettoni

Trust: 0.3

sources: BID: 33686

SOURCES

db:	CNVD	id:	CNVD-2009-0746
db:	BID	id:	33686

LAST UPDATE DATE

2022-05-17T02:10:54.392000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2009-0746	date:	2014-01-27T00:00:00
db:	BID	id:	33686	date:	2009-02-10T15:48:00

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2009-0746	date:	2009-02-09T00:00:00
db:	BID	id:	33686	date:	2009-02-09T00:00:00