3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
BID:12322
Info
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
| Bugtraq ID: | 12322 |
| Class: | Access Validation Error |
| CVE: |
CVE-2005-0112 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 20 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | This issue was discovered by Patrik, cqure.net. |
| Vulnerable: |
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .03.05 3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02.11 3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02 |
| Not Vulnerable: |
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .03.07A |
Discussion
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
It is reported that this issue arises due to an access validation error and may allow remote unauthorized attackers to gain access to sensitive hidden Web pages through the product's Web management interface.
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 firmware versions prior to 1.03.07A are reported prone to this vulnerability.
It is reported that this issue arises due to an access validation error and may allow remote unauthorized attackers to gain access to sensitive hidden Web pages through the product's Web management interface.
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 firmware versions prior to 1.03.07A are reported prone to this vulnerability.
Exploit / POC
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
Solution:
The vendor has released firmware version 1.03.07A to address this issue.
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .03.05
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02.11
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02
Solution:
The vendor has released firmware version 1.03.07A to address this issue.
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .03.05
-
3Com 3CRWE454G72_19Jan05.exe
http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02.11
-
3Com 3CRWE454G72_19Jan05.exe
http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1
3Com OfficeConnect Wireless11g Access Point 3CRWE454G72 1.0 .02
-
3Com 3CRWE454G72_19Jan05.exe
http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1
References
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability
References:
References:
- 3Com® OfficeConnect® Wireless 11g Access Point (3Com)
- Office Connect Wirless 11G Access Point 3CRWE454G72 Software (3Com)
- iDEFENSE Security Advisory 01.20.05: 3Com OfficeConnect Wireless 11g AP Informat ("iDefense Customer Service"