3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

Bugtraq ID:	26009
Class:	Design Error
CVE:	CVE-2007-5420 CVE-2007-5419
Remote:	Yes
Local:	No
Published:	Oct 10 2007 12:00AM
Updated:	Jul 05 2016 10:00PM
Credit:	Guy Mizrahi is credited with the discovery of this issue.
Vulnerable:	3Com OfficeConnect Wireless 54Mbps 11g Cable/DSL Router 3CRWER100-75
Not Vulnerable:

3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

The 3Com OfficeConnect Wireless Cable/DSL Router is prone to a vulnerability that can result in unauthorized remote administration.

This issue occurs because the device fails to enforce certain security restrictions selected by the user.

This issue can result in a false sense of security because it exposes the device to remote access even though administrative settings state otherwise. Attackers can exploit this issue to potentially gain administrative access to the device.

3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

Attackers can exploit this issue via a browser.

3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

References:

• OfficeConnect® Wireless 54 Mbps 11g Cable/DSL Router Homepage (3Com)
  
• 3Com WIFI router remote administration vulnerability. (Guy Mizrahi)