Dell TrueMobile 2300 - Remote Credential Reset Vulnerability

ID EDB-ID:26761
Type exploitdb
Reporter TNull
Modified 2005-12-07T00:00:00


Dell TrueMobile 2300 Remote Credential Reset Vulnerability. Webapps exploit for cgi platform


It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions and Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. 


A dialog requesting credentials may appear. The action will be performed, even if "cancel" is clicked.