3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

2009-02-09T00:00:00
ID EDB-ID:8022
Type exploitdb
Reporter ikki
Modified 2009-02-09T00:00:00

Description

3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass. Remote exploit for hardware platform

                                        
                                            ==================================================== 
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

Original Advisory: 
http://www.ikkisoft.com/stuff/LC-2008-05.txt

luca.carettoni[at]ikkisoft[dot]com
==================================================== 

An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and 
easily download the system configuration containing configuration information, 
users, passwords, wifi keys and other sensitive information.

http://<IP>/SaveCfgFile.cgi

# milw0rm.com [2009-02-09]