3Com 3CRADSL72 Router app_sta.stm Administrative Access

2004-10-13T19:26:00
ID OSVDB:10787
Type osvdb
Reporter Ivan Casado Ruiz(casadoi@yahoo.co.uk)
Modified 2004-10-13T19:26:00

Description

Vulnerability Description

The 3Com 3CRADSL72 contains a flaw that may lead unauthorized access to the entire administrative interface. The issue is due to the app_sta.stm page not requiring authentication to access. From this page, attackers can then use the links on the page to access the rest of the administrative section.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Restrict access to the device to trusted IP addresses and/or subnets.

Short Description

The 3Com 3CRADSL72 contains a flaw that may lead unauthorized access to the entire administrative interface. The issue is due to the app_sta.stm page not requiring authentication to access. From this page, attackers can then use the links on the page to access the rest of the administrative section.

Manual Testing Notes

http://[victim]/app_sta.stm.

References:

Secunia Advisory ID:12846 Related OSVDB ID: 10764 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0125.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0153.html CVE-2004-1596 Bugtraq ID: 11408