Sweex Wireless Broadband Router Configuration Leakage

2004-05-12T06:39:03
ID OSVDB:6109
Type osvdb
Reporter Mark Janssen(maniac@maniac.nl)
Modified 2004-05-12T06:39:03

Description

Vulnerability Description

Sweex Wireless Broadband Router/Access Point contains a flaw that may lead to an unauthorized information disclosure. The problem is that the tftp service is running by default with no restrictions, which may allow a malicious user to access sensitive configuration information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Sweex Wireless Broadband Router/Access Point contains a flaw that may lead to an unauthorized information disclosure. The problem is that the tftp service is running by default with no restrictions, which may allow a malicious user to access sensitive configuration information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.sweex.com/product.asp?pid=288 Security Tracker: 1010143 Secunia Advisory ID:11603 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0574.html Keyword: Maniac Security Advisory 2004-01 ISS X-Force ID: 16140 CVE-2004-2455 Bugtraq ID: 10339