CERTA-2005-AVI-026

Vulnerability from certfr_avis - Published: 2005-01-24 - Updated: 2005-01-24

None

Description

Une vulnérabilité dans les points d'accès 3Com OfficeConnect Wireless 11g (référence 3CRWE454G72) permet à un utilisateur mal intentionné d'accéder, au travers de l'interface web, à des pages normalement cachées contenant des informations sensibles telles que le nom et mot de passe de l'administrateur.

Solution

Mettre à jour le firmware en version 1.03.07A.
Le firmware est téléchargeable à l'adresse suivante :

http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1

Tous les points d'accès 3Com OfficeConnect Wireless 11g (référence 3CRWE454G72) dont la version de firmware est antérieure à la version 1.03.07A.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTous les points d\u0027acc\u00e8s 3Com  OfficeConnect Wireless 11g (r\u00e9f\u00e9rence 3CRWE454G72) dont la  version de \u003cTT\u003efirmware\u003c/TT\u003e est ant\u00e9rieure \u00e0 la version  1.03.07A.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans les points d\u0027acc\u00e8s 3Com OfficeConnect Wireless\n11g (r\u00e9f\u00e9rence 3CRWE454G72) permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027acc\u00e9der, au travers de l\u0027interface web, \u00e0 des pages normalement\ncach\u00e9es contenant des informations sensibles telles que le nom et mot de\npasse de l\u0027administrateur.\n\n## Solution\n\nMettre \u00e0 jour le firmware en version 1.03.07A.  \nLe firmware est t\u00e9l\u00e9chargeable \u00e0 l\u0027adresse suivante :\n\n    http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1\n",
  "cves": [],
  "initial_release_date": "2005-01-24T00:00:00",
  "last_revision_date": "2005-01-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE 01.20.05 du 20 janvier 2005 :",
      "url": "http://www.idefense.com/application/poi/display?id=188"
    }
  ],
  "reference": "CERTA-2005-AVI-026",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s \u00e0 des informations sensibles non autoris\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 des points d\u0027acc\u00e8s 3Com OfficeConnect Wireless 11g",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE du 20 janvier 2005",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.