VAR-200811-0451
Vulnerability from variot - Updated: 2022-05-17 01:413Com Wireless 8760 Dual-Radio 11a/b/g PoE is a wireless access router for all types of businesses. The HTTP authentication mechanism of the 3Com AP 8760 is as follows: 1. The router checks whether the credentials submitted by the user are valid. 2. If valid, the router's web interface redirects the user to a URL that is only available to authenticated administrative users. Each time an authenticated URL is accessed, no authentication data is sent in the HTTP request, including the password or session ID. The AP simply uses the administrator's source IP address as the authentication data. That is to say, the authentication status only depends on the assumption that the attacker does not know the URL after authentication and the administrator does not share the same source IP address. As long as the administrator URL is accessed from a browser with the same IP address (such as by sharing the same proxy or NAT IP address), the authentication check can be completely bypassed. If you submit a malicious request to the 3Com AP 8760 router, you may also return sensitive data, including the administrator password, on some pages. When changing the system name via SNMP, if a cross-site scripting load is injected on a page such as a login page, the administrator password can be redirected to its own site by overwriting the operational properties of the login form. Successfully exploiting these issues will allow an attacker to obtain administrative credentials, bypass security mechanisms, or run attacker-supplied HTML and script code in the context of the web administration interface. The attacker may then be able to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200811-0451",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "wireless dual-radio 11a/b/g poe",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "87600"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"db": "BID",
"id": "32358"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Adrian Pastor of ProCheckUp Ltd",
"sources": [
{
"db": "BID",
"id": "32358"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2008-5684",
"impactScore": 7.8,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:C/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2008-5684",
"trust": 0.6,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3Com Wireless 8760 Dual-Radio 11a/b/g PoE is a wireless access router for all types of businesses. The HTTP authentication mechanism of the 3Com AP 8760 is as follows: 1. The router checks whether the credentials submitted by the user are valid. 2. If valid, the router\u0027s web interface redirects the user to a URL that is only available to authenticated administrative users. Each time an authenticated URL is accessed, no authentication data is sent in the HTTP request, including the password or session ID. The AP simply uses the administrator\u0027s source IP address as the authentication data. That is to say, the authentication status only depends on the assumption that the attacker does not know the URL after authentication and the administrator does not share the same source IP address. As long as the administrator URL is accessed from a browser with the same IP address (such as by sharing the same proxy or NAT IP address), the authentication check can be completely bypassed. If you submit a malicious request to the 3Com AP 8760 router, you may also return sensitive data, including the administrator password, on some pages. When changing the system name via SNMP, if a cross-site scripting load is injected on a page such as a login page, the administrator password can be redirected to its own site by overwriting the operational properties of the login form. \nSuccessfully exploiting these issues will allow an attacker to obtain administrative credentials, bypass security mechanisms, or run attacker-supplied HTML and script code in the context of the web administration interface. The attacker may then be able to steal cookie-based authentication credentials or control how the site is rendered to the user; other attacks are also possible",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"db": "BID",
"id": "32358"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "32358",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2008-5684",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"db": "BID",
"id": "32358"
}
]
},
"id": "VAR-200811-0451",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
}
]
},
"last_update_date": "2022-05-17T01:41:48.159000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.info/?l=bugtraq\u0026m=122712502118280\u0026w=2"
},
{
"trust": 0.3,
"url": "/archive/1/498489"
},
{
"trust": 0.3,
"url": "http://www.3com.com/products/en_us/detail.jsp?pathtype=purchase\u0026tab=features\u0026sku=3crwe876075"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"db": "BID",
"id": "32358"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"db": "BID",
"id": "32358"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-11-19T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"date": "2008-11-19T00:00:00",
"db": "BID",
"id": "32358"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-01-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2008-5684"
},
{
"date": "2008-11-19T18:04:00",
"db": "BID",
"id": "32358"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "32358"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3Com AP 8760 bypasses authentication, leaking passwords, and SNMP injection vulnerabilities",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2008-5684"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Unknown",
"sources": [
{
"db": "BID",
"id": "32358"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…