VAR-200902-0692
Vulnerability from variot - Updated: 2022-05-17 02:103Com OfficeConnect Wireless Cable/DSL is a small wireless router. The OfficeConnect Wireless Cable/DSL Router has a web console enabled by default for device management. Even if the http daemon does not allow access to HTML pages and web consoles without authentication, you can still call and execute existing CGI programs. System Tools-->Configuration-->Backup Configuration saves the actual configuration file to a plain text file called config.bin. Unauthenticated users can directly call the SaveCfgFile CGI program and download the configuration information, user, System configuration of sensitive information such as passwords and WIFI keys. This vulnerability can also be exploited remotely from the Internet if the Remote Administration option is enabled. The following is an example of sensitive content in the config.bin file: [...]pppoe_username=xxxxxxxxxxxxxxxpppoe_password=xxxxxxxxxpppoe_service_name=xxxxxxxxx[...]mradius_username=xxxxxxmradius_password=xxxxxxmradius_secret=xxxxxxx[...]http_username=xxxxxlogin_password=xxxxxhttp_passwd=xxxxx[.. .]AuthName=xxxxxxxAuthPassword=xxxxsnmpStatus=xxxxxxxsnmpRoCommunity=xxxxxxxxsnmpRwCommunity=xxxxxxxx[...]multi_dmz_wan_ip1=xxxxxxxxxx[...]lan_macaddr=xxxxxxxxxxxxx[...]. The 3Com OfficeConnect Wireless Cable/DSL Gateway is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications. Attackers can exploit this issue to obtain sensitive information that may aid in further attacks. The 3Com OfficeConnect Wireless Cable/DSL Gateway firmware 1.2.0 is vulnerable; other versions may also be affected
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200902-0692",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
},
{
"model": "officeconnect wireless 11g cable/dsl gateway",
"scope": "eq",
"trust": 0.3,
"vendor": "3com",
"version": "1.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"db": "BID",
"id": "33686"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Luca Carettoni",
"sources": [
{
"db": "BID",
"id": "33686"
}
],
"trust": 0.3
},
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2009-0746",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "CNVD",
"id": "CNVD-2009-0746",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3Com OfficeConnect Wireless Cable/DSL is a small wireless router. The OfficeConnect Wireless Cable/DSL Router has a web console enabled by default for device management. Even if the http daemon does not allow access to HTML pages and web consoles without authentication, you can still call and execute existing CGI programs. System Tools--\u003eConfiguration--\u003eBackup Configuration saves the actual configuration file to a plain text file called config.bin. Unauthenticated users can directly call the SaveCfgFile CGI program and download the configuration information, user, System configuration of sensitive information such as passwords and WIFI keys. This vulnerability can also be exploited remotely from the Internet if the Remote Administration option is enabled. The following is an example of sensitive content in the config.bin file: [...]pppoe_username=xxxxxxxxxxxxxxxpppoe_password=xxxxxxxxxpppoe_service_name=xxxxxxxxx[...]mradius_username=xxxxxxmradius_password=xxxxxxmradius_secret=xxxxxxx[...]http_username=xxxxxlogin_password=xxxxxhttp_passwd=xxxxx[.. .]AuthName=xxxxxxxAuthPassword=xxxxsnmpStatus=xxxxxxxsnmpRoCommunity=xxxxxxxxsnmpRwCommunity=xxxxxxxx[...]multi_dmz_wan_ip1=xxxxxxxxxx[...]lan_macaddr=xxxxxxxxxxxxx[...]. The 3Com OfficeConnect Wireless Cable/DSL Gateway is prone to an access-validation vulnerability because of a lack of authentication when users access specific administration applications. \nAttackers can exploit this issue to obtain sensitive information that may aid in further attacks. \nThe 3Com OfficeConnect Wireless Cable/DSL Gateway firmware 1.2.0 is vulnerable; other versions may also be affected",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"db": "BID",
"id": "33686"
}
],
"trust": 0.81
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "33686",
"trust": 0.9
},
{
"db": "CNVD",
"id": "CNVD-2009-0746",
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"db": "BID",
"id": "33686"
}
]
},
"id": "VAR-200902-0692",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
}
]
},
"last_update_date": "2022-05-17T02:10:54.392000Z",
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 0.6,
"url": "http://marc.info/?l=bugtraq\u0026m=123420157904113\u0026w=2"
},
{
"trust": 0.3,
"url": "http://www.3com.com/products/en_us/detail.jsp?tab=features\u0026sku=3crwe554g72\u0026pathtype=support"
},
{
"trust": 0.3,
"url": "/archive/1/500762"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"db": "BID",
"id": "33686"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"db": "BID",
"id": "33686"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2009-02-09T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"date": "2009-02-09T00:00:00",
"db": "BID",
"id": "33686"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-27T00:00:00",
"db": "CNVD",
"id": "CNVD-2009-0746"
},
{
"date": "2009-02-10T15:48:00",
"db": "BID",
"id": "33686"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "33686"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "3Com OfficeConnect Wireless Cable/DSL Router SaveCfgFile bypasses authentication vulnerability",
"sources": [
{
"db": "CNVD",
"id": "CNVD-2009-0746"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Access Validation Error",
"sources": [
{
"db": "BID",
"id": "33686"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…