header-logo
Suggest Exploit
vendor:
OfficeConnect Wireless Cable/DSL Router
by:
Luca Carettoni
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: OfficeConnect Wireless Cable/DSL Router
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and easily download the system configuration containing configuration information, users, passwords, wifi keys and other sensitive information.

Mitigation:

Ensure that authentication is required to access the SaveCfgFile.cgi program.
Source

Exploit-DB raw data:

==================================================== 
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

Original Advisory: 
http://www.ikkisoft.com/stuff/LC-2008-05.txt

luca.carettoni[at]ikkisoft[dot]com
==================================================== 

An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and 
easily download the system configuration containing configuration information, 
users, passwords, wifi keys and other sensitive information.

http://<IP>/SaveCfgFile.cgi

# milw0rm.com [2009-02-09]

Navigation

Suggest Exploit

Services By CQR