header-logo
Suggest Exploit
vendor:
AdvanceStack 10Base-T Switching Hubs
by:
SecurityFocus
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: AdvanceStack 10Base-T Switching Hubs
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HP AdvanceStack 10Base-T Switching Hubs Authentication Bypass Vulnerability

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly. The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker. Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page.

Mitigation:

Ensure that the administrative web pages are not directly accessible to unprivileged users.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4062/info

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.

The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker.

*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page. 

http://host/security/web_access.html

Navigation

Suggest Exploit

Services By CQR