J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: 3Com 3CRADSL72 ADSL Wireless Router Information Disclosure and Authentication Bypass Vulnerabilities

Severity: HIGH

Description:

3Com 3CRADSL72 is an ADSL 11g wireless router.

3Com 3CRADSL72 is reported prone to an information disclosure, and an authentication bypass vulnerability. This issue can allow a remote attacker to disclose sensitive information such as the router name, primary and secondary DNS servers, default gateway. Attackers could also reportedly gain administrative access to the router.

It is reported that an attacker can simply gain access to sensitive configuration information by issuing a HTTP GET request for the 'app_sta.stm' file. Access to this file is not restricted.

If successful, the information gathered using this attack can be used to launch other attacks against the device and other users on the vulnerable network.

Reportedly, once users have accessed this URI, further connections to the web administration interface are considered authenticated with administrative privileges. This allows remote attackers to bypass authentication to gain administrative access to affected routers.

Routers with 'Runtime Code Version' of 1.05, and 'Boot Code Version' of 1.3d are reported susceptible to these vulnerabilities. Other versions are also possibly affected.

Routers with 'Runtime Code Version' of 1.00, and 'Boot Code Version' of 2.25 are reportedly not susceptible to the information disclosure vulnerability. It is unconfirmed at this time if this version is susceptible to the authentication bypass vulnerability.

Affected Products:

  • 3Com 3CRADSL72 Wireless Router 0.0.0

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.