J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09

Title: 3Com OfficeConnect ADSL Wireless 11g Firewall Router Authentication Bypass Vulnerability

Severity: HIGH

Description:

3Com OfficeConnect ADSL Wireless 11g Firewall Router is a wireless network connectivity modem and router.

3Com OfficeConnect ADSL Wireless 11g Firewall Router is affected by an authentication bypass vulnerability; This issue is due to a failure of the device to properly validate an authenticated administrator.

The problem presents itself as the device can only be remotely administered by a single user at a time and the authentication validation is based solely on the IP address of the computer. When a second administrator attempts to authenticate to the device an error message is displayed along with the IP address of the user that is currently authenticated.

This will allow an attacker to spoof the administrator's IP address and gain administrative access to the device. It has been reported that this will allow an attacker to gain access to the plaintext administrator password as well as all other administrative interfaces.

An attacker could leverage this issue to gain administrative access to the affective device facilitating disclosure of administrator passwords, WEP encryption keys, configuration manipulation and denial of service.

It should be noted that this issue was originally reported in vulnerability report '3Com OfficeConnect ADSL Wireless 11g Firewall Router Multiple Unspecified Vulnerabilities' (BID 11422). It has been assigned its own BID as more information has been made available.

Affected Products:

  • 3Com 3CRWE754G72-A Wireless Connectivity Devices 0.0.0
  • 3Com OfficeConnect ADSL Wireless 11g Firewall Router 1.13.0 firmware
  • 3Com OfficeConnect ADSL Wireless 11g Firewall Router 1.23.0 firmware
  • 3Com OfficeConnect ADSL Wireless 11g Firewall Router 1.24.0 firmware

References:

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.