Title: 3COM OfficeConnect HTTP Port Router Denial of Service Vulnerability
Severity: MODERATE
Description:
OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an onboard 4 port switch.
A problem has been discovered in the router firmware that could make it possible for remote users to deny service to legitimate users of networks serviced by the router.
During normal operation, if a user requests an HTTP connection to a 3com DSL router, they're presented with a prompt for authentication. Upon failing to authenticate, the user is sent a page displaying an image of the 3com logo.
The problem occurs in a user reaching this page, and requesting the name of the 3com image appended with a long string. The 3com image file can be viewed via directory http://3com.router/graphics/sml3com. However, upon appending a long string to the sml3com image name, the router becomes unstable, and power-cycles itself to resume normal operation.
The occurance of this can create a Denial of Service to networks serviced by this router.
Affected Products:
- 3Com OfficeConnect DSL Router 812 1.1.7
- 3Com OfficeConnect DSL Router 840 1.1.7
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
