Title: 3Com OfficeConnect ADSL Router DHCP Response Information Disclosure Vulnerability
Severity: MODERATE
Description:
OfficeConnect ADSL routers are hardware and switch solutions distributed by 3Com.
A problem with the OfficeConnect routers may make it possible for attackers to view potentially sensitive information. The vulnerability exists due to a flaw in the way memory is initialized when responding to certain requests. Specifically, when DHCP requests are initiated by clients, the router fails to properly initialize memory buffers which may result in the leakage of potentially sensitive information.
An attacker can exploit this vulnerability by making a DHCP request to a vulnerable router. This will result in the router answering the DHCP query without first properly initializing memory buffers. Successful exploitation may result in the attacker being able to view the contents of previous HTTP requests to the device.
This vulnerability was reported to affect 3Com OfficeConnect DSL Router 812 with firmware 1.1.7. Additional reports indicate that the 1.1.9 firmware is also affected.
Affected Products:
- 3Com OfficeConnect DSL Router 812 1.1.7
- 3Com OfficeConnect DSL Router 812 1.1.9
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
