Title: 3Com DSL Router Administrative Interface Long Request Router Denial Of Service Vulnerability
Severity: HIGH
Description:
The 812 OfficeConnect is one of a series of DSL routers distributed and maintained by 3Com.
A vulnerability in the 3Com 812 OfficeConnect has been reported that may result in the router becoming unstable. Because of this, an attacker may be able to deny service to legitimate users of the vulnerable router.
The problem is in the handling of requests of excessive length by the administrative interface. When an attacker sends a string of 512 or more bytes to the administrative interface on port 80, the router reboots. This could be exploited repeatedly, resulting in an prolonged denial of service.
It should be noted that the administrative interface is reachable only via the LAN interface of the DSL router, and cannot be accessed by the untrusted network side by default.
It should also be noted that this issue is likely a memory corruption vulnerability. Although unconfirmed, a possibility exists that this issue may be exploitable to execute arbitrary code. This issue may also affect other 3Com routers.
Affected Products:
- 3Com OfficeConnect DSL Router 812 1.1.7
- 3Com OfficeConnect DSL Router 812 1.1.9
- 3Com OfficeConnect DSL Router 812 2.0.0
References:
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
