Office Connect Wireless 11g Access Point Discloses System Information to Remote Users
|
|
SecurityTracker Alert ID: 1014578
|
|
SecurityTracker URL: http://securitytracker.com/id?1014578
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jul 26 2005
|
Impact: Disclosure of system information, Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.03.12
|
Description: A vulnerability was reported in the Office Connect Wireless 11g Access Point. A remote user can obtain system information.
A remote user can access "hidden" pages on the web interface to obtain sensitive administrative information.
|
Impact: A remote user can obtain sensitive administrative information.
|
Solution: The vendor has issued a fixed version (1.03.12), available at:
http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAP15
|
Vendor URL: www.3com.com/products/en_US/result.jsp?selected=6&sort=effdt&sku=3CRWE454G72&order=desc (Links to External Site)
|
Cause: Access control error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 26 Jul 2005 01:52:15 -0400
Subject: http://www.3com.com/products/en_US/result.jsp?selected=6&sort=effdt&sku=3CRWE454G72&order=desc
|
> Office Connect Wireless 11g Access Point (3CRWE454G72) release, version 1.03.12.
> 4. Unauthenticated users can obtain sensitive admin Information by accessing
> hidden pages on the Web interface.
|
|
