Re: 3COM Wireless router (3CRADSL72) information disclosure

mccauley_at_gmx.net
Date: 10/15/04

Next message: Sinan Eren: "ms04-031 pre-auth ??"

Previous message: Some One: "Re: Format String Vulnerability in Valve's CS-Source"
In reply to: Karb0nOxyde -: "3COM Wireless router (3CRADSL72) information disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 15 Oct 2004 14:15:43 +0200
To: bugtraq@securityfocus.com

> The router gives you a web page with user name, password, primary and
> secondary DNS, default gateway, etc, if you access
> http://[routerIP]/app_sta.stm without athentification of any kind.
>
> Router details:
> Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
> Boot Code Version V1.3d
> Hardware Version 01A
> ADSL Modem Code Version 13.9.38
>
> The password given is the password that you use to connect to the
> internet, not to the router.

Information
Runtime Code Version: v1.00 (Dec 11 2003 22:19:05)
Boot Code Version: V2.25

http://192.168.0.1/app_sta.stm (Works, but no information leak...)

WAN Status: 1
WAN Type: 39
MAC Address: 00-00-00-00-00-00
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
Host Name:

Next message: Sinan Eren: "ms04-031 pre-auth ??"

Previous message: Some One: "Re: Format String Vulnerability in Valve's CS-Source"
In reply to: Karb0nOxyde -: "3COM Wireless router (3CRADSL72) information disclosure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]