1.0.3.5

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

3com

NVD

Published: 2005-04-14

Updated: 2017-07-11

Summary

The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.

Vulnerable Configurations

Part	Description	Count
Hardware	3Com 3Com 3Crwe454G72 1.0.2 3Com 3Crwe454G72 1.0.2.11 3Com 3Crwe454G72 1.0.3.5	3

References

http://secunia.com/advisories/13942
http://securitytracker.com/id?1012958
http://www.idefense.com/application/poi/display?id=188&type=vulnerabilities
http://www.securityfocus.com/bid/12322
https://exchange.xforce.ibmcloud.com/vulnerabilities/18994