Some vulnerabilities in 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information, and by malicious users to conduct script insertion attacks.
1) The problem is that the authentication mechanism improperly restricts access to administration pages. This can be exploited to access restricted administration pages via HTTP requests originating from the IP address of the logged-in administrator.
2) The problem is that sensitive information is included in HTTP responses for e.g. the s_brief.htm and s.htm pages. This can be exploited to e.g. disclose the administrator's password included in hidden HTML form fields.
3) Input passed when setting the system name via SNMP requests is not properly sanitised before being stored. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.
Successful exploitation of this vulnerability requires that the attacker has SNMP write privileges.
The vulnerabilities are reported in firmware version 2.1.13b05_sh. Other versions may also be affected.