1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




3Com Wireless 8760 Access Point Multiple Vulnerabilities

Report ID: SA32809
Source: Secunia
Date of Discovery: 24.11.2008
Criticality: Low
Affects:
3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point

Compromise From: From local network
Compromise Type: Exposure of sensitive information
Cross site scripting
Security bypass
Exposure of system information

Summary

Some vulnerabilities in 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information, and by malicious users to conduct script insertion attacks.

Detailed Description

Some vulnerabilities in 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information, and by malicious users to conduct script insertion attacks.

1) The problem is that the authentication mechanism improperly restricts access to administration pages. This can be exploited to access restricted administration pages via HTTP requests originating from the IP address of the logged-in administrator.

2) The problem is that sensitive information is included in HTTP responses for e.g. the s_brief.htm and s.htm pages. This can be exploited to e.g. disclose the administrator's password included in hidden HTML form fields.

3) Input passed when setting the system name via SNMP requests is not properly sanitised before being stored. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed.

Successful exploitation of this vulnerability requires that the attacker has SNMP write privileges.

The vulnerabilities are reported in firmware version 2.1.13b05_sh. Other versions may also be affected.

Solution

Restrict web interface and SNMP access.

Original Reference

-