CERTA-2005-AVI-026
Vulnerability from certfr_avis

None

Description

Une vulnérabilité dans les points d'accès 3Com OfficeConnect Wireless 11g (référence 3CRWE454G72) permet à un utilisateur mal intentionné d'accéder, au travers de l'interface web, à des pages normalement cachées contenant des informations sensibles telles que le nom et mot de passe de l'administrateur.

Solution

Mettre à jour le firmware en version 1.03.07A.
Le firmware est téléchargeable à l'adresse suivante :

http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1

Tous les points d'accès 3Com OfficeConnect Wireless 11g (référence 3CRWE454G72) dont la version de firmware est antérieure à la version 1.03.07A.

Impacted products
Vendor Product Description
References

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eTous les points d\u0027acc\u00e8s 3Com  OfficeConnect Wireless 11g (r\u00e9f\u00e9rence 3CRWE454G72) dont la  version de \u003cTT\u003efirmware\u003c/TT\u003e est ant\u00e9rieure \u00e0 la version  1.03.07A.\u003c/p\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 dans les points d\u0027acc\u00e8s 3Com OfficeConnect Wireless\n11g (r\u00e9f\u00e9rence 3CRWE454G72) permet \u00e0 un utilisateur mal intentionn\u00e9\nd\u0027acc\u00e9der, au travers de l\u0027interface web, \u00e0 des pages normalement\ncach\u00e9es contenant des informations sensibles telles que le nom et mot de\npasse de l\u0027administrateur.\n\n## Solution\n\nMettre \u00e0 jour le firmware en version 1.03.07A.  \nLe firmware est t\u00e9l\u00e9chargeable \u00e0 l\u0027adresse suivante :\n\n    http://webprd1.3com.com/swd/jsp/user/index.jsp?id=OCWAPG1\n",
  "cves": [],
  "initial_release_date": "2005-01-24T00:00:00",
  "last_revision_date": "2005-01-24T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE 01.20.05 du 20 janvier 2005 :",
      "url": "http://www.idefense.com/application/poi/display?id=188"
    }
  ],
  "reference": "CERTA-2005-AVI-026",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2005-01-24T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Acc\u00e8s \u00e0 des informations sensibles non autoris\u00e9"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9rabilit\u00e9 des points d\u0027acc\u00e8s 3Com OfficeConnect Wireless 11g",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE du 20 janvier 2005",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.