CVE-2002-0250

Name of the Vulnerable Software and Affected Versions HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier

Description The web configuration utility in the affected HP AdvanceStack hubs allows unauthorized users to bypass authentication. This can be achieved by making a direct HTTP request to the "web access.html" file. As a result, an unauthorized user can change the switch's configuration and modify the administrator password.

Recommendations For HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, consider restricting access to the web configuration utility until a patch is available. As a temporary workaround, avoid using the web access.html file for configuration changes.