PT-2004-2504 · 3Com · 3Com Wireless Router 3Cradsl72

Publicado

2004-10-13

Atualizado

2017-07-11

CVE-2004-1596

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions 3COM Wireless router 3CRADSL72 version Boot Code 1.3d

Description The issue allows remote attackers to gain sensitive information, such as passwords and router settings, via a direct HTTP request to "app sta.stm", which is an API endpoint.

Recommendations For 3COM Wireless router 3CRADSL72 version Boot Code 1.3d, consider restricting access to the "app sta.stm" API endpoint to minimize the risk of exploitation.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1596

Produtos afetados

3Com Wireless Router 3Cradsl72

PT-2004-2504 · 3Com · 3Com Wireless Router 3Cradsl72

CVE-2004-1596

Identificadores relacionados

Produtos afetados

Referências · 7