CVE-2005-0112

Name of the Vulnerable Software and Affected Versions 3Com OfficeConnect Wireless 11g Access Point versions 1.00.08 through 1.03.07A

Description The issue concerns the web-based administrative interface, which allows remote attackers to bypass authentication. This can be achieved by directly accessing specific URLs, including the "config.bin" file, the "profile.wlp" URL with a PN parameter set to ggg, or the "event.logs" URL.

Recommendations For versions 1.00.08 through 1.03.07A, consider restricting access to the web-based administrative interface until a fix is available. As a temporary workaround, avoid using the URLs "config.bin", "profile.wlp?PN=ggg", and "event.logs" to minimize the risk of exploitation.