PT-2004-2504 · 3Com · 3Com Wireless Router 3Cradsl72

Published

2004-10-13

Updated

2017-07-11

CVE-2004-1596

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions 3COM Wireless router 3CRADSL72 version Boot Code 1.3d

Description The issue allows remote attackers to gain sensitive information, such as passwords and router settings, via a direct HTTP request to "app sta.stm", which is an API endpoint.

Recommendations For 3COM Wireless router 3CRADSL72 version Boot Code 1.3d, consider restricting access to the "app sta.stm" API endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1596

Affected Products

3Com Wireless Router 3Cradsl72

PT-2004-2504 · 3Com · 3Com Wireless Router 3Cradsl72

CVE-2004-1596

Related Identifiers

Affected Products

References · 7