PT-2005-1219 · 3Com · 3Com Officeconnect Wireless 11G Access Point

Published

2005-01-22

Updated

2017-07-11

CVE-2005-0112

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions 3Com OfficeConnect Wireless 11g Access Point versions 1.00.08 through 1.03.07A

Description The issue concerns the web-based administrative interface, which allows remote attackers to bypass authentication. This can be achieved by directly accessing specific URLs, including the "config.bin" file, the "profile.wlp" URL with a PN parameter set to ggg, or the "event.logs" URL.

Recommendations For versions 1.00.08 through 1.03.07A, consider restricting access to the web-based administrative interface until a fix is available. As a temporary workaround, avoid using the URLs "config.bin", "profile.wlp?PN=ggg", and "event.logs" to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0112

Affected Products

3Com Officeconnect Wireless 11G Access Point

PT-2005-1219 · 3Com · 3Com Officeconnect Wireless 11G Access Point

CVE-2005-0112

Related Identifiers

Affected Products

References · 6