3Com WIFI router remote administration vulnerability.

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: 3Com WIFI router remote administration vulnerability.
From: "Guy Mizrahi" <guy@xxxxxxxxxxxxxx>
Date: Wed, 10 Oct 2007 16:14:01 +0200
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

3Com 3CRWER100-75 is a wireless cable/DSL router (widely used here, inisrael).

The router has a web management interface in it's port 80 (available frominside the network).

When the administrator assign a virtual server to port 80 (In the managementweb filled under the firewall tab) and the line is not checked, the routercan be remotely managed using any computer in the internet (out of theinternal network).

When the line is checked – the outside message is TCP ERROR if there is noserver (if there is a web server – it will display the web site).

This behavior is regardless the fact that the remote management set to off(check for the state in the management web under: Advanced- Security-RemoteAdministration).




The router details are:

3C number 3CRWER100-75

Software version 1.2.10ww



Guy Mizrahi (ZuLL)

my hebrew blog: http://hacking.org.il

Prev by Date: Regarding vulnerability in ViArt Shop
Next by Date: wmtrssreader joomla component 1.0 Remote File Include Vulnerability
Previous by thread: Regarding vulnerability in ViArt Shop
Next by thread: wmtrssreader joomla component 1.0 Remote File Include Vulnerability
Index(es):
- Date
- Thread