CVE-2004-1596 - The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive

CVE-2004-1596

Summary

The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.

References

http://marc.info/?l=bugtraq&m=109778914829901&w=2
http://marc.info/?l=bugtraq&m=109810854031673&w=2
http://www.securityfocus.com/archive/1/378551
http://www.securityfocus.com/bid/11408
https://exchange.xforce.ibmcloud.com/vulnerabilities/17723

Vulnerable Configurations

cpe:2.3:h:3com:3cradsl72:*:*:*:*:*:*:*:*
cpe:2.3:h:3com:3cradsl72:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	11408
bugtraq	20041013 3COM Wireless router (3CRADSL72) information disclosure 20041015 More details on BID 11408 (3com 3cradsl72 wireless router) 20041015 Re: 3COM Wireless router (3CRADSL72) information disclosure
xf	3com-officeconnect-obtain-info(17723)

Last major update

11-07-2017 - 01:31

Published

13-10-2004 - 04:00

Last modified

11-07-2017 - 01:31