ID CVE-2007-5419
Summary The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
References
Vulnerable Configurations
  • cpe:2.3:h:3com:3crwe554g72t:3crwer100-75:*:1.2.10ww:*:*:*:*:*
    cpe:2.3:h:3com:3crwe554g72t:3crwer100-75:*:1.2.10ww:*:*:*:*:*
CVSS
Base: 10.0 (as of 15-10-2018 - 21:44)
Impact:
Exploitability:
CWE CWE-16
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
bid 26009
bugtraq 20071010 3Com WIFI router remote administration vulnerability.
osvdb 43657
sreason 3217
Last major update 15-10-2018 - 21:44
Published 12-10-2007 - 21:17
Last modified 15-10-2018 - 21:44
Back to Top