Further information about flaws in 3COM's 3cradsl72 wireless router that suffers from information disclosure and authentication issues.
fda580d8674de81d42d6cd8245bcceed32d1ec127b6d704551f4b5de50711eb1
Hi,
I'm writing regarding BID 11408. I have this router at home for my ADSL
connection. The software versions of my router are:
Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
Boot Code Version V1.3d
Hardware Version 01A
ADSL Modem Code Version 13.9.38
(taken from http://192.168.2.1/index.stm)
Under this environment I describe the URL http://192.168.2.1/app_sta.stm
described in this BID not only discloses some critical information. After I
accessed this URL I could access the rest of the administrative web
interface of the router and view/change any parameter (WEP keys, IP
addresssing, firewall rules, dhcp server configuration....). After I access
this URL the router considers that I´m authenticated.
The router allows to configure if the router can be administered from the
external interface (internet). As a workarround users should turn off this
option. This restricts the vulnerability to internal only users, then
considering that this is a Wireless router the highest level of protection
should be used in the wireless configuration. I recommend using WPA-PSK and
deactivating the ESSID Broadcast option.
Kind regards,
Ivan Casado Ruiz