Secunia Security Advisory - Adrian Pastor has reported some vulnerabilities in 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information, and by malicious users to conduct script insertion attacks.
f7bf83b14e68186116d1b52532f5a1121233ae5a62402d1ecffbf17fa611cb81
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
3Com Wireless 8760 Access Point Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA32809
VERIFY ADVISORY:
http://secunia.com/advisories/32809/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Cross Site Scripting, Exposure of system
information, Exposure of sensitive information
WHERE:
>From local network
OPERATING SYSTEM:
3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point
http://secunia.com/advisories/product/19748/
DESCRIPTION:
Adrian Pastor has reported some vulnerabilities in 3Com Wireless 8760
Dual-Radio 11a/b/g PoE Access Point, which can be exploited by
malicious people to bypass certain security restrictions and disclose
sensitive information, and by malicious users to conduct script
insertion attacks.
1) The problem is that the authentication mechanism improperly
restricts access to administration pages. This can be exploited to
access restricted administration pages via HTTP requests originating
from the IP address of the logged-in administrator.
2) The problem is that sensitive information is included in HTTP
responses for e.g. the s_brief.htm and s.htm pages. This can be
exploited to e.g. disclose the administrator's password included in
hidden HTML form fields.
3) Input passed when setting the system name via SNMP requests is not
properly sanitised before being stored. This can be exploited to
inject arbitrary HTML and script code, which is executed in a user's
browser session in context of an affected site when the malicious
data is viewed.
Successful exploitation of this vulnerability requires that the
attacker has SNMP write privileges.
The vulnerabilities are reported in firmware version 2.1.13b05_sh.
Other versions may also be affected.
SOLUTION:
Restrict web interface and SNMP access.
PROVIDED AND/OR DISCOVERED BY:
Adrian Pastor, ProCheckUp Ltd
ORIGINAL ADVISORY:
http://www.packetstormsecurity.org/0811-exploits/PR07-40.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------