Title --------- DDIVRT-2008-14 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point Malformed HTTP POST DoS Severity -------- Medium Date Discovered --------------- May 20, 2008 Discovered By ------------- Digital Defense, Inc. Vulnerability Research Team Credit: Brandon Shilling and r@b13$ Vulnerability Description ------------------------- The 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point is an enterprise-grade wireless access point. The web management interface is vulnerable to a DoS condition due to improper validation of malformed HTTP POST requests. Successful exploitation will result in a complete DoS of the device. Solution Description -------------------- 3Com has not addressed this issue at this time. Digital Defense, Inc. does not currently know of any work arounds for this flaw. Tested Systems / Software (with versions) ------------------------------------------ Tested against 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point, firmware unknown. Vendor Contact -------------- Name: 3Com Website: http://www.3com.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/