Technorati
Digg
Delicious
Reddit
StumbleUpon
Furl
Yahoo
Twitter
Facebook
Newsvine
Severity: High
This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.Description
This signature detects an attempt to access a file on a 3Com ADSL router that contains critical router authentication information.Additional Information
3Com 3CRADSL72 is an ADSL 11g wireless router.3Com 3CRADSL72 is reportedly prone to an information disclosure, and an authentication bypass vulnerability. This issue can allow a remote attacker to disclose sensitive information such as the router name, primary and secondary DNS servers, and the default gateway. Attackers could also reportedly gain administrative access to the router.
It is reported that an attacker can simply gain access to sensitive configuration information by issuing an HTTP GET request for the 'app_sta.stm' file. Access to this file is not restricted.
If successful, the information gathered using this attack can be used to launch other attacks against the device and other users on the vulnerable network.
Reportedly, once users have accessed this URI, further connections to the Web administration interface are considered authenticated with administrative privileges. This allows remote attackers to bypass authentication to gain administrative access to affected routers.
Routers with 'Runtime Code Version' of 1.05, and 'Boot Code Version' of 1.3d are reported susceptible to these vulnerabilities. Other versions are also possibly affected.
Routers with 'Runtime Code Version' of 1.00, and 'Boot Code Version' of 2.25 are reportedly not susceptible to the information disclosure vulnerability. It is unconfirmed at this time if this version is susceptible to the authentication bypass vulnerability.
Affected
- 3Com 3CRADSL72 Wireless Router