Vulnerability Name:

CVE-2007-5420 (CCN-38114)

Assigned:2007-10-10
Published:2007-10-10
Updated:2018-10-15
Summary:The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.
CVSS v3 Severity:3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P)
2.1 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
2.6 Low (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
2.1 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N/E:U/RL:U/RC:UR)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-16
CWE-200
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Wed Oct 10 2007 - 09:14:01 CDT
3Com WIFI router remote administration vulnerability

Source: MITRE
Type: CNA
CVE-2007-5420

Source: OSVDB
Type: UNKNOWN
45490

Source: SREASON
Type: UNKNOWN
3217

Source: CCN
Type: 3Com Corporation Web site
3Com OfficeConnect Wireless 54 Mbps 11g Cable/DSL Router (3CRWER100-75)

Source: CCN
Type: OSVDB ID: 45490
3Com 3CRWER100-75 Router Persistent Web Page Product Information Disclosure

Source: BUGTRAQ
Type: UNKNOWN
20071010 3Com WIFI router remote administration vulnerability.

Source: BID
Type: UNKNOWN
26009

Source: CCN
Type: BID-26009
3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability

Source: XF
Type: UNKNOWN
3com-3crwer10075-information-disclosure(38114)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:3com:3crwe554g72t:3crwer100-75:*:1.2.10ww:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    3com 3crwe554g72t 3crwer100-75