Vulnerability Name:

CVE-2005-0112 (CCN-18994)

Assigned:2005-01-20
Published:2005-01-20
Updated:2017-07-11
Summary:The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-0112

Source: CCN
Type: SA13942
OfficeConnect Wireless 11g Access Point Information Disclosure

Source: SECUNIA
Type: UNKNOWN
13942

Source: CCN
Type: SECTRACK ID: 1012958
3Com OfficeConnect Wireless 11g Access Point Discloses Passwords and Keys to Remote Users

Source: SECTRACK
Type: UNKNOWN
1012958

Source: CCN
Type: 3Com Download Web page
3Com Downloads

Source: CCN
Type: iDEFENSE Security Advisory 01.20.05
3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability

Source: IDEFENSE
Type: Vendor Advisory
20050120 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability

Source: CCN
Type: OSVDB ID: 13095
3Com OfficeConnect Wireless 11g AP Router Information Disclosure

Source: CCN
Type: OSVDB ID: 15181
3Com 3CRADSL72 Router config.bin Information Disclosure

Source: BID
Type: Patch, Vendor Advisory
12322

Source: CCN
Type: BID-12322
3Com OfficeConnect Wireless 11g Access Point 3CRWE454G72 Information Disclosure Vulnerability

Source: XF
Type: UNKNOWN
3com-officeconnect-information-disclosure(18994)

Source: XF
Type: UNKNOWN
3com-officeconnect-information-disclosure(18994)

Vulnerable Configuration:Configuration 1:
  • cpe:/h:3com:3crwe454g72:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crwe454g72:1.0.2.11:*:*:*:*:*:*:*
  • OR cpe:/h:3com:3crwe454g72:1.0.3.5:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    3com 3crwe454g72 1.0.2
    3com 3crwe454g72 1.0.2.11
    3com 3crwe454g72 1.0.3.5