| Vulnerability Name: | CVE-2007-5419 (CCN-38111) | ||||||||
| Assigned: | 2007-10-10 | ||||||||
| Published: | 2007-10-10 | ||||||||
| Updated: | 2018-10-15 | ||||||||
| Summary: | The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface. | ||||||||
| CVSS v3 Severity: | 9.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C) 8.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
6.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:U/RC:UR)
| ||||||||
| Vulnerability Type: | CWE-16 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Wed Oct 10 2007 - 09:14:01 CDT 3Com WIFI router remote administration vulnerability Source: MITRE Type: CNA CVE-2007-5419 Source: OSVDB Type: UNKNOWN 43657 Source: SREASON Type: UNKNOWN 3217 Source: CCN Type: 3Com Corporation Web site 3Com OfficeConnect Wireless 54 Mbps 11g Cable/DSL Router (3CRWER100-75) Source: CCN Type: OSVDB ID: 43657 3Com 3CRWER100-75 Router Virtual Server Remote Administration Bypass Source: BUGTRAQ Type: UNKNOWN 20071010 3Com WIFI router remote administration vulnerability. Source: BID Type: UNKNOWN 26009 Source: CCN Type: BID-26009 3Com OfficeConnect Wireless Cable/DSL Router Unauthorized Remote Administration Vulnerability Source: XF Type: UNKNOWN 3com-3crwer10075-unauthorized-access(38111) | ||||||||
| Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
| BACK | |||||||||