source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 220.127.116.11 and 18.104.22.168. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. http://target/apply.cgi?Page=adv_password.asp&action=ClearLog A dialog requesting credentials may appear. The action will be performed, even if "cancel" is clicked.
Related ExploitsOther Possible E-DB Search Terms: Dell TrueMobile 2300, Dell TrueMobile
|2004-02-22||Dell TrueMobile 1300 WLAN System 22.214.171.124 Tray Applet - Privilege Escalation||Ian Vitek|