source: http://www.securityfocus.com/bid/15770/info It is possible for remote attackers to gain control of a target TrueMobile 2300 running firmware versions 188.8.131.52 and 184.108.40.206. Other versions are likely affected. The vulnerability appears to be in an administrative component accessed through the web-based control interface. Unauthenticated attackers can force the device to reset the administrative credentials without authorization. Once credentials have been reset an attacker can log in and perform malicious actions, potentially compromising the entire LAN behind the device. http://target/apply.cgi?Page=adv_password.asp&action=ClearLog A dialog requesting credentials may appear. The action will be performed, even if "cancel" is clicked.
Related ExploitsOther Possible E-DB Search Terms: Dell TrueMobile 2300, Dell TrueMobile
|2004-02-22||Dell TrueMobile 1300 WLAN System 220.127.116.11 Tray Applet - Privilege Escalation||Ian Vitek|