3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass

EDB-ID:

8022

CVE:


Author:

ikki

Type:

remote

Platform:

Hardware

Published:

2009-02-09

==================================================== 
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

Original Advisory: 
http://www.ikkisoft.com/stuff/LC-2008-05.txt

luca.carettoni[at]ikkisoft[dot]com
==================================================== 

An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and 
easily download the system configuration containing configuration information, 
users, passwords, wifi keys and other sensitive information.

http://<IP>/SaveCfgFile.cgi

# milw0rm.com [2009-02-09]