---------------------------------------------------------------------- Did you know that a change in our assessment rating, exploit code availability, or if an updated patch is released by the vendor, is not part of this mailing-list? Click here to learn more: http://secunia.com/advisories/business_solutions/ ---------------------------------------------------------------------- TITLE: 3Com Wireless 8760 Access Point Multiple Vulnerabilities SECUNIA ADVISORY ID: SA32809 VERIFY ADVISORY: http://secunia.com/advisories/32809/ CRITICAL: Less critical IMPACT: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point http://secunia.com/advisories/product/19748/ DESCRIPTION: Adrian Pastor has reported some vulnerabilities in 3Com Wireless 8760 Dual-Radio 11a/b/g PoE Access Point, which can be exploited by malicious people to bypass certain security restrictions and disclose sensitive information, and by malicious users to conduct script insertion attacks. 1) The problem is that the authentication mechanism improperly restricts access to administration pages. This can be exploited to access restricted administration pages via HTTP requests originating from the IP address of the logged-in administrator. 2) The problem is that sensitive information is included in HTTP responses for e.g. the s_brief.htm and s.htm pages. This can be exploited to e.g. disclose the administrator's password included in hidden HTML form fields. 3) Input passed when setting the system name via SNMP requests is not properly sanitised before being stored. This can be exploited to inject arbitrary HTML and script code, which is executed in a user's browser session in context of an affected site when the malicious data is viewed. Successful exploitation of this vulnerability requires that the attacker has SNMP write privileges. The vulnerabilities are reported in firmware version 2.1.13b05_sh. Other versions may also be affected. SOLUTION: Restrict web interface and SNMP access. PROVIDED AND/OR DISCOVERED BY: Adrian Pastor, ProCheckUp Ltd ORIGINAL ADVISORY: http://www.packetstormsecurity.org/0811-exploits/PR07-40.txt ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------