CVE-2005-0112

The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/13942
http://securitytracker.com/id?1012958
http://www.idefense.com/application/poi/display?id=188&type=vulnerabilities	Vendor Advisory
http://www.securityfocus.com/bid/12322	Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/18994

Configurations

Configuration 1 (hide)

OR	cpe:2.3:h:3com:3crwe454g72:1.0.2:::::::*
	cpe:2.3:h:3com:3crwe454g72:1.0.2.11:::::::*
	cpe:2.3:h:3com:3crwe454g72:1.0.3.5:::::::*

History

No history.

Information

Published : 2005-04-14 04:00

Updated : 2017-07-11 01:32

NVD link : CVE-2005-0112

Mitre link : CVE-2005-0112

CVE.ORG link : CVE-2005-0112

JSON object : View

Products Affected

3com

3crwe454g72

CWE

NVD-CWE-Other

{"id": "CVE-2005-0112", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-04-14T04:00:00.000", "references": [{"url": "http://secunia.com/advisories/13942", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1012958", "source": "cve@mitre.org"}, {"url": "http://www.idefense.com/application/poi/display?id=188&type=vulnerabilities", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/12322", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18994", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs."}, {"lang": "es", "value": "El interfaz administrativo basado en web de 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, y posiblemente versiones anteriores a 1.03.07A, permite a atacantes remotos saltarse la autenticaci\u00f3n y obtener informaci\u00f3n sensible accediendo directamente a las URLs de (1) config.bin, (2) profile.wlp=PN=ggg o (3) event.log."}], "lastModified": "2017-07-11T01:32:06.060", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:3com:3crwe454g72:1.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D20F01F7-4C74-4BD2-891F-B5F1204F3910"}, {"criteria": "cpe:2.3:h:3com:3crwe454g72:1.0.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C47944D-A4CC-4F65-9468-3252A786EB2F"}, {"criteria": "cpe:2.3:h:3com:3crwe454g72:1.0.3.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F5A26FA1-D651-4673-BBE3-60B94F39619A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}