[36970] in bugtraq
Re: 3COM Wireless router (3CRADSL72) information disclosure
daemon@ATHENA.MIT.EDU (mccauley@gmx.net)
Mon Oct 18 12:43:31 2004
Date: Fri, 15 Oct 2004 14:15:43 +0200
From: "mccauley@gmx.net" <mccauley@gmx.net>
To: bugtraq@securityfocus.com
In-Reply-To: <f55d599e041013122636e947f@mail.gmail.com>
Message-Id: <20041015141347.B134.MCCAULEY@gmx.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
> The router gives you a web page with user name, password, primary and
> secondary DNS, default gateway, etc, if you access
> http://[routerIP]/app_sta.stm without athentification of any kind.
>
> Router details:
> Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
> Boot Code Version V1.3d
> Hardware Version 01A
> ADSL Modem Code Version 13.9.38
>
> The password given is the password that you use to connect to the
> internet, not to the router.
Information
Runtime Code Version: v1.00 (Dec 11 2003 22:19:05)
Boot Code Version: V2.25
http://192.168.0.1/app_sta.stm (Works, but no information leak...)
WAN Status: 1
WAN Type: 39
MAC Address: 00-00-00-00-00-00
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
Host Name:
