Vigil@nce: 3Com OfficeConnect, denial of service
December 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
An attacker can send a malformed HTTP query, in order to stop the
3Com OfficeConnect ADSL Wireless 11g Firewall Router product.
Severity: 1/4
Consequences: denial of service of service
Provenance: intranet client
Means of attack: 1 attack
Ability of attacker: technician (2/4)
Confidence: unique source (2/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/12/2009
IMPACTED PRODUCTS
– 3Com OfficeConnect modem
DESCRIPTION OF THE VULNERABILITY
The 3Com OfficeConnect ADSL Wireless 11g Firewall Router product
has a web administration interface, which requires an HTTP
authentication:
Authorization: Basic base64(login:pass)
However, if an attacker uses an authentication method different
from Basic, the router stops.
An attacker can therefore send a malformed HTTP query, in order to
stop the 3Com OfficeConnect ADSL Wireless 11g Firewall Router
product.
CHARACTERISTICS
Identifiers: BID-37421, VIGILANCE-VUL-9309
http://vigilance.fr/vulnerability/3Com-OfficeConnect-denial-of-service-9309