Búsqueda de    
Vulnerabilidad   
    Buscar 191973 Descripciones CVE y
86218 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.803193
Categoría:Default Accounts
Título:Sitecom WLM-3500 Backdoor Accounts Authentication Bypass vulnerability
Resumen:This host is running Sitecom WLM-3500 Router and is prone to authentication; bypass vulnerability.
Descripción:Summary:
This host is running Sitecom WLM-3500 Router and is prone to authentication
bypass vulnerability.

Vulnerability Insight:
Sitecom WLM-3500 routers contain an undocumented access backdoor that can be
abused to bypass existing authentication mechanisms.

These hard-coded accounts are persistently stored inside the device firmware
image. Despite these users cannot access all the pages of the web interface,
they can still access page '/romfile.cfg', the (clear-text) configuration file
of the device that contains, among the other things, also the password for the
'admin' user. Thus, escalating to administrative privileges is trivial.

Vulnerability Impact:
Successful exploitation will let the remote attacker to access the web
interface of the affected devices using two distinct hard-coded users.

Affected Software/OS:
Sitecom WLM-3500, firmware versions < 1.07

Solution:
Upgrade to Sitecom WLM-3500, firmware versions 1.07 or later.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

CopyrightCopyright (C) 2013 Greenbone Networks GmbH

Esta es sólo una de 86218 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2020 E-Soft Inc. Todos los derechos reservados.