It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.


The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device.

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

Exploit: The following example was provided:
http://host/security/web_access.html

Remote: Yes