***Heads Up**** 3COM Wireless router (3CRADSL72)

Just on BugTraq:-

Quote:

The router gives you a web page with user name, password, primary and
secondary DNS, default gateway, etc, if you access
http://[routerIP]/app_sta.stm without athentification of any kind.

Router details:
Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
Boot Code Version V1.3d
Hardware Version 01A
ADSL Modem Code Version 13.9.38

The password given is the password that you use to connect to the
internet, not to the router.
--
karb0noxyde

Turning it off when you aren't using it would be the only mitigation technique available at present.

that would be an internal vulnerability ...one would hope!

As of now I can find nothing about this but it came over BugTraq yesterday and arrived in my inbox at 5:17pm EST.

Ok.... It's Internal/External... ish....

Quote:

Hi,

I'm writing regarding BID 11408. I have this router at home for my ADSL
connection. The software versions of my router are:

Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
Boot Code Version V1.3d
Hardware Version 01A
ADSL Modem Code Version 13.9.38

(taken from http://192.168.2.1/index.stm)

Under this environment I describe the URL http://192.168.2.1/app_sta.stm
described in this BID not only discloses some critical information. After I
accessed this URL I could access the rest of the administrative web
interface of the router and view/change any parameter (WEP keys, IP
addresssing, firewall rules, dhcp server configuration....). After I access
this URL the router considers that I´m authenticated.

The router allows to configure if the router can be administered from the
external interface (internet). As a workarround users should turn off this
option. This restricts the vulnerability to internal only users, then
considering that this is a Wireless router the highest level of protection
should be used in the wireless configuration. I recommend using WPA-PSK and
deactivating the ESSID Broadcast option.

Kind regards,
Ivan Casado Ruiz

So... The upshot is that if you allow your router to be administered through the WAN port anyone can own the router and anyone connecting via wireless owns your router anyway. As Ivan says.... Turn off remote administration until 3COM issue the fix..... and use WPA at a minimum.....

This is a damn huge hole IMO....