Ok.... It's Internal/External... ish....

Hi,

I'm writing regarding BID 11408. I have this router at home for my ADSL
connection. The software versions of my router are:

Runtime Code Version 1.05 (Jan 27 2004 14:58:25)
Boot Code Version V1.3d
Hardware Version 01A
ADSL Modem Code Version 13.9.38

(taken from http://192.168.2.1/index.stm)

Under this environment I describe the URL http://192.168.2.1/app_sta.stm
described in this BID not only discloses some critical information. After I
accessed this URL I could access the rest of the administrative web
interface of the router and view/change any parameter (WEP keys, IP
addresssing, firewall rules, dhcp server configuration....). After I access
this URL the router considers that I´m authenticated.

The router allows to configure if the router can be administered from the
external interface (internet). As a workarround users should turn off this
option. This restricts the vulnerability to internal only users, then
considering that this is a Wireless router the highest level of protection
should be used in the wireless configuration. I recommend using WPA-PSK and
deactivating the ESSID Broadcast option.

Kind regards,
Ivan Casado Ruiz
So... The upshot is that if you allow your router to be administered through the WAN port anyone can own the router and anyone connecting via wireless owns your router anyway. As Ivan says.... Turn off remote administration until 3COM issue the fix..... and use WPA at a minimum.....

This is a damn huge hole IMO....