3com 3cp4144 Security Vulnerabilities

5 Vulnerabilities

Description
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability. Impacted versions: * Base Score: 5.0, Severity: MEDIUM, ID: CVE-2001-0740, Last Modified: 2017-10-10T01:29:00Z References Exploit Exploit Exploit Exploit Exploit
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass. Impacted versions: , 1.1.9.4 Base Score:* 10.0, Severity: HIGH, ID: CVE-2004-0477, Last Modified: 2017-07-11T01:30:00Z References Patch Patch Patch Patch
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port. Impacted versions: 1.1.9.4, * Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0476, Last Modified: 2017-07-11T01:30:00Z References Vendor Advisory Vendor Advisory
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets. Impacted versions: 1.1.7 Base Score: 5.0, Severity: MEDIUM, ID: CVE-2003-0291, Last Modified: 2017-07-11T01:29:00Z References Patch Patch
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router. Impacted versions: 1.1.9, 1.1.7 Base Score: 7.5, Severity: HIGH, ID: CVE-2002-0888, Last Modified: 2012-05-12T01:16:00Z References Vendor Advisory Patch Patch

Description

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.

Impacted versions: *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2001-0740, Last Modified: 2017-10-10T01:29:00Z

References

Exploit Exploit Exploit Exploit Exploit

Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.

Impacted versions: *, 1.1.9.4

Base Score: 10.0, Severity: HIGH, ID: CVE-2004-0477, Last Modified: 2017-07-11T01:30:00Z

References

Patch Patch Patch Patch

Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.

Impacted versions: 1.1.9.4, *

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2004-0476, Last Modified: 2017-07-11T01:30:00Z

References

Vendor Advisory Vendor Advisory

3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.

Impacted versions: 1.1.7

Base Score: 5.0, Severity: MEDIUM, ID: CVE-2003-0291, Last Modified: 2017-07-11T01:29:00Z

References

Patch Patch

3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.

Impacted versions: 1.1.9, 1.1.7

Base Score: 7.5, Severity: HIGH, ID: CVE-2002-0888, Last Modified: 2012-05-12T01:16:00Z

References

Vendor Advisory Patch Patch

USAGE: Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.