<<< Date Index >>>     <<< Thread Index >>>

Re: 3COM Wireless router (3CRADSL72) information disclosure




> The router gives you a web page with user name, password, primary and
> secondary DNS, default gateway, etc, if you access
> http://[routerIP]/app_sta.stm without athentification of any kind.
> 
> Router details:
>    Runtime Code Version       1.05 (Jan 27 2004 14:58:25)
>    Boot Code Version  V1.3d
>    Hardware Version   01A
>    ADSL Modem Code Version    13.9.38
> 
> The password given is the password that you use to connect to the
> internet, not to the router.

Information 
Runtime Code Version:   v1.00 (Dec 11 2003 22:19:05) 
Boot Code Version:   V2.25 

http://192.168.0.1/app_sta.stm  (Works, but no information leak...)

WAN Status: 1
WAN Type: 39
MAC Address: 00-00-00-00-00-00
IP Address: 0.0.0.0
Subnet Mask: 0.0.0.0
Default Gateway: 0.0.0.0
Host Name: