Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5419

The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.

Published

2007-10-12T21:17:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-16

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	3com	3crwe554g72t	3crwer100-75	Yes

References

http://osvdb.org/43657 ([email protected])
http://securityreason.com/securityalert/3217 ([email protected])
http://www.securityfocus.com/archive/1/481977/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/26009 ([email protected])
http://osvdb.org/43657 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/3217 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/481977/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26009 (af854a3a-2127-422b-91ae-364da2661108)