| VID |
29091 |
| Severity |
40 |
| Port |
80 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The target host, according to its web interface, appears to be a US Robotics Broadband router.
US Robotics Broadband Router 8003 is a small home/SOHO router which is configured using a HTML interface. This interface, as usual, asks for a password in order to let you view or change configuration parameters. But there is a flaw in the interface which make it disclose the administrative password in the file /menu.htm.
US Robotics Broadband Router 8003 routers running firmware version 1.04 08 transmit a user's password in plain text, when a user logs onto the device's Web interface. When the password is being transmitted, an attacker can read it using a sniffing tool. This flaw would allow a remote attacker to obtain this information and gain unauthorized access to the device to view or modify configuration information.
* References:
http://www.securityfocus.com/archive/1/365445
http://archives.neohapsis.com/archives/bugtraq/2004-06/0109.html
* Platforms Affected:
U.S. Robotics Broadband Router 8003 1.04 08 |
| Recommendation |
No upgrade or patch available as of June 2014.
As a temporary workaround, disable the webserver or restrict access to the administration web interface to only trusted hosts. |
| Related URL |
(CVE) |
| Related URL |
10490 (SecurityFocus) |
| Related URL |
16356 (ISS) |
|
