Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » 3Com OfficeConnect 812 DSL Router DoS Vulnerability

3Com OfficeConnect 812 DSL Router DoS Vulnerability

by Majik on September 27th, 2001 OfficeConnect 812 is a DSL router manufactured by 3Com, and distributed by numerous DSL providers. OfficeConnect 812 is an integrated ADSL router with an onboard 4 port switch.


A problem has been discovered in the router firmware that could make it possible for remote users to deny service to legitimate users of networks serviced by the router.





During normal operation, if a user requests an HTTP connection to a 3com DSL router, they're presented with a prompt for authentication. Upon failing to authenticate, the user is sent a page displaying an image of the 3com logo.





The problem occurs in a user reaching this page, and requesting the name of the 3com image appended with a long string. The 3com image file can be viewed via directory http://3com.router/graphics/sml3com. However, upon appending a long string to the sml3com image name, the router becomes unstable, and power-cycles itself to resume normal operation.





The occurance of this can create a Denial of Service to networks serviced by this router.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »