CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

3com : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2008-6395 134 DoS 2009-03-04 2009-03-13
7.8
None Remote Low Not required None None Complete
The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g PoE Access Point allows remote attackers to cause a denial of service (device crash) via a malformed HTTP POST request.
2 CVE-2007-5420 200 +Info 2007-10-12 2008-11-15
2.6
None Remote High Not required None None Partial
The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote management is disabled but a web server has been configured, serves a web page to external clients, which might allow remote attackers to obtain information about the router's existence and product details.
3 CVE-2007-5419 16 2007-10-12 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
4 CVE-2007-3711 2007-07-11 2012-11-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x before 2.5.2 on TippingPoint IPS allows remote attackers to avoid detection by sending certain fragmented packets.
5 CVE-2007-3701 2007-07-11 2012-11-05
7.5
None Remote Low Not required Partial Partial Partial
TippingPoint IPS before 20070710 does not properly handle a hex-encoded alternate Unicode '/' (slash) character, which might allow remote attackers to send certain network traffic and avoid detection, as demonstrated by a cmd.exe attack.
6 CVE-2007-3533 DoS 2007-07-03 2008-11-15
5.0
None Remote Low Not required None None Partial
The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.
7 CVE-2007-2734 2007-05-16 2008-11-15
7.5
User Remote Low Not required Partial Partial Partial
The 3Com TippingPoint IPS do not properly handle certain full-width and half-width Unicode character encodings in an HTTP POST request, which might allow remote attackers to evade detection of HTTP traffic.
8 CVE-2007-2276 399 DoS 2007-04-25 2010-12-15
7.8
None Remote Low Not required None None Complete
** DISPUTED ** 3Com TippingPoint IPS allows remote attackers to cause a denial of service (device hang) via a flood of packets on TCP port 80 with sequentially increasing source ports, related to a "badly written loop." NOTE: the vendor disputes this issue, stating that the product has "performed as expected with no DoS emerging."
9 CVE-2006-6183 119 DoS Exec Code Overflow 2006-11-30 2011-09-06
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
10 CVE-2006-5382 2006-10-25 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and earlier, allow remote attackers to read the SNMP Read-Write Community string and conduct unauthorized actions via unspecified "normally restricted management packets on the device" that cause the community string to be returned.
11 CVE-2006-3974 XSS 2007-06-11 2008-11-15
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com OfficeConnect Secure Router with firmware 1.04-168 allows remote attackers to inject arbitrary web script or HTML via the tk parameter.
12 CVE-2006-3678 DoS 2006-07-26 2008-09-05
5.0
None Remote Low Not required None None Partial
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet.
13 CVE-2006-2054 DoS 2006-04-26 2008-09-05
5.0
None Remote Low Not required None None Partial
3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets.
14 CVE-2006-0993 +Info 2006-05-09 2008-09-05
5.0
None Remote Low Not required Partial None None
The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings.
15 CVE-2006-0362 DoS 2006-01-22 2008-09-05
5.0
None Remote Low Not required None None Partial
TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving an HTTP request with a negative number in the Content-Length header.
16 CVE-2005-2391 +Info 2005-07-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface.
17 CVE-2005-2020 Dir. Trav. 2005-09-08 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.
18 CVE-2005-0419 Exec Code Overflow 2005-04-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
19 CVE-2005-0278 2005-05-02 2008-09-05
5.0
None Remote Low Not required Partial None None
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
20 CVE-2005-0277 DoS Exec Code Overflow 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
21 CVE-2005-0276 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.
22 CVE-2005-0275 DoS 2005-05-02 2008-09-05
5.0
None Remote Low Not required None None Partial
TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
23 CVE-2005-0112 Bypass +Info 2005-04-14 2008-09-05
5.0
None Remote Low Not required Partial None None
The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.
24 CVE-2004-2691 DoS 2004-12-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
25 CVE-2004-2457 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.
26 CVE-2004-1977 DoS 2004-04-29 2008-09-05
5.0
None Remote Low Not required None None Partial
3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode.
27 CVE-2004-1596 2004-10-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
28 CVE-2004-0477 Bypass 2004-12-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.
29 CVE-2004-0476 DoS Overflow 2004-08-18 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.
30 CVE-2003-0291 2003-06-16 2008-09-05
5.0
None Remote Low Not required Partial None None
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
31 CVE-2002-2300 119 DoS Overflow 2002-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
32 CVE-2002-0888 Bypass 2002-10-04 2012-05-11
7.5
User Remote Low Not required Partial Partial Partial
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.
33 CVE-2002-0606 DoS Exec Code Overflow 2002-06-18 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.
34 CVE-2001-1293 DoS Overflow 2001-09-26 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
35 CVE-2001-1291 2001-07-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
36 CVE-2001-0740 DoS 2001-10-18 2008-09-05
5.0
None Remote Low Not required None None Partial
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
37 CVE-2001-0352 2001-07-21 2008-09-10
5.0
None Remote Low Not required Partial None None
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
38 CVE-1999-1513 1999-08-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
39 CVE-1999-1389 Bypass 1998-05-11 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.
40 CVE-1999-1336 DoS 1999-08-12 2008-09-05
5.0
None Remote Low Not required None None Partial
3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.
Total number of vulnerabilities : 40   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.