Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
References
Link | Resource |
---|---|
http://online.securityfocus.com/advisories/3870 | Patch Vendor Advisory |
http://www.securityfocus.com/bid/4062 | Exploit Vendor Advisory |
http://www.iss.net/security_center/static/8124.php | Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=101318469216213&w=2 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2002-05-28 21:00
Updated : 2016-10-17 19:17
NVD link : CVE-2002-0250
Mitre link : CVE-2002-0250
JSON object : View
CWE
Products Affected
hp
- advancestack_10base-t_switching_hub_j3200a
- advancestack_10base-t_switching_hub_j3202a
- advancestack_10base-t_switching_hub_j3201a
- advancestack_10base-t_switching_hub_j3210a
- advancestack_10base-t_switching_hub_j3204a
- advancestack_10base-t_switching_hub_j3205a
- advancestack_10base-t_switching_hub_j3203a