Vulnerability Description
The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the user selects other options, which might expose the router to unintended incoming traffic from remote attackers, as demonstrated by setting up a virtual server on port 80, which allows remote attackers to access the web management interface.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 3Com | 3Crwe554G72T | 3crwer100-75 |
Related Weaknesses (CWE)
References
- http://osvdb.org/43657
- http://securityreason.com/securityalert/3217
- http://www.securityfocus.com/archive/1/481977/100/0/threaded
- http://www.securityfocus.com/bid/26009
- http://osvdb.org/43657
- http://securityreason.com/securityalert/3217
- http://www.securityfocus.com/archive/1/481977/100/0/threaded
- http://www.securityfocus.com/bid/26009
FAQ
What is CVE-2007-5419?
CVE-2007-5419 is a vulnerability with a CVSS score of 10.0 (HIGH). The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an optional virtual server, configures this server to accept all source IP addresses on the external (Internet) interface unless the ...
How severe is CVE-2007-5419?
CVE-2007-5419 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-5419?
Check the references section above for vendor advisories and patch information. Affected products include: 3Com 3Crwe554G72T.