Multiple Brickcom Devices Authentication Bypass Vulnerability Network Vulnerability

Summary

The remote host is a Brickcom device and it is prone to authentication bypass vulnerability. By requesting the URL '/configfile.dump?action=get' it was possible to dump the config (including username and password) of this device.

References

http://archives.neohapsis.com/archives/secunia/current/0109.html
http://cxsecurity.com/issue/WLB-2013060108
http://packetstormsecurity.com/files/122003
http://seclists.org/fulldisclosure/2013/Jun/84
http://secunia.com/advisories/53767
http://www.osvdb.org/94221
http://www.osvdb.org/94224
http://www.securelist.com/en/advisories/53767
http://xforce.iss.net/xforce/xfdb/84924

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-3689, CVE-2013-3690

CVSS	Base Score: 7.8 AV:N/AC:L/Au:N/C:C/I:N/A:N

Related Vulnerabilities

South River Technologies WebDrive Local Privilege Escalation Vulnerability
ESET Smart Security easdrv.sys Local Privilege Escalation Vulnerability
Mozilla Firefox Chrome Privilege Escalation Vulnerability Aug-09 (Linux)
Mozilla Products 'NoWaiverWrapper' Privilege Escalation Vulnerability (Windows)
Nortel/Bay Networks default password

Take action and discover your vulnerabilities