Summary
The remote host is a Brickcom device and it is prone to authentication bypass vulnerability.
By requesting the URL '/configfile.dump?action=get' it was possible to dump the config (including username and password) of this device.
References
- http://archives.neohapsis.com/archives/secunia/current/0109.html
- http://cxsecurity.com/issue/WLB-2013060108
- http://packetstormsecurity.com/files/122003
- http://seclists.org/fulldisclosure/2013/Jun/84
- http://secunia.com/advisories/53767
- http://www.osvdb.org/94221
- http://www.osvdb.org/94224
- http://www.securelist.com/en/advisories/53767
- http://xforce.iss.net/xforce/xfdb/84924
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2013-3689, CVE-2013-3690 -
CVSS Base Score: 7.8
AV:N/AC:L/Au:N/C:C/I:N/A:N
Related Vulnerabilities