3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.
Max CVSS
5.0
EPSS Score
1.18%
Published
1999-08-12
Updated
2016-10-18
US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 and 3.7.24 does not properly enforce access filters when the "set host prompt" setting is made for a port, which allows attackers to bypass restrictions by providing the hostname twice at the "host: " prompt.
Max CVSS
7.5
EPSS Score
6.27%
Published
1998-05-11
Updated
2016-10-18
Management information base (MIB) for a 3Com SuperStack II hub running software version 2.10 contains an object identifier (.1.3.6.1.4.1.43.10.4.2) that is accessible by a read-only community string, but lists the entire table of community strings, which could allow attackers to conduct unauthorized activities.
Max CVSS
7.5
EPSS Score
1.50%
Published
1999-08-30
Updated
2016-10-18
SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point allow remote attackers to obtain the WEP encryption key by reading it from a MIB when the value should be write-only, via (1) dot11WEPDefaultKeyValue in the dot11WEPDefaultKeysTable of the IEEE 802.11b MIB, or (2) ap128bWepKeyValue in the ap128bWEPKeyTable in the Symbol MIB.
Max CVSS
5.0
EPSS Score
0.56%
Published
2001-07-21
Updated
2022-08-17
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
Max CVSS
5.0
EPSS Score
2.58%
Published
2001-10-18
Updated
2017-10-10
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
Max CVSS
10.0
EPSS Score
1.65%
Published
2001-07-12
Updated
2024-02-09
Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request.
Max CVSS
5.0
EPSS Score
1.19%
Published
2001-09-26
Updated
2008-09-10
Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long commands such as login.
Max CVSS
7.5
EPSS Score
1.75%
Published
2002-06-18
Updated
2008-09-05
3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access restrictions by connecting to an approved port and quickly connecting to the desired port, which is allowed by the router.
Max CVSS
7.5
EPSS Score
0.63%
Published
2002-10-04
Updated
2012-05-12
Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com NBX 4.1.4 allows remote attackers to cause a denial of service (crash) via a long CEL command.
Max CVSS
7.5
EPSS Score
10.88%
Published
2002-12-31
Updated
2017-07-29
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
Max CVSS
5.0
EPSS Score
0.68%
Published
2003-06-16
Updated
2017-07-11
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.
Max CVSS
5.0
EPSS Score
1.04%
Published
2004-08-18
Updated
2017-07-11
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-06
Updated
2017-07-11
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
Max CVSS
7.5
EPSS Score
4.75%
Published
2004-10-13
Updated
2017-07-11
3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode.
Max CVSS
5.0
EPSS Score
2.15%
Published
2004-04-29
Updated
2017-07-11
Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic.
Max CVSS
5.0
EPSS Score
1.22%
Published
2004-12-31
Updated
2017-07-11

CVE-2004-2691

Public exploit
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Max CVSS
7.1
EPSS Score
96.41%
Published
2004-12-31
Updated
2017-07-29
The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.
Max CVSS
5.0
EPSS Score
0.22%
Published
2005-04-14
Updated
2017-07-11
TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
Max CVSS
5.0
EPSS Score
0.33%
Published
2005-05-02
Updated
2017-07-11
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.
Max CVSS
5.0
EPSS Score
0.93%
Published
2005-05-02
Updated
2017-07-11

CVE-2005-0277

Public exploit
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
Max CVSS
5.0
EPSS Score
21.40%
Published
2005-05-02
Updated
2017-07-11
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.
Max CVSS
5.0
EPSS Score
0.93%
Published
2005-05-02
Updated
2017-07-11
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
Max CVSS
7.5
EPSS Score
2.54%
Published
2005-04-27
Updated
2017-07-11
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.
Max CVSS
5.0
EPSS Score
0.30%
Published
2005-09-08
Updated
2011-03-08
Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point before 1.03.12 allows remote attackers to obtain sensitive information via the web interface.
Max CVSS
5.0
EPSS Score
0.19%
Published
2005-07-27
Updated
2008-09-05
40 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!