https://www.exploit-db.com/exploits/21285
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200205-056

HPAdvanceStack10Base-T交换Hub组合了10Base-T功能和交换特性。HPAdvanceStack10Base-T交换Hub存在漏洞，一个非特权的用户可能绕过验证直接访问管理web页面。由于没有限制未授权用户对”/security/web_access.html的访问”，攻击者可以直接访问上述页面修改设备的超级用户口令，以及以管理员权限访问设备。另外，所有的验证信息将暴露给攻击者。

source: http://www.securityfocus.com/bid/4062/info

HP AdvanceStack 10Base-T Switching Hubs combine 10Base-T functionality with the performance of switching.

It has been reported that authentication for HP J3210A 10Base-T Switching Hubs may be bypassed by an unprivileged user who accesses one of the administrative web pages directly.

The attacker may allegedly change the superuser password of the device via this interface and gain access to the administrative facilities of the device. Additionally, authentication credentials are disclosed to the attacker.

*Reportedly, the password is stored in plain text and can be revealed by viewing the source of the web page. 

http://host/security/web_access.html

来源:XF
名称:hp-advancestack-bypass-auth(8124)
链接:http://www.iss.net/security_center/static/8124.php
来源:HP
名称:HPSBUX0202-185
链接:http://online.securityfocus.com/advisories/3870
来源:BID
名称:4062
链接:http://www.securityfocus.com/bid/4062
来源:BUGTRAQ
名称:20020208HewlettPackardAdvanceStackSwitchManagmentAuthenticationBypassVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=101318469216213&w;=2