https://www.exploit-db.com/exploits/24681
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200410-015

3Com3CRADSL72是一款无线路由器。3Com3CRADSL72嵌入的WEB服务程序不正确处理URL请求，远程攻击者可以利用这个漏洞获得配置敏感信息，如网络访问密码。提交类似如下URL：http://[target]/app_sta.stm就可以获得设备配置信息，如软件版本号，Internet访问用户名和密码等信息。

source: http://www.securityfocus.com/bid/11408/info

3Com 3CRADSL72 is reported prone to an information disclosure, and an authentication bypass vulnerability. This issue can allow a remote attacker to disclose sensitive information such as the router name, primary and secondary DNS servers, default gateway. Attackers could also reportedly gain administrative access to the router.

If successful, these vulnerabilities can be used to the launch of other attacks against the device and other users on the vulnerable network.

http://www.example.com/app_sta.stm

来源:XF
名称:3com-officeconnect-obtain-info(17723)
链接:http://xforce.iss.net/xforce/xfdb/17723
来源:BID
名称:11408
链接:http://www.securityfocus.com/bid/11408
来源:BUGTRAQ
名称:20041015MoredetailsonBID11408(3com3cradsl72wirelessrouter)
链接:http://www.securityfocus.com/archive/1/378551
来源:BUGTRAQ
名称:20041015Re:3COMWirelessrouter(3CRADSL72)informationdisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109810854031673&w;=2
来源:BUGTRAQ
名称:200410133COMWirelessrouter(3CRADSL72)informationdisclosure
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109778914829901&w;=2