Detections
Analytics

US Robotics Broadband Router 8003 menu.htm Admin Password Disclosure

critical Nessus Plugin ID 12272

Language:

Synopsis

The remote web server is affected by an information disclosure issue.

Description

The remote host appears to be a US Robotics Broadband router.

The device's administrator password is stored as plaintext in a JavaScript function in the file '/menu.htm', which can be viewed by anyone.

Solution

Disable the webserver or filter the traffic to the web server via an upstream firewall.

See Also

https://seclists.org/bugtraq/2004/Jun/116

Plugin Details

Severity: Critical

ID: 12272

File Name: usrobotics_disclosed_password.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 6/11/2004

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Available: true

Exploit Ease: No exploit is required

Reference Information

BID: 10490