TUCoPS :: Network Appliances :: bt1276.txt

Conexant Access Runner DSL Console login bypass vulnerability




A vulnerability has been discovered in the Conexant Access Runner DSL
Console Port 3.21. This vulnerability will let a remote attacker bypass
the login screen and have full admin rights even if admin password is
set. The login bypass works in the following way:



When at login screen you may press any key to get the invalid password,
please try again message. At this point all an attacker has to do is tap
the [ENTER] key to gain access to the main menu of the system with admin
rights. 



This has been found to work on all 3.21 versions. At this time I am not
aware of a fix as I could not get in contact with Conexant about this
issue.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH