3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass

====================================================
3Com OfficeConnect Wireless Cable/DSL Router Authentication Bypass

Original Advisory:
http://www.ikkisoft.com/stuff/LC-2008-05.txt

luca.carettoni[at]ikkisoft[dot]com
====================================================

An unauthenticated user may directly invoke the "SaveCfgFile" CGI program and
easily download the system configuration containing configuration information,
users, passwords, wifi keys and other sensitive information.

http://<IP>/SaveCfgFile.cgi

# milw0rm.com [2009-02-09]