CVE-2001-0740

3COM OfficeConnect 812 and 840 ADSL Router < 1.1.9 - Denial of Service via Format String Attack

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0740. PoCs published by Sniffer.

AI-analyzed exploit summary This exploit triggers a Denial of Service (DoS) in 3Com OfficeConnect 812/840 ADSL routers by sending a maliciously crafted HTTP request with an overly long string, causing the device to reboot. The PoC includes two modes: a soft reset (HTTP POST to /Forms/adsl_reset) and a hard reset (HTTP GET with a long string).

Description

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Sniffer · cdoshardware

https://www.exploit-db.com/exploits/20847

View Code ZIP pw:eip

This exploit triggers a Denial of Service (DoS) in 3Com OfficeConnect 812/840 ADSL routers by sending a maliciously crafted HTTP request with an overly long string, causing the device to reboot. The PoC includes two modes: a soft reset (HTTP POST to /Forms/adsl_reset) and a hard reset (HTTP GET with a long string).

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: 3Com OfficeConnect 812/840 ADSL Router (firmware unspecified)

No auth needed

Prerequisites: Network access to the router's HTTP interface (port 80)

MITRE ATT&CK