CVE-2001-1291

CRITICAL

3Com PS40 SuperStack II - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-1291. PoCs published by Siberian.

AI-analyzed exploit summary This Perl script exploits CVE-2001-1291 by brute-forcing the telnet login of 3Com hubs due to lack of login attempt restrictions. It reads usernames and passwords from a dictionary file and attempts to authenticate via telnet.

Description

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Siberian · perlremotehardware
https://www.exploit-db.com/exploits/21011

This Perl script exploits CVE-2001-1291 by brute-forcing the telnet login of 3Com hubs due to lack of login attempt restrictions. It reads usernames and passwords from a dictionary file and attempts to authenticate via telnet.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: 3Com hubs and potentially other 3Com network products with telnet-based administration interface
No auth needed
Prerequisites: network access to the target device · telnet service exposed on the target · dictionary file with potential credentials
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6855
Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/196957
Broken Link, Exploit, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/3034

Scores

CVSS v3 9.8
EPSS 0.0724
EPSS Percentile 91.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-307
Status published
Products (1)
3com/superstack_ii_ps_hub_40_firmware
Published Jul 12, 2001
Tracked Since Feb 18, 2026