Description
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Tamer Sahin · textremotehardware
https://www.exploit-db.com/exploits/21285
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=101318469216213&w=2
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/8124.php
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
http://online.securityfocus.com/advisories/3870
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/4062
Scores
EPSS
0.0709
EPSS Percentile
91.6%
Details
Status
published
Products (7)
hp/advancestack_10base-t_switching_hub_j3200a
a.03.07
hp/advancestack_10base-t_switching_hub_j3201a
a.03.07
hp/advancestack_10base-t_switching_hub_j3202a
a.03.07
hp/advancestack_10base-t_switching_hub_j3203a
a.03.07
hp/advancestack_10base-t_switching_hub_j3204a
a.03.07
hp/advancestack_10base-t_switching_hub_j3205a
a.03.07
hp/advancestack_10base-t_switching_hub_j3210a
a.03.07
Published
May 29, 2002
Tracked Since
Feb 18, 2026