Release date: 2012-03-21
Updated on: 2012-03-22
Affected Systems:
Lg-Ericsson ELO GS24M
Description:
--------------------------------------------------------------------------------
Bugtraq id: 52665
LG-Nortel ELO GS24M is a 24-port 10/100/1000Mbps Gigabit Ethernet switch.
Multiple vulnerabilities exist in the implementation of the LG-Nortel ELO GS24M switch network management interface. verification can be bypassed by directly accessing the URL of the configured network page, the credential is stored in plain text on the current device configuration page, causing information leakage. Remote unauthenticated attackers can operate and configure the device as administrator.
<* Source: Christopher Campbell
Link: http://www.kb.cert.org/vuls/id/523027
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Lg-Ericsson
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.lgericsson.com/index.html