Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13512
HistoryJul 13, 2006 - 12:00 a.m.

[SA20982] BT Voyager 2091 Wireless Exposure of Configuration Information

2006-07-1300:00:00
vulners.com
10
JSON

Hardcore Disassembler / Reverse Engineer

Reversing must be a passion as your skills will be challenged
on a daily basis and you will be working several hours
everyday in IDA, Ollydbg, and with BinDiff. Often, it is also
required that you write a PoC or even a working exploit to
prove that an issue is exploitable.

http://secunia.com/hardcore_disassembler_and_reverse_engineer/

TITLE:
BT Voyager 2091 Wireless Exposure of Configuration Information

SECUNIA ADVISORY ID:
SA20982

VERIFY ADVISORY:
http://secunia.com/advisories/20982/

CRITICAL:
Less critical

IMPACT:
Exposure of system information, Exposure of sensitive information

WHERE:
>From local network

OPERATING SYSTEM:
BT Voyager 2091 Wireless
http://secunia.com/product/10969/

DESCRIPTION:
pagvac has reported two security issues in BT Voyager 2091 Wireless,
which can be exploited by malicious people to disclose potentially
sensitive information.

The problem is caused due to missing authentication checks when
accessing the "psiBackupInfo" and "connect.html" files. This can be
exploited to disclose certain configuration information and PPP user
credentials.

The security issues have been reported in firmware versions
2.21.05.08m_A2pB018c1.d16d and 3.01m. Other versions may also be
affected.

SOLUTION:
Filter traffic to affected devices.

PROVIDED AND/OR DISCOVERED BY:
pagvac

ORIGINAL ADVISORY:
http://ikwt.dyndns.org/projects/btvoyager-getconfig.txt

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

JSON