SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ip3_networks | ip3_netaccess | * |
| ip3_networks | ip3_netaccess_-_hospitality | * |
| ip3_networks | ip3_netaccess_-_wireless_hotspots | * |
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance's command line interface (CLI).
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ip3_networks | ip3_netaccess_75 | 4.0.34 |
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ip3_networks | ip3_netaccess_75 | 4.0.34 |
The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data.
CVSS 2.0
Severity: LOW
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ip3_networks | ip3_netaccess_75 | 4.0.34_firmware |