CVE-2008-1252 Information

Description

b_banner.stm (aka the login page) on the Deutsche Telekom Speedport W500 DSL router allows remote attackers to obtain the logon password by reading the pwd field in the HTML source.

Reference

http://secunia.com/advisories/29414 http://www.gnucitizen.org/projects/router-hacking-challenge/ http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28382 https://exchange.xforce.ibmcloud.com/vulnerabilities/41128