CVE-2003-0291
CVE-2003-0291 is a medium-severity vulnerability in 3com 3cp4144 with a CVSS 2.0 base score of 5.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 2.0 base score 5.0)
- EPSS exploit prediction: 2% (72nd percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: 3com 3cp4144
- Published:
- Last modified:
Description
3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
Frequently asked questions
- What is CVE-2003-0291?
- 3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clear memory from DHCP responses, which allows remote attackers to identify the contents of previous HTTP requests by sniffing DHCP packets.
- How severe is CVE-2003-0291?
- CVE-2003-0291 has a CVSS 2.0 base score of 5.0, rated medium severity.
- Is CVE-2003-0291 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (72nd percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2003-0291?
- CVE-2003-0291 affects 3com 3cp4144. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2003-0291?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2003-0291 published?
- CVE-2003-0291 was published on 2003-06-16 and last updated on 2026-06-16.
References
- http://marc.info/?l=bugtraq&m=105292451702516&w=2
- http://marc.info/?l=bugtraq&m=105301488426951&w=2
- http://nautopia.coolfreepages.com/vulnerabilidades/3com812_dhcp_leak.htm
- http://www.securityfocus.com/bid/7592
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11999
Affected products (1)
- cpe:2.3:h:3com:3cp4144:1.1.7:*:*:*:*:*:*:*
More vulnerabilities in 3com 3cp4144
- CVE-2004-0477 — Critical (CVSS 10.0): Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via…
- CVE-2002-0888 — High (CVSS 7.5): 3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, allows remote attackers to bypass port access…
- CVE-2004-0476 — Medium (CVSS 5.0): Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of…
- CVE-2001-0740 — Medium (CVSS 5.0): 3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote…