CVE-2012-2974 - Partitive Asskiss

Description

The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/ (2) system/ (3) ports/ (4) trunks/ (5) vlans/ (6) qos/ (7) rstp/ (8) dot1x/ (9) security/ (10) igmps/ or (11) snmp/.

Reference

http://www.kb.cert.org/vuls/id/377915 http://www.securitytracker.com/id?1027285