3Com OfficeConnect ADSL Router Port Address Translation Access Control Bypassing Vulnerability

3Com OfficeConnect ADSL Router Port Address Translation Access Control Bypassing Vulnerability

OfficeConnect ADSL routers are a hardware and switch solution distributed by 3Com.

Under some circumstances, it may be possible for a remote user to gain unauthorized access to information systems behind a 3Com OfficeConnect router. The OfficeConnect does not properly handle PAT, and may allow a remote attacker to connect to arbitrary ports on a system behind a PAT rule.

It has been reported that this issue results when iPAT/iNAT is enabled.