Tal vez me equivoque pero me parece que esta vulnerabilidad no es tal, sino que alguien no se ha leido los manuales.
El router 3com tiene una caracteristica llamada 'intelligent-NAT' hasta la version 1.1.9 o 'intelligent-PAT' a partir de esa version. Esta caracteristica (activada por defecto) aparece documentada en la version 2.0 del manual del CLI :
Enabled by default, Intelligent PAT provides a “best guess” as to where an incoming packet should be delivered when:
* A default PAT destination address has not been configured for a receiving (LAN) workstation
* Static TCP or UDP ports have not been configured
Intelligent PAT bases this “best guess” on an analysis of recent communication between the following:
* This remote workstation (the workstation sending this non-addressed packet from the WAN side of the OCR 812)
* Private workstations (on the LAN side of the OCR 812) that recently transmitted outgoing packets to this remote workstation
Upon completion of the “best guess” analysis, Intelligent PAT forwards the packet to the last LAN workstation to transmit a packet to this remote workstation.
Please also note the following:
* The “best guess” LAN workstation will continue to receive all non-addressed packets sent by this remote workstation until and unless a new (different) communication pattern is detected by Intelligent PAT.
* When a new communication pattern is detected, Intelligent PAT makes a new “best guess”, with the following results:
- Intelligent PAT begins to forward all non-addressed packets sent by the remote workstation to the newly chosen “best guess” LAN workstation.
- The LAN workstation previously selected to receive all non-addressed packets from the remote workstation no longer receives them.
Use the following command to configure Intelligent PAT:
set vc name intelligent_pat_option enable
set vc name intelligent_pat_option disable