[Full-Disclosure] Re: backdoor menu on conexant chipset dsl router (Zoom X3)

From: Adam Laurie (adam_at_algroup.co.uk)
Date: 07/08/04

  • Next message: Sapheriel: "RE: [Full-Disclosure] How big is the danger of IE?" 
    To: duke_skillz@sapo.pt
Date: Thu, 08 Jul 2004 12:33:50 +0100

    duke_skillz@sapo.pt wrote:
    > Citando Adam Laurie <adam@algroup.co.uk>:
    >
    >
    >>i have just installed an adsl modem sold under the brand of Zoom X3
    >>
    >> http://www.zoom.com/products/adsl_overview.html
    >>
    >>and was apalled to find that an nmap scan of the external address
    >>immediately came up with the following:
    >>
    >> PORT STATE SERVICE
    >> 23/tcp open telnet
    >> 80/tcp open http
    >> 254/tcp open unknown
    >> 255/tcp open unknown

    [ snip ]

    > Someone please correct me if im wrong but i found reports of this issue that go
    > back to October 2003 ( http://www.securityfocus.com/bid/8765/ ) from reasearch
    > i found that the prob is in the Conexant CX82310-14 chipset with firmware
    > 3.21...

    this is a completely different problem. full details here:

       http://www.securityfocus.com/archive/1/340248

    however, it seems the open ports problem been known about since at least
    May as i've now found reference to it here:

       http://www.adslguide.org.uk/newsarchive.asp?item=1657

    cheers,
    Adam 

    -- 
Adam Laurie                   Tel: +44 (20) 8742 0755
A.L. Digital Ltd.             Fax: +44 (20) 8742 5995
The Stores                    http://www.thebunker.net
2 Bath Road                   http://www.aldigital.co.uk
London W4 1LT                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
  • Next message: Sapheriel: "RE: [Full-Disclosure] How big is the danger of IE?"