[NEWS] Multiple Vulnerabilities in Gigafast Router (Authentication Bypass, DoS)
From: SecuriTeam (support_at_securiteam.com)
Date: 02/24/05
- Previous message: SecuriTeam: "[NEWS] Barracuda Spam Firewall Mail Relay Restriction Bypassing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: list@securiteam.com Date: 24 Feb 2005 17:17:34 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Multiple Vulnerabilities in Gigafast Router (Authentication Bypass, DoS)
------------------------------------------------------------------------
SUMMARY
<http://www.gigafast.com> GigaFast 10/100 Ethernet router EE400-R is a
DSL\Cable router that contains 4 ports of LAN and a WAN port. It support
DHCP, Multiple IP sharing and a web based interface.
GigaFast Ethernet router contains two vulnerabilities, one that allows to
bypass the authentication mechanism while the other can be used to cause a
DoS.
DETAILS
Vulnerable Systems:
* GigaFast Firmware from 12/07/2004 and possibly prior.
Authentication Bypass Vulnerability:
The router has a login page; however, this may easily be bypassed. To
retrieve the router's backup file, which contains some of the routers
preferences, including the administrator password in plain-text, all he
needs to do is access the following URL:
http://ROUTER-ADDRESS/backup.cfg
If remote administration is enabled, any individual connected to the
Internet would be able to download this configuration file and see the
administrator password. If remote administration has not been enabled only
LAN users would be able to issue such a request.
DoS Vulnerability:
If the DNS proxy option is turned on, it is possible to interrupt the
connection by sending the router a malformed DNS query. Once the router
receives the malformed DNS query, it will not work until a cold boot has
been performed.
This vulnerability can only be triggered from the inside (via the LAN
interface).
ADDITIONAL INFORMATION
The information has been provided by <mailto:gary@pointblanksecurity.com>
Gary H. Jones II.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: SecuriTeam: "[NEWS] Barracuda Spam Firewall Mail Relay Restriction Bypassing"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] Motorola Wireless Router WR850G Authentication Circumvention
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... WR850G Wireless Broadband Router,
is built with both an 802.11g wireless ... enables an attacker to log into the routers web
interface without knowing ... username and password after logging in. ... (Securiteam) - [EXPL] 3Com DSL Router Administrative Interface Long Request DoS
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... OfficeConnect is a router widely
used in the world. ... rebooted due to a flaw in its web administration interface. ...
every LAN user can cause a crash and reboot of the router, ... (Securiteam) - [NEWS] SMC Routers Passwordless Remote Administration
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... SMC broadband routers ship with
remote administration enabled by default ... on their port 1900 on the WAN side of the
router. ... Click "Advanced Setup" then "Status" and write down the router's WAN
IP ... (Securiteam) - [NEWS] Linksys EtherFast Router Denial of Service Attack
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The <The Linksys Instant
Broadband EtherFast Cable/DSL Firewall Router ... An attacker could specify a URL that
results in denial of service. ... (Securiteam) - [NEWS] NetworkEverywhere Router Model NR041 Script Injection via DHCP
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Everywhere NR041 Cable/DSL 4-port
router "connects multiple PCs to your ... malicious script code can be ...
The code for such an HTML file is ... (Securiteam)
