3Com® HomeConnect® Cable Modem Denial of Service
From: Alex S. Harasic (aharasic@terra.cl)Date: 09/26/01
- Previous message: joetesta@hushmail.com: "Vulnerabilities in QVT/Term"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Alex S. Harasic" <aharasic@terra.cl> To: <bugtraq@securityfocus.com> Subject: 3Com® HomeConnect® Cable Modem Denial of Service Date: Wed, 26 Sep 2001 11:19:19 -0400 Message-ID: <POEBJHNJJBFKLBAENHEGOEAJCBAA.aharasic@terra.cl>
INFO:
======================================================
object
class Failure to Handle Exceptional Conditions
remote Yes
local No
vulnerable: 3Com® HomeConnect® Cable Modem External with USB (#3CR29223 --
DISCONTINUED)
Not Tested: (#3CR29223-A -- DISCONTINUED)
DISCUSSION:
======================================================
HomeConnect is and External Cable modem manufactured by 3Com, and
distributed by numerous Cable providers.
A problem has been discovered in the cablemodem firmware that could make it
possible for remote users to deny service to legitimate users of this
network hardware.
This hardware has port 80/TCP wide open for the entire network, letting any
user on the internet to access the homepage that it has in it by default.
The problem occurs when a user reaches this page, and making a request of a
file (Existing or not) of more than 100 Characters. This will cause the
modem to Reset in the best case.
EXPLOIT:
SOLUTION:
Alex S. Harasic
=======================================================
http://target3comcablemodem/
characters)
========================================================
As a workaround for this issue, users can filter port 80 of the Cablemodem
Or else, since this modem is discontinued (they no longer make it) you
should just call
your ISP, tell them about the problem and ask to replace the cablemodem for
a newer one.
aharasic@terra.cl
Relevant Pages
... The Client could not connect to the remote computer. ... Most likely I have to check my firewall ports for cable access - I'll ... I have a T1 connection and a cable modem connection. ...
(microsoft.public.windows.server.sbs)
... The Client could not connect to the remote computer. ... I have a T1 connection and a cable modem connection. ... NIC on your SBS. ...
(microsoft.public.windows.server.sbs)
... The Client could not connect to the remote computer. ... I have a T1 connection and a cable modem connection. ... appropriate NIC on your SBS. ...
(microsoft.public.windows.server.sbs)
... Cable Modem. ... a remote Ip times out... ... Subject: Network connection issue ... Earn cashback on your purchases with Live Search - the search that pays you back! ...
(Fedora)
... My Dad and I use MSN to chat and use Remote ... Assistance. ... cable modem I have tried from Verizon DSL and Adelphia cable modem. ...
(microsoft.public.windowsxp.general)
