nb1300 router - default settings expose password

From: denote (denote@freemail.com.au)
Date: 04/15/03

  • Next message: Martin Schulze: "[SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato)"
    Date: 15 Apr 2003 00:34:13 -0000
    From: denote <denote@freemail.com.au>
    To: bugtraq@securityfocus.com
    
    
    ('binary' encoding is not supported, stored as-is)

    _____________________________________________
    Buqtraq post

    Vendor: Netcomm Australia

    www.netcomm.com.au

    Netcomm, Vulnerability in FTP server

    NB 1300 modem/router

    Affected firmware: all known versions

    ______________________________________________

    Description and Background:

    The NB1300 has by default the ftp server (VxWorks (5.4.1)) exposed to the
    WAN interface.
    The default password is often not changed by the User.
    User: admin Password: password
    When connection is made to the ftp server the routers core system
    Files are exposed to the admin account.
    Perform a simple "get config.reg" and the username and password
    Of the account are given in clear text.

    _______________________________________________

    Impact:

    1.
    The username and password may be used to access the users
    Account details, collect their email, use the data available to them
    Etc...
    2. (untested) The system files of the VxWorks (5.4.1) OS may be modified
    or deleted
    to impact a denial of service, rendering device useless.

    _______________________________________________

    Fix: disable the ftp WAN access and/or change
    Admin account details.

    _______________________________________________

    Recommendations:
    Vendor to supply product with interface disabled by default
    _______________________________________________
    Vendor:

    Has been notified 04/03/2003
    No response received
    _______________________________________________

    denote@freemail.com.au


  • Next message: Martin Schulze: "[SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato)"

    Relevant Pages

    • [NT] FTPServer/X Response Buffer Overflow Vulnerability
      ... to promote the most advanced vulnerability assessment solutions today. ... has been identified in FTPServer/X, which can be exploited by malicious ... * FTPServer/X - FTP Server Control and COM Object version 1.00.046 ... 11/04/2003 - Vendor notified. ...
      (Securiteam)
    • [NT] Cerberus FTP Server Stores Password in the Clear
      ... Cerberus FTP Server ... Vendor has been informed, ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
      (Securiteam)
    • Windows FTP Server Format String Vulnerability
      ... Windows FTP Server Format String Vulnerability ... Vendor: ...
      (Bugtraq)
    • [VulnWatch] Windows FTP Server Format String Vulnerability
      ... Windows FTP Server Format String Vulnerability ... Vendor: ...
      (VulnWatch)
    • FTP Server security
      ... About a year ago I set up my FTP server on ... For about a year I set up the ability for anonymous users ... I now want to add another account, ... Documents" section of my admin account. ...
      (microsoft.public.windowsxp.security_admin)