RE: exploiting printers, home routers & smb routers

From: Nick Iglehart (ncoastpub2@clevelandcomputing.com)
Date: 08/22/02 

From: "Nick Iglehart" <ncoastpub2@clevelandcomputing.com>
To: <vuln-dev@securityfocus.com>
Date: Thu, 22 Aug 2002 10:50:41 -0700

The problem with trying to change the firmware form the outside is that the
routers only allow firmware changes from the internal interface. Spoofing
probably won't work since the packet shouldn't get passed any farther.

-----Original Message-----
From: hellNbak [mailto:hellnbak@nmrc.org]
Sent: Thursday, August 22, 2002 9:56 AM
To: chrisd@cissmb.pointclark.net
Cc: vuln-dev@securityfocus.com; fx@phenoelit.de
Subject: Re: exploiting printers, home routers & smb routers

Sure why not. If you are able to remotely get a firmware on to a Linksys
box you can have fun. I seem to remember (does anyone know for sure??)
that the very first firmware on the Linksys DSL routers had a bit of an
issue that has been fixed but how many users of these devices actually
upgrade them? The target market is the home and small office guys who
might not know enough to be updating things.

On Thu, 22 Aug 2002 chrisd@cissmb.pointclark.net wrote:

> Date: Thu, 22 Aug 2002 11:09:06 -0400 (EDT)
> From: chrisd@cissmb.pointclark.net
> To: vuln-dev@securityfocus.com
> Cc: fx@phenoelit.de
> Subject: exploiting printers, home routers & smb routers
>
> I read the black hat presentation on exploiting printers:
>
>
http://www.blackhat.com/presentations/bh-usa-02/bh-us-02-phenoelit-network.p
df
>
> , good stuff & a real eye opener!
>
> I started thinking ..., I'm no hardware expert but couldn't this be
> modified & applied to all the home & small business routers ??? (linksys,
> smc, d-link, etc ...)
>
> As we all know so many of them are:
>
> - can be configured through a web interface
> - their default config is not changed
> - are accessible through inet (lack of config)
> - keep their default accounts (lack of config)
> - new firmware can be uploaded
>
> My question, could something similar to exploiting printers be done to
> routers or would the hardware be totally incompatible ?
>
> ch,
>
> 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@nmrc.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Relevant Pages

  • Re: exploiting printers, home routers & smb routers
    ... If you are able to remotely get a firmware on to a Linksys ... home routers & smb routers ... > - are accessible through inet (lack of config) ...
    (Vuln-Dev)
  • Re: exploiting printers, home routers & smb routers
    ... > - are accessible through inet (lack of config) ... But Netgear RPXXX series routers ... and default SNMP communities. ... could something similar to exploiting printers be done to ...
    (Vuln-Dev)
  • Re: ADSL interface attenuation
    ... Zyxel routers can do time-based access rules. ... Getting a DSL ... until the firmware was changed. ... the IOS and is a free download. ...
    (comp.dcom.sys.cisco)
  • Re: Why are Cisco routers so expensive? - oh, and fiber-optics. Why not?
    ... As do several other "domestic" routers, ... I suspect your right about the dodgy components, I think my one has dodgy ... locking up earlier this year, mostly when I tried to access the web interface, ... I noticed while examining the firmware, ...
    (uk.telecom.broadband)
  • Re: ADSL interface attenuation
    ... I didn't know that Zyxel routers do have a "time range based ACL" ... informations I found on Cisco docs. ... My DSL firmware is 3.0.014; It's the release embedded with my IOS. ...
    (comp.dcom.sys.cisco)