lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 1 Nov 2013 20:00:04 +0200
From: Oz <ozelisyan@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: HOTBOX Multiple Vulnerabilities

Hello,
+------------------------------------------------------------------------------+
| HOTBOX is the leading router/modem appliance of      |
|  HOT Cable communication company in israel.           |
| The Appliance is manufactured by SAGEMCOM         |
| and carries the model name F@st 3184.                     |
+------------------------------------------------------------------------------+
| Title: HOTBOX Multiple Vulnerabilities                         |
+--------------------+---------------------------------------------------------+
| Release Date       | 2013/09/09                                    |
| Researcher         | Oz Elisyan                                     |
+--------------------+---------------------------------------------------------+
| System Affected    | HOTBOX Router/Modem               |
| Versions Affected  | 2.1.11 , possibly earlier                 |
| Related CVE Numbers | CVE-2013-5037, CVE-2013-5038|
| CVE-2013-5220, CVE-2013-5219, CVE-2013-5218,       |
| CVE-2013-5039                                                         |
| Vendor Patched | N/A                                                 |
| Classification     | 0-day                                              |
| Exploits | http://elisyan.com/hotboxDoS.pl,                  |
| http://elisyan.com/hotboxCSRF.html                           |
+--------------------+---------------------------------------------------------+

Vulnerabilities List -
# Default WPS Pin
# Authentication based on IP Address
# DoS via crafted POST
# Path/Directory Traversal
# Script injection via DHCP request
# No CSRF Token

Demo -
http://www.youtube.com/watch?v=CPlT09ZIj48

Thanks

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ