lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 30 Nov 2015 23:51:40 +0200 From: "MustLive" <mustlive@...security.com.ua> To: <submissions@...ketstormsecurity.org>, <fulldisclosure@...lists.org> Subject: [FD] BF and CE vulnerabilities in ASUS RT-G32 Hello list! There are Brute Force та Code Execution vulnerabilities in ASUS Wireless Router RT-G32. After previous Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G32 with firmware versions 2.0.2.6 and 2.0.3.2. ---------- Details: ---------- Brute Force (WASC-11): http://site There are no protection against BF attacks. Code Execution (OS Commanding) (WASC-31): In section System Command it's possible to execute system commands. The code also can be executed via CSRF attack. http://site/Main_AdmStatus_Content.asp cat /proc/version I found this and other routers in 2014-2015 to take control over terrorists in Crimea, Donetsk and Lugansks regions of Ukraine. Read about it in list (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-November/009125.html). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7663/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists