lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000e01c4b2e0$af3a2ba0$0f02a8c0@rci3>
Date: Fri, 15 Oct 2004 19:59:05 +0200
From: "Ivan Casado" <casadoi@...com>
To: <bugtraq@...urityfocus.com>
Subject: More details on BID 11408 (3com 3cradsl72 wireless router)


Hi,

I'm writing regarding BID 11408. I have this router at home for my ADSL
connection. The software versions of my router are:

   Runtime Code Version 1.05 (Jan 27 2004 14:58:25) 
   Boot Code Version V1.3d 
   Hardware Version 01A 
   ADSL Modem Code Version 13.9.38 


(taken from http://192.168.2.1/index.stm)

Under this environment I describe the URL http://192.168.2.1/app_sta.stm
described in this BID not only discloses some critical information. After I
accessed this URL I could access the rest of the administrative web
interface of the router and view/change any parameter (WEP keys, IP
addresssing, firewall rules, dhcp server configuration....). After I access
this URL the router considers that I´m authenticated.

The router allows to configure if the router can be administered from the
external interface (internet). As a workarround users should turn off this
option. This restricts the vulnerability to internal only users, then
considering that this is a Wireless router the highest level of protection
should be used in the wireless configuration. I recommend using WPA-PSK and
deactivating the ESSID Broadcast option.

Kind regards,
Ivan Casado Ruiz




Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ