lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041026160824.14904.qmail@www.securityfocus.com>
Date: 26 Oct 2004 16:08:24 -0000
From: Marcus Garvey <dartroller@....scientist.com>
To: bugtraq@...urityfocus.com
Subject: Hawking Technologies HAR11A router considered insecure




The Hawking Technologies HAR11A modem//router is shipped insecure.  It
suffers from the infamous Conexant security hole (
http://www.chiark.greenend.org.uk/~theom/security/origo.html ). You can
find lots of references to this in a google search for "conexant port
254". 

You can see the Hawking Technologies HAR11A (picture:
http://www.hawkingtech.com/images/productlg/HAR11%20View.jpg ) security
hole by using telnet(1) to connect to port 254 on it. When you do, you
will find an undocumented management interface which allows you to see
connection statistics without a password. Visible menu choices on the
interface also allegedly allow  you to change parameters on the router,
but I don't know if they actually work without a password, or if the
password used here is the same as  the one assigned to the modem's
browser interface. I suspect that the same hole exists on the HAR14A,
but I don't have a sample to test. If you have this model (picture: 
http://www.hawkingtech.com/images/productlg/HAR14%20View.jpg), I'd love
to know if it has the same Troubles as the HAR11A.

You can close the security hole from the internet side by using the
"Virtual Host" feature in the modem's browser interface to forward ports
254, 255, and 23 to a nonexistent host (such as "10.0.209.5").  This
still allows access from the firewall side of the modem, however.
The safest thing to do is to put the modem into 'bridge mode' and do 
all your NAT, PPPOE, and security from your linux firewall.

I found out about this hole shortly after getting broadband networking
into my house. When I ran nmap(1) against my home IP address, I
discovered that ports 254,255,and 23 were open, and when I used
telnet(1) to connect to them, I found the management interface described
above. After I doused the fire in my hair, I found that this was unknown
to my ISP's tech support folks.  Hawking Technologies has promised
a patch for 20 October, but I haven't seen it yet on their site. 
You can keep an eye out for it  at http://www.hawkingtech.com. 

If you own one of these modems, you should at least make sure that the
security fix described above is in place. Without it, you could lose
your broadband connection without warning when the modem's power
cycles.  If you do not have got good records of what settings were in
the modem when it was working, you may find it difficult to fix the
problem. 



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ