| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <428DC14E.30704@akhela.com> Date: Fri May 20 15:16:29 2005 From: francesco.orro at akhela.com (Francesco Orro) Subject: [Bulk] Re: D-Link DSL routers authentication bypass I found this vulnerability for my job last March. I immediately tried to contact D-Link since i didn't trust the e-mail for ordinary technical support. At the beginning of May I managed to submit to D-Link the vulnerability and I received an answer as you find in the advisory. Bye Francesco Orro Luis Peralta wrote: > On 5/19/05, Francesco Orro <francesco.orro@...ela.com> wrote: > >>====================== SUMMARY ======================== >> >> Title: D-Link DSL routers authentication bypass >> Date: 19 May 2005 >> Author: Francesco Orro <francesco.orro 4t akhela.com> > > >>=================== DISCLOSURE HISTORY ===================== >> >> 2 May 2005 - First private release of this advisory; >> 4 May 2005 - The vendor (D-Link Mediterraneo S.r.l.) has been informed >> of the vulnerability; >> 5 May 2005 - The vendor replid that the problem was resolved on >> firmware version V1.00B02T02.EU.20040610, but has been >> demostrated that this version is vulnerable too; >>19 May 2005 - Public release of this advisory. > > > Hi, > > I notified D-Link (soporte@...nk.es) about this issue (I only checked > it on G604T models) on April 11th. The bug does not only allow to > download the configuration file, but to completely trojanize the > device by means of custom firmware uploading. I gave D-Link a two > month grace period to fix the issue. > > Regards, > -- > Luis Peralta > http://spisa.act.uji.es/~peralta
Powered by blists - more mailing lists