[<prev] [next>] [day] [month] [year] [list]
Message-ID: <006d01ccb83b$c1ae2b20$9b7a6fd5@ml>
Date: Sun, 11 Dec 2011 21:32:55 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: "p8x" <l@....net>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Vulnerabilities in ADSL modem Callisto 821+
Hello p8x!
First off all, no need for sarcasm concerning vulnerabilities ;-).
Secondly, concerning these particular holes.
These Predictable Resource Location, Brute Force and Cross-Site Request
Forgery vulnerabilities, mentioned in my advisory, which I've found in Iskra
Callisto 821+, are just few from large amount of holes in this device. Which
I've found and already disclosed (I've also posted them to FD mailing list
just after these holes). It was just the first advisory in the series.
The fact that some vulnerability, like BF, exists in other network devices
with web admin panel (such as modems, routers, etc.) doesn't mean that
nobody should find them, inform developers and disclose them to public. As
with BF holes in web applications (which is very widespread among webapps
with admin panels), as with any other class of vulnerabilities. People
should find, inform and disclose them.
And when you talking about consumer modems (like any other network devices),
then no need to say that "they all are vulnerable to this" (all have this
issue), until you find this hole (holes) exactly in all of these devices,
and there are hundreds and thousands of them. It's only your assumption, and
assumptions shouldn't be used in advisories (it is desirable), but only
concrete facts about concrete holes in concrete software or hardware.
Besides, there can be devices, which can not have some of the holes, existed
in Iskra modems. E.g. concerning Predictable Resource Location holes in
devices, then there are new D-Link devices, in which developer tried to fix
this issue. As all developers should fix their holes in their devices (and
D-Link showed one possible solution).
When I'll post a series of advisories about vulnerabilities in D-Link
devices, I'll tell about method which D-Link uses to prevent issue with
default passwords and which mistakes they did in implementation, which they
need to fix, to make this solution reliable.
> Why cherry pick one particular vendor?
Because I have device of this particular vendor. Which I've checked.
When I'll be checking devices of other vendors, then there will be new
advisories. E.g. beside this device (Callisto 821+), in April, November and
December I've checked other devices, and I've already published many
advisories at my site and soon I'd post them to the list.
> A quick look shows that the emails have slightly different content
Yes, these were multiple advisories about multiple vulnerabilities in Iskra
Callisto 821+. I've found hundreds of holes in that ADSL modem and split
them into series of advisories (with multiple holes per advisory) - for
better reading by people. Didn't want to overload anyone with single
advisory with megabytes of plain text with hundreds of vulnerabilities.
> and he is just spamming the list.
No, man, I'm not. When trolls writing nonsense letters to the list - it can
be called as spamming, but when people informing about vulnerabilities, then
it's different thing.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
----- Original Message -----
From: "p8x" <l@....net>
To: "MustLive" <mustlive@...security.com.ua>
Sent: Monday, May 30, 2011 5:26 PM
Subject: Re: [Full-disclosure] Vulnerabilities in ADSL modem Callisto 821+
> Its not like this "Vulnerability" exists in any other consumer modem is it
> (eg. DLINK, Netgeat, Billion, Asus, the list goes on).
>
> </sarcasm>
>
> Why cherry pick one particular vendor?
>
> On 30/05/2011 11:18 PM, MustLive wrote:
>> Hello list!
>>
>> I want to warn you about security vulnerabilities in ADSL modem Callisto
>> 821+ (SI2000 Callisto821+ Router). These are Predictable Resource
>> Location and Brute Force vulnerabilities.
>>
>> SecurityVulns ID: 11700.
>>
>> -------------------------
>> Affected products:
>> -------------------------
>>
>> Vulnerable is the next model: SI2000 Callisto821+ Router: X7821 Annex A
>> v1.0.0.0 / Argon 4x1 CSP v1.0 (ISOS 9.0) [4.3.4-5.1]. This model with
>> other firmware and also other models of Callisto also must be vulnerable.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists