lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20150923233222.193F2E04AC@smtp.hushmail.com> Date: Wed, 23 Sep 2015 19:32:21 -0400 From: 1n3@...hmail.com To: fulldisclosure@...lists.org Subject: [FD] RomPager ShellShock RCE Vulnerability? Gr33tz. I'm disclosing details for a potential 0day RCE vulnerability in a number of common routers which may allow full control of affected devices. I haven't found an existing vulnerability for this and this appears to be a new trend in my ModSecurity logs. Hoping to get some feedback from the community and see if anyone can confirm... After researching RomPager, it appears to be the underlying web server used by a number of common routers which are listed below. VULNERABLE DEVICES: # AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530 TRA# Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G# TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS# ZyXEL ES-2024# ZyXEL Prestige P-2602HW MODSECURITY LOGS: ==> /var/log/apache2/error.log _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists