[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20150923233222.193F2E04AC@smtp.hushmail.com>
Date: Wed, 23 Sep 2015 19:32:21 -0400
From: 1n3@...hmail.com
To: fulldisclosure@...lists.org
Subject: [FD] RomPager ShellShock RCE Vulnerability?
Gr33tz. I'm disclosing details for a potential 0day RCE vulnerability
in a number of common routers which may allow full control of affected
devices. I haven't found an existing vulnerability for this and this
appears to be a new trend in my ModSecurity logs. Hoping to get some
feedback from the community and see if anyone can confirm...
After researching RomPager, it appears to be the underlying web server
used by a number of common routers which are listed below.
VULNERABLE DEVICES:
# AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530 TRA#
Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G#
TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS# ZyXEL
ES-2024# ZyXEL Prestige P-2602HW
MODSECURITY LOGS:
==> /var/log/apache2/error.log
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists