lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <20150926162125.17794E04A3@smtp.hushmail.com> Date: Sat, 26 Sep 2015 12:21:24 -0400 From: 1n3@...hmail.com To: gauri@....by Cc: fulldisclosure@...lists.org Subject: Re: [FD] RomPager ShellShock RCE Vulnerability? Here is the full ModSecurity log entry. I've also posted full details on my blog here: https://crowdshield.com/blog.php?name=rompager-shellshock-rce-0day MODSECURITY LOGS: ==> /var/log/apache2/error.log in a number of common routers which may allow full control of affected > devices. I haven't found an existing vulnerability for this and this > appears to be a new trend in my ModSecurity logs. Hoping to get some > feedback from the community and see if anyone can confirm... > After researching RomPager, it appears to be the underlying web server > used by a number of common routers which are listed below. > > VULNERABLE DEVICES: > # AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530 TRA# > Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G# > TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS# ZyXEL > ES-2024# ZyXEL Prestige P-2602HW > > MODSECURITY LOGS: > ==> /var/log/apache2/error.log > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists