exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New


Posted Oct 16, 2003
Site DigitalPranksters.com

The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.

tags | exploit, denial of service, cgi
SHA-256 | f1c0300dc00e219b8dbc03dbdfde2f6bb99cf9e08b84db923315190b4e59337b


Change Mirror Download
DigitalPranksters Security Advisory

LinkSys EtherFast Router Denial of Service Attack

Risk: Low

Product: Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware

Product URL: http://www.linksys.com/products/product.asp?prid=433

Vendor Contacted: September 9, 2003

Vendor Released Patch: September 26, 2003

DigitalPranksters Public Advisory Released: October 7, 2003

Found By: KrazySnake - krazysnake@digitalpranksters.com

The Linksys BEFSX41 has web-based administration utility at a predictable
default address ( The administration is done through a
series of html forms using the "get" method. The router also has an out of
the box password of "admin".

Under the default configuration the router is only accessible from the
local lan and not the internet. However, an attacker could set up a web
page or send html email to someone inside of the lan to indirectly send
commands to the router.

An attacker could specify a URL that results in denial of service. The
denial of service occurs when long string is sent to the System Log
Viewer's "Log_Page_Num" parameter. The router will be unresponsive after
the URL is visited when logging is enabled.

Proof of Concept:
If an attacker can get the admin of the router to view a URL like, the
router will become inoperable. The link could be set as the source of an
image html tag.

Linksys released an updated firmware to address this issue. This firmware
update is made available by Linksys from

SkippyInside, AngryB, Harmo, HTMLBCat, and Spyder.
Thanks to Linksys for fixing this issue.

Standard disclaimer applies. The opinions expressed in this advisory are
our own and not of any company. The information within this advisory may
change without notice. Use of this information constitutes acceptance for
use in an AS IS condition. There are no warranties with regard to this
information. In no event shall the author be liable for any damages
whatsoever arising out of or in connection with the use or spread of this
information. Any use of this information is at the user's own risk.
Login or Register to add favorites

File Archive:

September 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    2 Files
  • 2
    Sep 2nd
    21 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    17 Files
  • 5
    Sep 5th
    34 Files
  • 6
    Sep 6th
    29 Files
  • 7
    Sep 7th
    11 Files
  • 8
    Sep 8th
    25 Files
  • 9
    Sep 9th
    0 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    26 Files
  • 12
    Sep 12th
    23 Files
  • 13
    Sep 13th
    17 Files
  • 14
    Sep 14th
    22 Files
  • 15
    Sep 15th
    16 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    19 Files
  • 19
    Sep 19th
    60 Files
  • 20
    Sep 20th
    23 Files
  • 21
    Sep 21st
    15 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags


packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By