Secunia Security Advisory - Bboyhacks has reported some vulnerabilities in Axesstel AXW-D800, which can be exploited by malicious people to bypass certain security restrictions.
76eb7199ff8eef0c3a33f0c82fbb542495bd5dc75ec313d4ea6bd57bdf2e3901
----------------------------------------------------------------------
Want a new job?
http://secunia.com/secunia_security_specialist/
http://secunia.com/hardcore_disassembler_and_reverse_engineer/
International Partner Manager - Project Sales in the IT-Security
Industry:
http://corporate.secunia.com/about_secunia/64/
----------------------------------------------------------------------
TITLE:
Axesstel AXW-D800 Authentication Bypass Vulnerabilities
SECUNIA ADVISORY ID:
SA31285
VERIFY ADVISORY:
http://secunia.com/advisories/31285/
CRITICAL:
Less critical
IMPACT:
Security Bypass
WHERE:
>From local network
OPERATING SYSTEM:
Axesstel AXW-D800
http://secunia.com/product/19402/
DESCRIPTION:
Bboyhacks has reported some vulnerabilities in Axesstel AXW-D800,
which can be exploited by malicious people to bypass certain security
restrictions.
The vulnerabilities are caused due to the device allowing
unrestricted access to the etc/config/System.html,
etc/config/Network.html, etc/config/Security.html,
cgi-bin/sysconf.cgi, and cgi-bin/route.cgi files. This can be
exploited to potentially alter various configuration options by
directly accessing the affected files via the web interface.
The vulnerabilities are reported in firmware version
D2_ETH_109_01_VEBR Jun-14-2006. Other versions may also be affected.
SOLUTION:
Restrict access to trusted users only.
PROVIDED AND/OR DISCOVERED BY:
Bboyhacks
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------