Vigilante Advisory #7 - A malicious user can crash an Intel Express 550F or a host behind it by sending a packet with a malformed header. To restart the box you need remove it from it's power source as the reset button loses functionality as well. Affected systems: Intel Express Switch 550F - Firmware version 2.63 - Firmware version 2.64.
e5543dcadd99ee203a752f663a687366bd68f30736388f7036df6793e11c9e4ciDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in the 'restore.cgi' component of Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'POST' method of restore.cgi handler. The httpd running on the internal interfaces, including by default the wireless interface, does not check if authentication has failed until after data supplied by an external user has been processed. The restore.cgi handler allows a user to upload a new configuration into the non-volatile memory of the router. If the user is authenticated, the router will then restart, and the new configuration will be loaded. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G wireless router, and has identified the same code is present in versions 3.03.6 and 4.00.7. All versions prior to 4.20.7 may be affected.
b2ccc83517cfa13503d821a0d345d4c9efc278517875dc3388bbde7b3000125diDEFENSE Security Advisory 09.13.05 - Remote exploitation of a design error in multiple versions of the firmware for Cisco Systems Inc.'s Linksys WRT54G wireless router may allow unauthenticated modification of the router configuration. The vulnerability specifically exists in the 'ezconfig.asp' handler of the httpd running on the internal interfaces, including by default the wireless interface. This handler is used by the 'ezSetup' to perform the initial setup of the router. iDEFENSE has confirmed the existence of this vulnerability in version 3.01.03 of the firmware of the Linksys WRT54G, and has identified the same code is present in version 3.03.6. Version 2.04.4 of the WRT54G is confirmed to contain the affected code, however by default it initializes the authentication details, and so requires a password to set the configuration.
8678dca399143546a683fdfe6d05848911d3e816349bba43699a6387814c6f22The Barracuda Spam Firewall Appliance firmware versions 3.1.17 and below suffer from directory traversal, remote command execution, and password retrieval vulnerabilities.
42ec53e2eb500afc8a902f37140fda794ff5018657eb32d4ce443924ae4d2560It appears that firmware version 4.50.6 for the Linksys WRT54GS (hardware version 1) wireless router allows wireless clients to connect and use the network without actually authenticating.
96e8d0b366b9a6d9eb3a34c25b308ab8fed0342424a224e57d4430f08f3e689bNth Dimension Security Advisory (NDSA20050719) - Mentor's ADSL-FR4II router, firmware version 2.00.0111 2004.04.09, is susceptible to unauthenticated administrative access, downloading of configuration files with the system password, and denial of service attacks.
0f83b740a762a56491cbed35335983e8fef2cbc2304efae7c7441605de1e61aeLocal user input handling vulnerabilities exist in WCI's TC-IDE Embedded Linux prior to v1.54 which allow local users with access to the tools provided with the system to spawn a root console, gaining full control over the running Linux operating system. In corporate environments where this product is being used, such vulnerabilities could cause disastrous effects, all users are encouraged to update to the latest firmware ASAP.
46d3aa11e83ba80562e7262440809b13893d555f6f58bc2ca80b55ac4797533eSecunia Security Advisory - Lyndon Dubeau has reported a security issue in NetGear FWAG114 ProSafe Dual Band Wireless VPN Firewall, which can be exploited by malicious people to read or manipulate configuration information. The problem is that it is not possible to disable the SNMP service nor change the default SNMP community strings. The problem has been reported in firmware release 1.0.26RC4. Other versions may also be affected.
ce8088360acd36d27b92b5320bc300140c19379438b86e163025f5ac775e72bcWhen powering off the Micronet Wireless Broadband Router, Model Number SP916BM, the admin password gets set back to admin. Here's the kicker: in order to change the password you must know what the administrative password was set to prior to the power off. Upgrade to firmware 1.9 to fix this.
e11542d2578735dc297e764e674a65cc9614bb6b9f43c8814372598c9f6eff29The firmware of Motorola's wireless WR850G router has a flaw that enables an attacker to log into the router's web interface without knowing username or password and the ability to gain knowledge of the router's username and password after logging in.
53a21852c0242beeb54ba7eefa07e509f4a3ca8e3fb4efdc7230f7b036ceeeb4eSeSIX Thintune with a firmware equal to or below 2.4.38 is susceptible to multiple vulnerabilities. These include having a backdoored service on a high port with an embedded password giving a remote root shell, various other passwords being stored locally in clear text, and a local root shell vulnerability.
c7d6d010b7722058b4e87e183838984d6663484de3c895b5781af6297637e073Whitepaper on hardening Mac OS X. The paper includes a very brief introduction to the firmware, descriptions of hardening using both GUI and command-line interface.
4688e86aba49b64aea66c1e41de872c1d5fbe4833debe6b75fc948a9e68ed20cIt has been reported that a vulnerability exists in DNS One, potentially allowing malicious people to conduct script insertion attacks. The problem is that input supplied to the HOSTNAME and CLIENTID parameters in a valid DHCP request are logged unfiltered, allowing arbitrary HTML and script code to be embedded. Successful exploitation allows code execution in an administrative user's browser in context of the affected site when the report / log is viewed. Reportedly, firmware version 2.4.0-8 and 2.4.0-8A and prior are affected.
834a3a0d683b2f180754f7d96f8cbc06c96db82fa7ecf2da5fe00ff2985869abEdimax 7205APL with a firmware of 2.40a-00 has a huge flaw where a guest account is hard-coded into the firmware allowing anyone to perform a backup with the same privileges of the administrator.
819184677465c2c8b615fa02029e918e3a745193ddc406e52a03e02353079da1USR Robotics Broadband Router 8003 has a flawed password checking functionality where the password is first verified by a javascript function that has the real administrator password embedded and easily viewable in the source code, allowing any malicious remote attacker to take full control of the device. Tested against firmware v1.04 08. USR Robotics has claimed the problem is not that serious and has not taken any steps to remedy the situation.
9355223364a226a9678e3b296d0cdc281938db1b9412641fba0392b38c8c4485iDEFENSE Security Advisory 05.26.04: Remote exploitation of a buffer overflow in firmware release 1.1.9.4 of 3Com's OfficeConnect Remote 812 ADSL Router could allow a denial of service. By sending a specially formed long string to the telnet port of a vulnerable device containing Telnet escape sequences, it is possible to get it to either reboot or stop handling packets. If the device does not reboot spontaneously, it will require a manual reboot before continuing normal operation.
02eabd38499d8724a5f09a1c30c54ba23979a167fff06c240818836ce07ce693SonicWall Firewall/VPN appliances with a firmware revision of 6.5.0.4 or below are vulnerable to denial of service attacks, arp flooding, and network mapping.
5afceb8d554b712bc100cf66fbfdd59b1cd755eb6ffd70f786dc79e5d8d57d0cGigabyte Broadband Router version Gn-B46B with firmware version 1.003.00 is vulnerable to a remote authorization bypass.
e3149a74a9c9b81c93c795bacc90d54e97eece5c31f0f9a3dd7a8c272d3b6b3fnCipher Security Advisory No. 9 - On certain models and firmware combinations, an attacker who is able to issue commands to an HSM may be able to access secret data stored in the module, including critical application keys.
071a6375bd388973a762bfda42b19fa6b55931c003c9e7b6bbc847b7f457b7e1Sending a blank GET request to a Linksys WRT54G v1.0 (firmware v 1.42.3) router results in a denial of service.
986a4c9134cb217705aa68dacd125d9dff813dac0af519f895c98449cde6ce59The Linksys EtherFast Cable/DSL Firewall Router BEFSX41 (Firmware 1.44.3) is susceptible to a denial of service attack when a long string is sent to the Log_Page_Num parameter of the Group.cgi script.
f1c0300dc00e219b8dbc03dbdfde2f6bb99cf9e08b84db923315190b4e59337bThe D-Link 704p router with firmware version 2.70 is susceptible to multiple denial of service attacks via excessively populated URLs.
259dfe21c118eba6461f050b76150dcde4b4c110bda548460ad171c05429eaeaVigilante Advisory 2003002 - A flaw in firmware version 12.2(4)JA and earlier of the Cisco Aironet 1100 series allows a malicious remote user to discover which accounts are valid on the targeted Cisco Aironet Access Point by using classical brute force techniques. Exploitation of this flaw is possible if the telnet service is enabled with authentication.
dd1081c4783f7f655e1c47afb23551054a850f7af1193270e29c559513a42be0D-Link routers with a firmware of 2.70 and below are vulnerable to a denial of service vulnerability providing the attacker has the ability to see the internal interface on the router. Sending a malformed URL to the syslog script will caused a DNS query. Multitudes of this query can result in a DoS and other odd forms of behavior.
802c81b31a6ec34d42defd9d16029f1790493faf92d67f06228dcf953950b333Watchguard Firebox Dynamic VPN Configuration Protocol Denial of Service - Malicious users can crash the Dynamic VPN Configuration Protocol service (DVCP) by sending a malformed packet to the listener service on TCP port 4110. Watchguard Firebox firmware v5.x.x is vulnerable.
f7fefdb893755ef161385dc353bea35abe34c677710fe9ef1b8f81eb0e3212b7NetGear RO318 HTTP Filter Advisory - The firmware does not check URL's well enough and will send out restricted content if given a malformed URL. Includes perl exploit.
6e07fabd2f010c02fcaec5a1372c9f6341cee8b1bd9566de7cbd913ccf7a0bbc
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed