|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 3566 CVE : CVE-2008-0403 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : Yes Exploit Given : Yes Credit : darkfig Published : 23.01.2008
Advisory Text : ## ## VULNERABILITY: ## ## Belkin Wireless G Plus MIMO Router F5D9230-4 ## Authentication Bypass Vulnerability ## ## ## AUTHOR: ## ## DarkFig < gmdarkfig (at) gmail (dot) com > ## http://acid-root.new.fr/?0:17 ## #acidroot (at) irc.wordlnet (dot) com [email concealed] ## ## ## INTRODUCTION: ## ## I recently bought this router for my local ## network (without modem integrated), now I can tell ## that it was a bad choice. When my ISP disconnects ## me from internet, in the most case I have to reboot ## my Modem and the Router in order to reconnect. ## So I coded a program (which send http packets) to reboot ## my router, it asks me the router password, and reboots it. ## One day I wrote a bad password, but it worked. So I ## decided to make some tests in order to see if there was ## a vulnerability. ## ## ## DESCRIPTION: ## ## Apparently when we the router starts, it create a file ## (without content) named user.conf, then when we go to ## SaveCfgFile.cgi, the configuration is save to the file ## user.conf. But the problem is that we can access ## (and also change) to the file SaveCfgFile.cgi without ## login. ## ## ## PROOF OF CONCEPT: ## ## For example we can get the configuration file here: ## http://<ROUTER_IP>/SaveCfgFile.cgi ## ## pppoe_username=... ## pppoe_password=... ## wl0_pskkey=... ## wl0_key1=... ## mradius_password=... ## mradius_secret=... ## httpd_password=... ## http_passwd=... ## pppoe_passwd=... ## ## ## Tested on the latest firmware for this product ## (version 3.01.53). ## ## ## PATCH ## ## Actually there is no firmware update, but I contacted the ## author, if they'll release a patch, it will be available here: ## http://web.belkin.com/support/download/download.asp ## ?download=F5D9230-4〈=1&mode= ##  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
Multiple Vendors libc/gdtoa printf(3) Array Overrun
SecurityReason realised new advisory about vulnerabilities libc/gdtoa... |
||
| Apache |  |
|
» Apache Tomcat |
||
» Apache Tomcat User |
||
| PHP | |
|
» PHP |
||
- 2009-05-30| Copyright © SecurityReason.com. All Rights Reserved. |