Bugtraq mailing list archives
Re: FlowPoint DSL router vulnerability
From: budke () BUDKE COM (Eric Budke)
Date: Tue, 10 Aug 1999 07:19:33 -0400
At 12:07 PM 8/7/99 -0400, Scott Drassinower wrote:
It involves a bug that allows a password recovery feature to be utilized from the LAN or WAN instead of just the serial console port. Basically, throwing enough 6 digit numbers at a pre-3.0.8 router will allow you to get access to the box to do whatever you want. It appears as if the problem started in 3.0.4, but I am not totally certain about that.
So the vulnerability is essentially a brute force against telnet/snmp? Assuming you filter those out, is there another way of accessing?
-- Scott M. Drassinower scottd () cloud9 net Cloud 9 Consulting, Inc. White Plains, NY +1 914 696-4000 http://www.cloud9.net On Thu, 5 Aug 1999, Matt wrote:The following URL contains information about a firmware upgrade for FlowPoint DSL routers that fixes a possible "security compromise". FlowPoint has chosen not to release ANY information whatsoever about the vulnerability. I was curious if anyone had any more information about this vulnerability than what FlowPoint is divulging. http://www.flowpoint.com/support/techbulletin/sec308.htm thnx -- I'm not nice, I'm vicious--it's the secret of my charm.
-- PGP Key can be found at http://www.panix.com/~budke/pgp/budke_budke_com.txt
Current thread:
- FlowPoint DSL router vulnerability Matt (Aug 05)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 07)
- <Possible follow-ups>
- Re: FlowPoint DSL router vulnerability Chris Shenton (Aug 06)
- Re: FlowPoint DSL router vulnerability Eric Budke (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)
- Re: FlowPoint DSL router vulnerability Peter Radcliffe (Aug 10)
- Re: FlowPoint DSL router vulnerability Chris J Burris (Aug 10)
- Re: FlowPoint DSL router vulnerability shusaku (Aug 10)
- Re: FlowPoint DSL router vulnerability Scott Drassinower (Aug 10)