Full Disclosure mailing list archives
BF and CE vulnerabilities in ASUS RT-G32
From: "MustLive" <mustlive () websecurity com ua>
Date: Mon, 30 Nov 2015 23:51:40 +0200
Hello list! There are Brute Force та Code Execution vulnerabilities in ASUS Wireless Router RT-G32. After previous Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in RT-G32. ------------------------- Affected products: ------------------------- Vulnerable is the next model: ASUS RT-G32 with different versions of firmware. I checked in ASUS RT-G32 with firmware versions 2.0.2.6 and 2.0.3.2. ---------- Details: ---------- Brute Force (WASC-11): http://site There are no protection against BF attacks. Code Execution (OS Commanding) (WASC-31): In section System Command it's possible to execute system commands. The code also can be executed via CSRF attack. http://site/Main_AdmStatus_Content.asp cat /proc/version I found this and other routers in 2014-2015 to take control over terrorists in Crimea, Donetsk and Lugansks regions of Ukraine. Read about it in list (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2015-November/009125.html). I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/7663/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- BF and CE vulnerabilities in ASUS RT-G32 MustLive (Dec 03)