Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

ECI router login bypass

from [D .] Network Security [Permanent Link]
Subject: ECI router login bypass
Date: Sun, 24 Jul 2005 12:00:34 +0200 
Title:  ECI router verification bypass and DoS
Date:   24/07/2005
Impact: Log in verification bypass
Vendors Status: Not contacted (they were mean to me)

Overview:

The B-FOCuS Router 312+ provides users with a reliable and secured
ADSL2+ connection to the Internet. The 312+ has a single Ethernet port
10/100 and can support either a single computer or multiple computers
sharing a single ADSL2+ line when connecting to a switch. The router's
internal stateful inspection firewall protects the user's PC from
hackers and unwelcome intrusions.
(Tested on B-FOCuS Router 312+ presumably works on all eci routers\products)

Vulnerability:

By default the eci router has a management interface available via http
The interface is protected by a log in screen
This screen can be easily bypassed by accessing the firmwarecfg page
in the unprotected cgi-bin directory
the page provides a way of downloading the routers current settings
including connection passwords and management passowrds
in plaintext
also this page provides a means to reset the modem thus executing a
denial a service attack by making the modem reset constantly
furthermore the page provides facilities to upload new firmware

Affected Version:

All ECI routers
Tested on ECI B-FOCuS Router 312+

PoC:
http://10.0.0.138/cgi-bin/firmwarecfg

Credits:

Credits for this vulnerability goes to D 
D.is.evil[-A-t-]gmail.com

Comments:
Seeking work (in Israel)
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • ECI router login bypass, D . <=
Previous by Date:  PHP FirstPost remote file include vulnerability, gb . network
Next by Date:  Chroot Security Group Advisory 2005-07-25 -- ftplocate, [at]
Previous by Thread:  PHP FirstPost remote file include vulnerability, gb . network
Next by Thread:  Chroot Security Group Advisory 2005-07-25 -- ftplocate, [at]
Indexes:  [Date] [Thread] [Top] [All Lists]