Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Gigafast/CompUSA router (model EE400-R) vulnerabilities

from [Gary H. Jones II] Network Security [Permanent Link]
Subject: Gigafast/CompUSA router (model EE400-R) vulnerabilities
Date: Sat, 19 Feb 2005 20:57:25 -0500 
This router is/was widely sold in CompUSA stores. It is a Gigafast router,
re-branded as a CompUSA router.

All firmware versions are affected.
When reported to the manufacturer on 5/13/04, I had received a response
stating that the information would be passed on to firmware developer.
Almost a year has passed and no fix is currently available.

Bug #1
The router has a login page; however, this may easily be bypassed.  If one
was to make a request to http://ROUTER/backup.cfg, it would contain some of
the routers preferences, including the administrator password in plain-text.

Anyone may access this file on the LAN by default.  If remote administration
is enabled, any individual on the internet would be able to download this
configuration file and see the administrator password.

Bug #2
If the DNS proxy option is turned on, it is possible to interrupt
connectivity by sending malformed DNS queries. Once the router receives the
malformed DNS queries, it will not work until a cold boot has been
performed. This bug can only be produced within the LAN.

-----------------------------------------------------
Gary H. Jones II
PointBlankSecurity.com



-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.1 (MingW32) - WinPT 0.7.96rc1

mIsEQfFmagEEANqJwfxGkm69Mb8bEalnXw5W4FrwEsa6CZHBRfSWV2LaJ2kT3pVh
ed4E8Ge9VV/vjCSbEcNrwwrrWklCBzlm9+MUeSOjIWtmScxhC1gNZuieEdH1G2VK
f+30cypHn7nVKdd6NfxbceQUyDJ1/6xltHoDtQKYA0Y8Mev3kt78rqo/AAYptC1H
YXJ5IEggSm9uZXMgSUkgPGdhcnlAcG9pbnRibGFua3NlY3VyaXR5LmNvbT6IsgQT
AQIAHAUCQfFmagIbAwQLBwMCAxUCAwMWAgECHgECF4AACgkQ+snYOPAe5vYwrgQA
npV1QcELTeISYnD2/fX6b9tNaRet5RGPcZ7hAYiVRpCpDHzriJOGuOnTbLfX0vW3
EDs7YMtLZQmn/gAvK7wH5/EKrkVt3BrZUFaglPIH0Dk3Otsx4AGIfrFJlD2hOcO8
/QGgYEix8plsKtz3kAu8MvO0o2axV7GnuMyPHvJJap0=
=SZ3h
-----END PGP PUBLIC KEY BLOCK-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Gigafast/CompUSA router (model EE400-R) vulnerabilities, Gary H. Jones II <=
Previous by Date:  Re: Knox Arkeia remote root/system exploit, H D Moore
Next by Date:  ADP Elite System Max 9000 Series Login Vulnerability, rootfiend
Previous by Thread:  Arkeia Network Backup Client Remote Access, H D Moore
Next by Thread:  ADP Elite System Max 9000 Series Login Vulnerability, rootfiend
Indexes:  [Date] [Thread] [Top] [All Lists]