Am Montag 15 Juni 2009 schrieb Tom Neaves: > Within the "/cgi-bin/" directory of the administrative web interface exists > a > file called "firmwarecfg". This file is used for firmware upgrades. A > HTTP POST > request for this file causes the web server to hang. The web server will > stop > responding to requests and the administrative interface will become > inaccessible > until the router is physically restarted. > > While the router will still continue to function at the network level, i.e. > it will > still respond to ICMP echo requests and issue leases via DHCP, an > administrator will > no longer be able to interact with the administrative web interface. > > This attack can be carried out internally within the network, or over the > Internet > if the administrator has enabled the "Remote Management" feature on the > router.
Don't have such a device for tests, but isn't it possible to exploit this remotely through CSRF even without "Remote Management" option? (i.e. put some javascript on a webpage sending a post request to the default ip of the router?) -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: ha...@hboeck.de http://ausdenaugenausdemsinn.de - Kein Sicherheitsrabatt für CO2-Speicher http://tinyurl.com/dceu73 - Internetzensur stoppen! http://schokokeks.org - professional webhosting
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
