Here is the full ModSecurity log entry. I've also posted full details on my blog here: https://crowdshield.com/blog.php?name=rompager-shellshock-rce-0day MODSECURITY LOGS: ==> /var/log/apache2/error.log in a number of common routers which may allow full control of affected > devices. I haven't found an existing vulnerability for this and this > appears to be a new trend in my ModSecurity logs. Hoping to get some > feedback from the community and see if anyone can confirm... > After researching RomPager, it appears to be the underlying web server > used by a number of common routers which are listed below. > > VULNERABLE DEVICES: > # AirLive WT-2000ARM# D-Link DSL-2640R# Huawei 520 HG# Huawei 530 TRA# > Pentagram Cerberus P 6331-42# TP-Link TD-8816# TP-Link TD-W8901G# > TP-Link TD-W8951ND# TP-Link TD-W8961ND# ZTE ZXV10 W300# ZynOS# ZyXEL > ES-2024# ZyXEL Prestige P-2602HW > > MODSECURITY LOGS: > ==> /var/log/apache2/error.log > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
