|
GigaFast EE400-R Broadband Router Two Vulnerabilities
|
|
Secunia Advisory:
|
SA14366
|
|
|
Release Date:
|
2005-02-22
|
|
Popularity:
|
5,761 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Unpatched
|
|
| OS: | GigaFast EE400-R Broadband Router
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-0498
CVE-2005-0499
|
|
Description:
Gary H. Jones II has reported two vulnerabilities in GigaFast EE400-R Broadband Router, which can be exploited by malicious people to cause a DoS (Denial of Service) and disclose some sensitive information.
1) The "backup.cfg" configuration file can be accessed directly without any authentication through the HTTP interface. This can be exploited to disclose the administrator's password and some other potentially sensitive configuration settings.
2) An error in the handling of DNS queries can be exploited to cause a vulnerable router to become non-functional by sending some malformed DNS queries.
Successful exploitation requires that the DNS proxy option is enabled.
Solution:
Disable remote administration, filter access to the HTTP interface, and disable the DNS proxy option.
Provided and/or discovered by:
Gary H. Jones II
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
