|
 |
|
Belkin Wireless G Router Security Bypass and Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA29345
|
|
|
Release Date:
|
2008-03-19
|
|
Last Update:
|
2008-03-31
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Security Bypass
DoS
|
|
Where:
|
From local network
|
|
Solution Status:
|
Vendor Workaround
|
|
| OS: | Belkin Wireless G Router
|
|
| | CVE reference: | CVE-2008-1242 (Secunia mirror)
CVE-2008-1244 (Secunia mirror)
CVE-2008-1245 (Secunia mirror)
|
|
|
|
|
|
Description:
Some security issues and a vulnerability have been reported in the Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
1) An error in the implementation of authenticated sessions can be exploited to gain access to the router's control panel by establishing a session from a previously authenticated IP address.
2) An error exists within the enforcing of permissions in cgi-bin/setup_dns.exe. This can be exploited to perform restricted administrative actions by directly accessing the vulnerable script.
3) An error exists in the cgi-bin/setup_virtualserver.exe script when processing HTTP POST data. This can be exploited to deny further administrative access to an affected device via specially a crafted HTTP POST request with a "Connection: Keep-Alive" header.
The security issues and the vulnerability are reported in model F5D7230-4, firmware version 9.01.10. Other versions may also be affected.
Solution:
The vendor has made available a pre-release firmware version for vulnerability #2 and is reportedly working on a fix for vulnerability #3.
http://www.belkin.com/uk/support/arti...id=F5D7230uk4&aid=9080&scid=0
Provided and/or discovered by:
loftgaia
Changelog:
2008-03-31: Updated "Solution" section.
Original Advisory:
http://www.gnucitizen.org/projects/router-hacking-challenge/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
1 Related Secunia Security Advisories
|
|
|
1. Belkin Wireless G Router Web Management Authentication Bypass
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
