Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled
(AC66R and RT-N65U are effected as well, but need more testing)
Vulnerabilities:
- Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware
- Full directory traversal and plain text disclosure of all sensit
Vulnerable products : Linksys EA2700, EA3500, E4200, EA4500 using
lighttpd 1.4.28 and Utopia on Linux 2.6.22
Firmware Version: 1.0.14 EA2700
Firmware Version: 1.0.30 EA3500
Firmware Version: 2.0.36 E4200
Firmware Version: 2.0.36 EA4500
Impact: - Major
Timeline: - Still awaiting word back fr
Vulnerable Products -
Zoom X4 ADSL Modem and Router running Nucleus/4.3
UPnP/1.0Virata-EmWeb/R6_2_0 Server All GS Firmware versions
Zoom X5 ADSL Modem and Router running Nucleus/4.3
UPnP/1.0Virata-EmWeb/R6_2_0 Server All GS Firmware versions
Note: A similar vulnerability was reported several year
Note: In June I released a partial disclosure for just the RT-N66U on
the issue of directory traversal. I have only heard back from ASUS a
twice on the issue, and I understand they are working on a fix.
However, no serious attempt to our knowledge has been made to warn
their customers in the meanti
Vulnerable Products -
WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD
WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD
Linux 2.6.3 Kernel
All firmware including the latest Ver. 1.04.16
WD My Net N900 HD Dual Band Router Wireless N WiFi Router Accelera
Vulnerable Products -
WD My Net N600 HD Dual Band Router Wireless N WiFi Router Accelerate HD
WD My Net N750 HD Dual Band Router Wireless N WiFi Router Accelerate HD
Linux 2.6.3 Kernel
Firmware Ver. 1.03.xx 1.04.xx
Firmware unaffected Ver 1.01.xx
WD My Net N900 HD Dual Band Router Wireless N WiFi
-
Vulnerabilities:
An unspecified bug can cause an unsafe/undocumented TCP port to open
allowing for:
- Unauthenticated remote access to all pages of the router
administration GUI, bypassing any credential prompts under ce
Five models of the Zoom Telephonics ADSL Modem/Router line suffer from
multiple critical vulnerabilities, almost all being of a remote access
attack vector.
Models affected:
Zoom X3 ADSL Modem/Router
Zoom X4 ADSL Modem/Router
Zoom X5 ADSL Modem/Router
Zoom ADSL Bridge Modem Model 5715 (1 vulnerabi
ASUS routers, which are enabled with the AiCloud service (SSL ports),
are vulnerable to bypass of authentication and sensitive file
disclosure. This vulnerability has been observed in all firmware
versions, though the latest version increases the complexity of the
attack. By sending a special craft
/Networking/RTAC68U/#support
http://www.idg.no/pcworld/article281004.ece
http://www.thinkbroadband.com/news/6229-new-asus-router-firmware-to-fix-ftp-security-issue.html
http://www.pcworld.com/article/2087180/asus-simplifies-router-configuration-to-protect-external-hard-drives.html
Research Contact - Kyle
Correction: I meant to say 2013, not 2012. I apologize for the error.
On Wed, Feb 12, 2014 at 4:29 PM, kyle Lovett wrote:
> Five ASUS RT series routers suffer from a vendor vulnerability that
> default FTP service to anonymous access, full read/write permissions.
> The service,
il an
official fix is out or vulnerability of the router has been ruled out.
Research Contacts: Kyle Lovett and Matt Claunch
Discovered - July 2013
Updated - February 2014
D-Link's DAP-1320 Wireless Range Extender suffers from both a
directory traversal and a XSS vulnerability on all firmware versions.
(current v. 1.20B07)
-
Directory Traversal
CWE-22:
These items were reported to D-Link on April 20th, and to US Cert on
April 21. D-Link does have patches available for all affected models,
and it is highly recommended to update the device's firmware as soon
as possible.
Vendor Links:
http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10025
http://securityadvisories.dlink.com/security/
Research Contact - Kyle Lovett
May 21, 2014
gui interface mechanisms does an OK job locking down the
masked url front end web calls it makes, the entire backend files
which are being called, can be directly accessed, bypassing the need
to use the GUI interface.
Research Contact: Kyle Lovett
March 29, 2016
-
Timeline:
Vendor notified on 04/01/2017
Fix Complete on 04/06/2017
Disclosure Public 05/21/2017
Contact: Kyle Lovett krlov...@gmail.com
--
URL http://:8001/portal/ username/password nvradmin:nvradmin
An attacker can determine installed applications and attack default
credentials that are not changed upon NAS initialization, which
enables them to compromise end user data or gain root access on the
appliance.
17 matches
Mail list logo