[Bulk] Re: [Full-disclosure] D-Link DSL routers authentication bypass

[Francesco Orro]

I found this vulnerability for my job last March. I immediately tried to 
contact D-Link since i didn't trust the e-mail for ordinary technical 
support. At the beginning of May I managed to submit to D-Link the 
vulnerability and I received an answer as you find in the advisory.

Bye
Francesco Orro


Luis Peralta wrote:
> On 5/19/05, Francesco Orro <francesco.orro at akhela.com> wrote:
> 
>>====================== SUMMARY ========================
>>
>>  Title: D-Link DSL routers authentication bypass
>>  Date: 19 May 2005
>>  Author: Francesco Orro <francesco.orro 4t akhela.com>
> 
> 
>>=================== DISCLOSURE HISTORY =====================
>>
>> 2 May 2005 - First private release of this advisory;
>> 4 May 2005 - The vendor (D-Link Mediterraneo S.r.l.) has been informed
>>  of the vulnerability;
>> 5 May 2005 - The vendor replid that the problem was resolved on
>>  firmware version V1.00B02T02.EU.20040610, but has been
>>  demostrated that this version is vulnerable too;
>>19 May 2005 - Public release of this advisory.
> 
> 
> Hi,
> 
>  I notified D-Link (soporte at dlink.es) about this issue (I only checked
> it on G604T models) on April 11th. The bug does not only allow to
> download the configuration file, but to completely trojanize the
> device by means of custom firmware uploading. I gave D-Link a two
> month grace period to fix the issue.
> 
>  Regards,
> --
> Luis Peralta
> http://spisa.act.uji.es/~peralta