Wednesday, March 19, 2008 8:25 AM
cmosby
Belkin Wireless G Router Security Bypass and Denial of Service - Advisories - Secunia
Belkin Wireless G Router Security Bypass and Denial of Service
Secunia Advisory:
SA29345
Release Date:
2008-03-19
Critical:
Less critical
Impact:
Security Bypass
DoS
Where:
From local network
Solution Status:
Unpatched
OS:
Belkin Wireless G Router
CVE reference:
CVE-2008-1242 (Secunia mirror)
CVE-2008-1244 (Secunia mirror)
CVE-2008-1245 (Secunia mirror)
Description:
Some security issues and a vulnerability have been reported in the Belkin Wireless G Router, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service).
1) An error in the implementation of authenticated sessions can be exploited to gain access to the router's control panel by establishing a session from a previously authenticated IP address.
2) An error exists within the enforcing of permissions in cgi-bin/setup_dns.exe. This can be exploited to perform restricted administrative actions by directly accessing the vulnerable script.
3) An error exists in the cgi-bin/setup_virtualserver.exe script when processing HTTP POST data. This can be exploited to deny further administrative access to an affected device via specially a crafted HTTP POST request with a "Connection: Keep-Alive" header.
The security issues and the vulnerability are reported in model F5D7230-4, firmware version 9.01.10. Other versions may also be affected.
Solution:
Restrict network access to the router's web interface.
Provided and/or discovered by:
loftgaia
Original Advisory:
http://www.gnucitizen.org/projects/router-hacking-challenge/
Source: Belkin Wireless G Router Security Bypass and Denial of Service - Advisories - Secunia
Filed under: Patch Management, Internet Applications, Security, Software Vulnerabilites