Latest news
Risks
Linksys Cable/DSL Routers Denial of Service Vulnerability
25 November 2002
iDEFENSE Security Advisory 11.19.02a:
http://www.idefense.com/advisory/11.19.02a.txt
Denial of Service Vulnerability in Linksys Cable/DSL Routers
November 19, 2002
I. BACKGROUND
Linksys Group Inc. currently sells several broadband router products, including:
BEFW11S4, Wireless Access Point Router with 4-Port Switch - Version 2
BEFSR11, EtherFast® Cable/DSL Router
BEFSR41, EtherFast® Cable/DSL Router with 4-Port Switch
BEFSRU31, EtherFast® Cable/DSL Router with USB and 3-Port Switch
More information is available at
http://www.linksys.com/products/group.asp?grid=23 .
II. DESCRIPTION
The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 can be crashed when several thousand characters are passed in the password field of the device's web management interface. Exploitation simply requires the use of a web browser that can send long Basic Authentication fields to the affected router's interface.
III. ANALYSIS
Remote exploitation is only possible if the remote web management interface is enabled (this is disabled by default). An attacker on the internal network can access the web management interface by using a web browser and accessing the URL http://192.168.1.1 (default URL).
IV. DETECTION
The BEFW11S4, BEFSR11, BEFSR41, and BEFSRU31 devices with firmware earlier than version 1.43.3 are affected. iDEFENSE confirmed susceptibility on the BEFW11S4. Linksys indicated that the BEFSR11, BEFSR41 and BEFSRU31 are also affected.
V. WORKAROUND
Disable the remote web management interface on the affected router.
VI. RECOVERY
Cycling power through the affected device should restore normal functionality; pressing the "Reset" button on the router is insufficient.
VII. VENDOR FIX
Linksys firmware 1.43.3, which is available at http://www.linksys.com/download/, fixes the problem on all the affected devices.
VIII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project assigned the identification number CAN-2002-1312 to this issue.
IX. DISCLOSURE TIMELINE
11/02/2002 Issue disclosed to iDEFENSE
11/06/2002 Linksys notified (jay.price@linksys.com)
11/11/2002 Linksys response (diana.ying@linksys.com)
11/18/2002 iDEFENSE clients notified
11/19/2002 Public disclosure
X. CREDIT
Alex S. Harasic (aharasic@terra.cl) discovered this vulnerability.
Get paid for security research
http://www.idefense.com/contributor.html
Subscribe to iDEFENSE Advisories:
send email to listserv@idefense.com, subject line: "subscribe"
About iDEFENSE:
iDEFENSE is a global security intelligence company that proactively monitors sources throughout the world — from technical vulnerabilities and hacker profiling to the global spread of viruses and other malicious code. Our security intelligence services provide decision-makers, frontline security professionals and network administrators with timely access to actionable intelligence and decision support on cyber-related threats. For more information, visit http://www.idefense.com.
- -dave
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@idefense.com
www.idefense.com
http://www.idefense.com/advisory/11.19.02a.txt
Denial of Service Vulnerability in Linksys Cable/DSL Routers
November 19, 2002
I. BACKGROUND
Linksys Group Inc. currently sells several broadband router products, including:
BEFW11S4, Wireless Access Point Router with 4-Port Switch - Version 2
BEFSR11, EtherFast® Cable/DSL Router
BEFSR41, EtherFast® Cable/DSL Router with 4-Port Switch
BEFSRU31, EtherFast® Cable/DSL Router with USB and 3-Port Switch
More information is available at
http://www.linksys.com/products/group.asp?grid=23 .
II. DESCRIPTION
The BEFW11S4, BEFSR11, BEFSR41 and BEFSRU31 can be crashed when several thousand characters are passed in the password field of the device's web management interface. Exploitation simply requires the use of a web browser that can send long Basic Authentication fields to the affected router's interface.
III. ANALYSIS
Remote exploitation is only possible if the remote web management interface is enabled (this is disabled by default). An attacker on the internal network can access the web management interface by using a web browser and accessing the URL http://192.168.1.1 (default URL).
IV. DETECTION
The BEFW11S4, BEFSR11, BEFSR41, and BEFSRU31 devices with firmware earlier than version 1.43.3 are affected. iDEFENSE confirmed susceptibility on the BEFW11S4. Linksys indicated that the BEFSR11, BEFSR41 and BEFSRU31 are also affected.
V. WORKAROUND
Disable the remote web management interface on the affected router.
VI. RECOVERY
Cycling power through the affected device should restore normal functionality; pressing the "Reset" button on the router is insufficient.
VII. VENDOR FIX
Linksys firmware 1.43.3, which is available at http://www.linksys.com/download/, fixes the problem on all the affected devices.
VIII. CVE INFORMATION
The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project assigned the identification number CAN-2002-1312 to this issue.
IX. DISCLOSURE TIMELINE
11/02/2002 Issue disclosed to iDEFENSE
11/06/2002 Linksys notified (jay.price@linksys.com)
11/11/2002 Linksys response (diana.ying@linksys.com)
11/18/2002 iDEFENSE clients notified
11/19/2002 Public disclosure
X. CREDIT
Alex S. Harasic (aharasic@terra.cl) discovered this vulnerability.
Get paid for security research
http://www.idefense.com/contributor.html
Subscribe to iDEFENSE Advisories:
send email to listserv@idefense.com, subject line: "subscribe"
About iDEFENSE:
iDEFENSE is a global security intelligence company that proactively monitors sources throughout the world — from technical vulnerabilities and hacker profiling to the global spread of viruses and other malicious code. Our security intelligence services provide decision-makers, frontline security professionals and network administrators with timely access to actionable intelligence and decision support on cyber-related threats. For more information, visit http://www.idefense.com.
- -dave
David Endler, CISSP
Director, Technical Intelligence
iDEFENSE, Inc.
14151 Newbrook Drive
Suite 100
Chantilly, VA 20151
voice: 703-344-2632
fax: 703-961-1071
dendler@idefense.com
www.idefense.com
Spotlight
A closer look at Mega cloud storage
Posted on 21 May 2013. | Once a novelty, nowadays many cloud storage services are fighting for their piece of the market in the virtual world. Mega offers 50GB of free space with great pricing on Pro accounts.
The CSO perspective on healthcare security and compliance
Posted on 20 May 2013. | Randall Gamby is the CSO of the Medicaid Information Service Center of New York. In this interview he discusses healthcare security and compliance challenges and offers a variety of tips.
Cyber espionage campaign uses professionally-made malware
Posted on 20 May 2013. | A massive cyber espionage campaign has been hitting government ministries, IT companies, academic research institutions, and more.
Ransomware adds password stealing to its arsenal
Posted on 17 May 2013. | Microsoft researchers are warning about a new variant of the well-known Reveton ransomware doing rounds.
IT security jobs: What's in demand and how to meet it
Posted on 15 May 2013. | Let's say you want a career in information security, where do you start? What credentials do you need? What are employers looking for? Read on to find some answers.
Daily digest
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
Weekly newsletter
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.
 |
