|
|
|
|
| |
| Phoenix Sistemi Security reports several security problems in ELSA Lancom 1100 Office. An attacker can steal the RAS password, change routing tables, and place a modified firmware to sniff data. |
| |
Credit:
The information has been provided by Davide Del Vecchio.
|
| |
Vulnerable systems:
ELSA Lancom 1100 Office
ELSA Lancom 1100 Office has to be configured by browser on an HTTP connection over port 80 on the router IP. An intruder can connect with a browser to the router ip (Intranet or Internet) and change the routing tables or steal the RAS password that is stored in a field covered with asterisks. The passwords are stored in clear text and can be seen by editing the html source.
That is not all; the upgrade of the firmware could be done remotely just going in its appropriate page placed in the configuration table, and an attacker can upgrade a customized firmware that will sniff all the data passing by the router.
Solutions & Recommendations:
Changing the configuration port is a good idea to prevent random attacks. Another good idea would be to give access privileges to first-time configuration just to an internal ip addresses. The RAS password should be stored in a file different from the html, or that part of configuration could be done with a JavaScript.
An easy user-side solution could be to install a firewall with appropriate rules, so that no one from the Internet would have access to it.
|
|
|
|
|
|
|
|
|
|
