|
Brought to you by:
Suppliers of:
|
|
|
| |
| The Linksys Instant Broadband EtherFast Cable/DSL Firewall Router with 4-Port Switch/VPN Endpoint is "the perfect solution for connecting a small group of PCs to a high-speed broadband Internet connection or a 10/100 Ethernet backbone". A vulnerability in the product allows remote attackers to cause the server to no longer respond to legitimate requests by sending it an especially malformed request. |
| |
Credit:
The information has been provided by KrazySnake.
|
| |
The Linksys BEFSX41 has web-based administration utility at a predictable default address (http://192.168.1.1). The administration is done through a series of HTML forms using the "GET" method. The router also has an out of the box password of "admin".
Under the default configuration, the router is only accessible from the local LAN and not the Internet. However, an attacker could set up a web page or send HTML email to someone inside of the LAN to indirectly send commands to the router.
An attacker could specify a URL that results in denial of service. The denial of service occurs when long string is sent to the System Log Viewer's "Log_Page_Num" parameter. The router will be unresponsive after the URL is visited when logging is enabled.
Exploit:
If an attacker can get the admin of the router to view a URL like http://192.168.1.1/Group.cgi?Log_Page_Num=1111111111&LogClear=0, the router will become inoperable. The link could be set as the source of an image HTML tag.
Resolution:
Linksys released an updated firmware to address this issue. This firmware update is made available by Linksys from http://www.linksys.com/download/firmware.asp?fwid=172.
|
|
|
|
|
